Checklist for enrolling
Symantec Endpoint Protection Manager
domains and
Symantec Endpoint Protection
clients

Make sure to check the system requirements for your
Symantec Endpoint Protection Manager
version.
Symantec Endpoint Protection Manager
configurations
Other
Symantec Endpoint Protection Manager
configurations
Configuration
Link
Allowed URLs
The following URLs must be allowed to access the Internet through proxies, firewalls, an SSL Visibility Appliance (SSLVA), or any other networking devices in your environment.
Check proxy setup for
Symantec Endpoint Protection Manager
communication to the cloud
If the
Symantec Endpoint Protection Manager
communicates over a proxy with the cloud console, then you must configure the system level proxy,
WinHttp
.
The following proxy configurations are supported for the
Symantec Endpoint Protection Manager
Bridge:
  • WinHTTP and WinINet, without authentication
  • WinHTTP and WinINet, with digest authentication
The following are not supported: Basic, NTLM, or Kerberos authentication for WinHTTP and WinINet.
Assign full rights to critical registry keys and directories
If the
Symantec Endpoint Protection Manager
operating system is Windows 2008-based, then make sure that the Network Service account has access to the folders and critical registry keys.
Manually add the Network Service account to these items and assign full rights: Installation of Endpoint Protection Manager Bridge fails and rolls back
Install root certificates
Add root certificates to the
Symantec Endpoint Protection Manager
Local Computer \Trusted Root Certification Authorities.
If the root certificates of the mentioned sites are not added, the
Symantec Endpoint Protection Manager
cannot connect to the cloud console.
Check communication ports
Symantec Endpoint Protection Manager
communication ports
Endpoint Security
bridge services on operating systems earlier than Windows Server 2008 R2 or Windows 7 uses the Network Service for which the default domain policies include privileges.
You should ensure that any security policies that apply to the Endpoint Protection Bridge computer do not have the Network Service removed. Bridge services are installed under the virtual accounts if the operating system is later than Windows 2008.
Symantec Endpoint Protection
client configurations
Symantec Endpoint Protection
client configuration
Configuration
Link
Check proxy setup for client communication to the cloud
  • llow URLs for communication if you use proxies in your environment.
Setting up WinHttp proxy
For successful enrollment, configure the system-level WinHttp proxy.
Setting up WinInet proxy
For successful enrollment, configure WinInet proxy.