Symantec Protection Center 2 1 User Guide EN

Symantec™ Protection Center
2.1 User Guide

Symantec™ Protection Center 2.1 User Guide
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Legal Notice
Copyright © 2011 Symantec Corporation. All rights reserved.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Section 1 Protection Center Overview .................................... 9

Chapter 1 Introducing Protection Center .......................................... 11
About Protection Center ................................................................ 11
How Protection Center works ......................................................... 12
Where to get more information about Protection Center ..................... 12
Chapter 2 Getting started using Protection Center ........................ 15

Getting started with Protection Center ............................................. 15
Accessing Protection Center ........................................................... 16
Performing the initial setup of Protection Center ............................... 18
Changing your user account password ............................................. 19
Logging out of Protection Center ..................................................... 19
Section 2 Setup and Administration ...................................... 21

Chapter 3 Introduction to Protection Center
administration ............................................................... 23
Performing Protection Center administration tasks ............................ 23

About auditing Protection Center administration ............................... 25
Viewing the security audit logs ....................................................... 27
About Protection Center business analytics ....................................... 28
Shutting down or restarting Protection Center .................................. 28
Chapter 4 Working with Protection Center supported

products .......................................................................... 31
About supported products ............................................................. 31
Integrating supported products ...................................................... 32
Adding a supported product to Protection Center ............................... 33
Required supported product host settings ......................................... 34
Advanced supported product host settings ....................................... 35
Discovering supported products on your network .............................. 36
About managing supported products ............................................... 37
4 Contents
Enabling a supported product ......................................................... 38

Disabling a supported product ........................................................ 39
Re-enabling a disconnected product ................................................ 40
Chapter 5 Managing Protection Center user accounts .................. 43

About Protection Center user accounts ............................................. 44
About the SPC_Admin account ....................................................... 45
Setting up Protection Center user accounts ....................................... 45
Using an Active Directory or LDAP server for user account
authentication ....................................................................... 46
Active Directory and LDAP server settings .................................. 47
Specifying the Base DN ........................................................... 48
Specifying the user search filter ................................................ 49
Protection Center user account management options .......................... 50
Creating a Protection Center user account ........................................ 51
Modifying a Protection Center user account ...................................... 53
Protection Center user account authentication types .......................... 54
Protection Center (local) user authentication settings ......................... 55
Active Directory and LDAP authentication settings ............................ 56
Protection Center user account permissions settings .......................... 57
Protection Center user account permissions ...................................... 58
Supported product access permission settings ................................... 61
Deleting a Protection Center user account ........................................ 62
Chapter 6 Managing Protection Center software updates ............ 63

About Protection Center software updates ........................................ 63
Managing Protection Center software updates ................................... 64
Specifying the LiveUpdate server to use ........................................... 66
LiveUpdate settings ...................................................................... 66
Chapter 7 Backing up and recovering Protection Center .............. 69

About Protection Center backup and recovery ................................... 69
Scheduling automatic backups ....................................................... 71
Running a backup on demand ......................................................... 71
Backup settings ........................................................................... 72
Restoring Protection Center ........................................................... 74
Creating the Symantec Recovery Disk .............................................. 77
Testing the Symantec Recovery Disk ............................................... 77
Contents 5
Chapter 8 Configuring Protection Center settings .......................... 79

Protection Center configuration settings .......................................... 79
Accessing the Protection Center configuration settings ....................... 82
Community statistics settings ........................................................ 82
Date and time settings .................................................................. 83
Email settings ............................................................................. 83
Message logging settings ............................................................... 85
Network configuration settings ...................................................... 85
Proxy server settings .................................................................... 86
Purge settings ............................................................................. 87
Chapter 9 Managing Protection Center Web interface security

certificates ...................................................................... 91
About managing Protection Center Web interface security
certificates ............................................................................ 91
Protection Center Web interface security certificate settings ............... 92
Exporting a copy of the Protection Center Web interface security
certificate ............................................................................. 93
Creating a certificate signing request (CSR) ....................................... 95
Importing a certificate into Protection Center ................................... 97
Creating and applying a self-signed certificate ................................... 99
Chapter 10 Using the Protection Center control panel ................... 101

Protection Center control panel options .......................................... 101
Accessing the Protection Center control panel ................................. 103
Updating the Protection Center software manually ........................... 103
Changing the SPC_Admin account password ................................... 104
Specifying network settings ......................................................... 105
Activating the Windows operating system ...................................... 106
Chapter 11 Getting help with Protection Center issues ................. 109

Protection Center resources for resolving issues .............................. 109
Getting help from Symantec Support ............................................. 111
Symantec Support diagnostics options ........................................... 112
Gathering Protection Center diagnostics data .................................. 114
Support case settings .................................................................. 115
Saving a diagnostics file .............................................................. 117
Sending a diagnostics file to Symantec Support ............................... 118
6 Contents
Section 3 Security Management ............................................. 121

Chapter 12 Introduction to Protection Center security
management ................................................................. 123
Performing Protection Center security management tasks ................. 123
About the Protection Center dashboard .......................................... 125
Accessing the management interface of a supported product .............. 127
Chapter 13 Using Protection Center reports ..................................... 129

About reports ............................................................................ 129
About charts .............................................................................. 130
About report actions ................................................................... 131
About report filters ..................................................................... 131
Viewing a report ......................................................................... 132
Applying filters to a report ........................................................... 133
Creating a saved report ................................................................ 134
Deleting a saved report ................................................................ 135
Configuring the distribution of a saved report .................................. 136
Report management settings ........................................................ 137
Report distribution settings .......................................................... 137
Chapter 14 Working with notifications .............................................. 139

About notifications ..................................................................... 139
Viewing and managing notifications .............................................. 140
Chapter 15 Working with workflows and tasks ................................ 143

About workflows ........................................................................ 143
Using Protection Center workflows ................................................ 144
Configuring administration settings for a workflow .......................... 145
Starting a workflow .................................................................... 146
Monitoring your workflows and tasks ............................................ 147
Workflow details ........................................................................ 148
Task details ............................................................................... 148
Responding to a task assignment ................................................... 149
Workflows available in Protection Center ....................................... 150
Quarantine Endpoint workflow ............................................... 151
Update Virus Definitions On Endpoint workflow ........................ 153
Move Endpoint workflow ....................................................... 154
Update Virus Definitions And Scan Endpoint workflow ............... 155
NationalThreatLevelMonitor workflow ..................................... 156
Contents 7
ZeroDayVulnerabilityMonitor workflow ................................... 157
Index ................................................................................................................... 159

8 Contents
Section 1
Protection Center Overview
■ Chapter 1. Introducing Protection Center
■ Chapter 2. Getting started using Protection Center

10
Chapter 1
Introducing Protection
Center
This chapter includes the following topics:
■ About Protection Center
■ How Protection Center works
■ Where to get more information about Protection Center
About Protection Center

Symantec Protection Center is a centralized security management application. It
enables organizations to identify emerging threats, prioritize tasks, and accelerate
time to protection based on relevant actionable intelligence. Protection Center
uses a combination of process automation and security intelligence to enable
users to remediate incidents and proactively protect key systems and information
assets. Protection Center incorporates early warning notifications from the
Symantec Global Intelligence Network, which is one of the world’s largest
commercial cyber intelligence communities.
Protection Center helps your organization strengthen security by providing the
following:
■ A centralized view across endpoint, messaging, and third-party security
products through single sign-on, data collection, and process automation.
■ Cross-product reporting, with prebuilt templates for reports on malware, email,
and assets.
■ Monitoring of global security events, and early warning of relevant threats.
■ Powerful business analytics features to analyze and report on the data that is
available in your environment.
12 Introducing Protection Center
How Protection Center works
■ Single sign-on access to Symantec and third-party security products.

■ Correlation of local product data with global cyber intelligence data.
■ Automation of common security processes, with prebuilt workflow templates.
See “How Protection Center works” on page 12.
See “Getting started with Protection Center” on page 15.
How Protection Center works

Protection Center collects information from products in your environment as well
as from the Symantec Global Intelligence Network. Protection Center normalizes
the data and creates context for each of the individual product events. The
appropriate tasks are prioritized based on each individual user's role. The
information and tasks appear in the Protection Center dashboard, where users
can generate cross-product reports and start remediation workflows across
integrated products. Protection Center provides single sign-on access to the
integrated Symantec and third-party products.
See “About Protection Center” on page 11.
Protection Center performs the following major functions:
■ Collects data from security products and the Global Intelligence Network
■ Correlates local product data with global intelligence data
■ Delivers event notifications based on user role and severity
■ Generates cross-product reports
■ Facilitates workflow processes
■ Provides single sign-on to security products in your organization
See “About notifications” on page 139.
See “About reports” on page 129.
Where to get more information about Protection

Center
Information about Protection Center is available from many sources.
Introducing Protection Center 13
Where to get more information about Protection Center
Table 1-1 Where to get more information about Protection Center
Item Description
Protection Center Web page High-level information about Protection Center and links to documentation and other
resources.
The Protection Center page is located on the Symantec Web site at the following URL:
http://go.symantec.com/protection-center
The links to the Protection Center documentation are available by clicking the Product
Manuals link, on the Use tab of the Protection Center page.
Symantec Protection Center Information about deploying Protection Center: the architecture, requirements,
Getting Started Guide appliance creation, and initial setup.
This information is available in PDF format by clicking Product Manuals on the Use
tab of the Protection Center page.
Symantec Protection Center Detailed information about modifying your Protection Center installation to suit the
Sizing and Scalability Guide requirements of your organization.
Symantec Protection Center Detailed information about using Protection Center, including administration and
Help security management.
This help is available in HTML format through Protection Center. You can access the
information through the Help option in the top right corner of the Protection Center
interface.
Symantec Protection Center Detailed information to help you understand and use the reports that are included
Reports Guide with Protection Center.
Symantec Protection Center The most current information about Protection Center features, known issues, and
Release Notes resolved issues.
See “About Protection Center” on page 11.

14 Introducing Protection Center
Where to get more information about Protection Center
Chapter 2
Getting started using
Protection Center
■ Getting started with Protection Center
■ Accessing Protection Center
■ Performing the initial setup of Protection Center
■ Changing your user account password
■ Logging out of Protection Center
Getting started with Protection Center

Each Protection Center user typically fills one of two roles: administrator or
security manager. A Protection Center administrator creates the Protection Center
appliance, sets up the Protection Center appliance, and performs ongoing
Protection Center configuration tasks.
Protection Center administration tasks include the following:
■ Perform the initial configuration of Protection Center.
See “Performing the initial setup of Protection Center” on page 18.
■ Integrate supported products.
■ Manage users.
■ Configure the settings for LiveUpdate, backup, and Protection Center
configuration.
■ Configure workflows.
16 Getting started using Protection Center
Accessing Protection Center
■ Monitor Protection Center performance by using reports.

■ Monitor the notification feed for hardware, software, and performance issues
and respond accordingly.
■ Troubleshoot Protection Center.
See “Performing Protection Center administration tasks” on page 23.
A security manager uses Protection Center reports and dashboards to monitor
their organization's security status and takes appropriate action to resolve security
issues.
Protection Center security management tasks include the following:
■ Monitor the status of your security by using the Protection Center dashboard.
■ Monitor the status of your network and endpoints by using reports.
■ Remediate security issues on endpoints by using workflows that you start from
reports.
■ Manage products through the product views.
See “Performing Protection Center security management tasks” on page 123.

You access Protection Center using a Web browser on an endpoint and a Protection
Center user account. If you have not yet set up Protection Center user accounts,
use the predefined Protection Center administrator account (SPC_Admin) and the
password specified during appliance creation.
See “About the SPC_Admin account” on page 45.
See “About Protection Center user accounts” on page 44.
When you log in to Protection Center using the predefined administrator account,
the initial setup dialog box is displayed. The initial setup dialog box provides
information on the settings that you need to configure to get Protection Center
ready for use. You can access the settings directly from the links that are provided
in the initial setup dialog box. If you log in with any other Protection Center user
account, you go directly to the Protection Center dashboard. The dashboard
provides a high-level view of the overall security status of your network.
After logging in to Protection Center, you are in the Protection Center view. The
Protection Center view lets you access Protection Center reports and configuration
settings. After you integrate products with Protection Center, you can also access
other product views. A product view lets you manage a specific product.
Getting started using Protection Center 17
See “Changing your user account password” on page 19.

See “Logging out of Protection Center” on page 19.
To access Protection Center, you must use one of the following browsers on an
endpoint that has network access to Protection Center:
■ Microsoft Internet Explorer 8.x through 9.x
Compatibility mode must be turned off.
■ Mozilla Firefox 3.5 through 8.x
■ Safari 4.x through 5.x
Note: Some products that integrate their user interface with Protection Center
do not support all of the browsers that Protection Center supports. See the
documentation for the specific product to determine the browsers that the product
supports.
A current list of Symantec and third-party products that can integrate with
Protection Center is available at the following URL:
http://www.symantec.com/docs/DOC4806
Protection Center also requires that your monitor be set to a minimum resolution
of 1024x768 pixels.
Protection Center can support up to 10 concurrently logged-in users.
If you want to use more concurrently logged-in users, you may need to modify
your Protection Center installation. For more information, see the Symantec
Protection Center Sizing and Scalability Guide.
Note: If your Protection Center installation uses a self-signed security certificate,

a certificate error message is displayed every time you access Protection Center.
To resolve this issue, you can replace the default Protection Center self-signed
certificate with another certificate that your browser can recognize as trusted.
See “About managing Protection Center Web interface security certificates”
on page 91.
To access Protection Center

1 On an endpoint with a supported Web browser, go to the following location:
https://protection_center_appliance_name/Symantec
2 In the login dialog box, enter your Protection Center credentials and click
Login.
Performing the initial setup of Protection Center
Performing the initial setup of Protection Center

Before users can start using Protection Center, the Protection Center administrator
(SPC_Admin) must log in to Protection Center and perform initial setup tasks.
When you log in to Protection Center using the predefined administrator account,
the initial settings dialog box is displayed. This dialog box provides information
on the settings that you need to configure to get Protection Center ready for use.
See “Accessing Protection Center” on page 16.
The following table describes the process for performing the initial setup of
Protection Center.
Table 2-1 Process for performing the initial setup of Protection Center
Step Task Description
Step 1 Integrate supported Integrate any of the Protection Center supported products that are
products. available on your network.
See “Integrating supported products” on page 32.
Step 2 Set up user accounts. Set up the Protection Center user accounts that you require.
See “Setting up Protection Center user accounts” on page 45.
Step 3 Configure email settings. Set up the mail server that you want Protection Center to use for emailing
notifications and distributing reports. In addition, set up the email address
of the administrator who you want to receive the notifications that
Protection Center sends.
See “Email settings” on page 83.
Step 4 Set up a proxy server. Specify an HTTP proxy server for Protection Center to use if your
organization uses an HTTP proxy.
See “Proxy server settings” on page 86.
Step 5 Set up Protection Center Enable the collection and sending of diagnostics data and anonymous
to collect and send usage data to Symantec. Although use of this feature is optional, you are
community statistics encouraged to use it to help Symantec provide improved product quality
data to Symantec. and enhanced support.
See “Community statistics settings” on page 82.

Getting started using Protection Center 19
Changing your user account password
Changing your user account password

Symantec recommends that you change your Protection Center user account
password at regular intervals to ensure the security of your user account. If your
Protection Center user account is authenticated locally, you can change the
password on Protection Center at any time. If your user account uses Active
Directory or LDAP authentication, you need to change your password outside
Protection Center.
Changes to administrator account passwords can interrupt services for other
logged-in users.
A local Protection Center password must contain at least eight characters and
include three of the following:
■ One uppercase (A through Z) or lowercase (a through z) alphabetic character
■ One numeric character (0 through 9)
■ One non-alphanumeric character (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
■ One alphabetic Unicode character that is not categorized as uppercase (A
through Z) or lowercase (a through z)
To change your user account password
1 In Protection Center, on the Admin > Settings menu, click Password Change.
2 On the password change page, in the Current password box, enter your
original password.
3 In the New password box, enter the new password that you want to use for
your Protection Center user account.
4 In the Confirm new password box, enter the new password to verify the
change.
5 Click Save Changes.
Password changes can take up to a minute to take effect.
Logging out of Protection Center

When you log out of the Protection Center interface, you are logged out of
Protection Center. You are also logged out of any supported products with which
you are connected.
Logging out of Protection Center
Your current view, which can be a Protection Center page or a product view, is
preserved between sessions. When you log in again, the same view is restored
automatically.
To log out of Protection Center
◆ In Protection Center, at the top right of the header area, click Logout.
Section 2
Setup and Administration
■ Chapter 3. Introduction to Protection Center administration
■ Chapter 4. Working with Protection Center supported products
■ Chapter 5. Managing Protection Center user accounts
■ Chapter 6. Managing Protection Center software updates
■ Chapter 7. Backing up and recovering Protection Center
■ Chapter 8. Configuring Protection Center settings
■ Chapter 9. Managing Protection Center Web interface security certificates
■ Chapter 10. Using the Protection Center control panel
■ Chapter 11. Getting help with Protection Center issues

22
Chapter 3
Introduction to Protection
Center administration
■ Performing Protection Center administration tasks
■ About auditing Protection Center administration
■ Viewing the security audit logs
■ About Protection Center business analytics
■ Shutting down or restarting Protection Center
Performing Protection Center administration tasks

If you are the Protection Center administrator, you should become familiar with
administration tasks before you start using Protection Center for the very first
time. When you first log in, you are prompted to perform some initial configuration
of Protection Center. After you perform the initial setup of Protection Center, you
can perform additional administration tasks.
The following table describes the process for performing Protection Center
administration tasks.
24 Introduction to Protection Center administration
Performing Protection Center administration tasks
Table 3-1 Process for performing Protection Center administration tasks
Step 1 Log in to Protection Access Protection Center through the Protection Center interface. You
Center. normally log in to Protection Center using the predefined SPC_Admin
account.
Step 2 Perform the initial setup Complete the initial setup tasks that are required to ensure that Protection
of Protection Center. Center is ready for use.
Optionally, configure Protection Center business analytics to work with

the data that is available in your environment.
See “About Protection Center business analytics” on page 28.
Step 3 Configure software Configure Symantec LiveUpdate to regularly check for updates to the
update settings. Protection Center software components.
See “About Protection Center software updates” on page 63.
Step 4 Configure backup Configure Symantec Backup Exec System Recovery to create regular
settings. backups of Protection Center data and system files.
See “About Protection Center backup and recovery” on page 69.
Step 5 Customize Protection Change the configuration settings to make Protection Center work in your
Center for your specific environment and ensure that it meets the needs of your
environment. organization.
See “Protection Center configuration settings” on page 79.
Step 6 If necessary, replace the Replace the default self-signed certificate with a new certificate issued by
Web interface security a certificate authority or by your organization’s public key infrastructure
certificate. (PKI).

on page 91.
Step 7 Configure the workflows Configure each workflow to suit the requirements of your organization.
which let you perform After you perform this task, the security manager can then use the
actions on specific workflows to resolve any security issues that are detected in your
endpoints. environment.
See “About workflows” on page 143.
Step 8 Perform the ongoing Integrate additional supported products as they become available on your
integration of additional network.
products with Protection
Center.
Introduction to Protection Center administration 25
About auditing Protection Center administration
Table 3-1 Process for performing Protection Center administration tasks

(continued)
Step 9 Perform the ongoing Set up additional Protection Center user accounts as needed.
setup of user accounts.
Step 10 Monitor the status of Monitor the status of your network and endpoint environment by using
your network and the reports that contain Protection Center-specific data.
computer environment.
Step 11 Identify and respond to Identify and respond to hardware, software, and performance issues
hardware, software, and through notifications. A notification is a message that informs you about
performance issues. an event that has occurred. Protection Center generates notifications
when you need to be made aware of an issue.
Step 12 Troubleshoot Protection Gather diagnostics information from Protection Center and send it to
Center as needed. Symantec for support purposes.
See “Protection Center resources for resolving issues” on page 109.
See “Getting help from Symantec Support” on page 111.

Protection Center logs all administrator actions and user actions to capture the
administration events and sensitive changes that are made in Protection Center.
You can view this data to audit Protection Center administration.
See “Viewing the security audit logs” on page 27.
Protection Center logs all changes that are made, including the following security
and user management events:
■ Enabling or disabling an integrated product
■ Adding, modifying, or removing a user
Details of the permissions that were assigned to or removed from the user are
also recorded.
■ Resetting a user password
■ User logging on or logging off
■ User account lockout
■ User authentication failure
■ Changing the Protection Center configuration settings

These settings include the email settings, proxy settings, purge settings, and
network settings.
■ Importing, exporting, or generating a certificate
■ Changing the backup settings
■ Changing the software update settings
■ Running a workflow
For each event that is logged, Protection Center also logs the date and time, and
details of the user that initiated the event.
Protection Center makes the logged information available in the Security Audit
Logs report.
The Security Audit Logs report includes the following information for each log
entry:
Field Description
Date The date and time that the entry was written to the security audit
log.
Category The category for audit log messages.
User The name of the Protection Center user that performed the
operation.
Status The status of the event: Success or Failure.
Server The FQDN or the IP address of the Protection Center server.
Client The FQDN or the IP address of the computer from which the
operation was initiated, if available.
Description A detailed description of the log entry.
By default, the security audit log stores the 10,000 most recent log entries. As
further events are logged, Protection Center rotates the security audit log to
remove the oldest entries. The Protection Center database purge schedule does
not purge the security audit log.
Viewing the security audit logs
Viewing the security audit logs

The security auditing feature of Protection Center logs the security events and
sensitive changes that are made in Protection Center. The Security Audit Logs
report lets you view the logged security information.
See “About auditing Protection Center administration” on page 25.
To view the Security Audit Logs report in Protection Center, you need to have
the View Audit Log permission set in your user account. The View Audit Log
permission is granted to SPC administrators only by default.
See “Protection Center user account permissions” on page 58.
To view the security audit logs
1 In Protection Center, on the Admin > Settings menu, click Security Audit
Logs.
Alternatively, you can access the Security Audit Logs report from the list of
reports.
See “Viewing a report” on page 132.
2 In the Security Audit Logs report, specify the time period for the data that
you want to view.
You can choose one of the predefined time periods or set a custom time range.
You can view the logs that were recorded before or after a specific date and
time. Alternatively, you can view the logs that were recorded between two
specific dates and times.
3 (Optional) Configure the filters that you want to apply to the Security Audit
Logs report:
■ Category
Lets you view all of the logs that belong to a specific category. For example,
Authentication Management, Backup Management, and Certificate
Management.
■ User
Lets you view all of the log entries that relate to a specific Protection
Center user.
■ Status
Lets you view all of the log entries that have a specific status. For example,
Success or Failure.
About Protection Center business analytics
About Protection Center business analytics

Symantec Protection Center 2.X supports business analytics to help you better
assess the security status of your network. Business analytics collects large
amounts of data from multiple sources and applies advanced business intelligence
technology to it. Actionable information is then delivered through reports, charts,
dashboards, and pivot tables. Business analytics allows companies to save time
and resources and optimize business processes by making knowledge-based
decisions. The Protection Center business analytics functionality is provided
through integration with Altiris IT Analytics Solution from Symantec. IT Analytics
is a separate product that leverages the information that is collected from various
Symantec security products. IT Analytics provides a unified view of this
information to facilitate prioritized risk-based remediation. IT Analytics provides
multi-dimensional analysis and robust graphical reporting as well as dashboards
and out-of-the-box, visually informative Key Performance Indicator (KPI)
scorecards.
For information on enabling business analytics in your environment, see Finding
Protection Center documentation. This page contains links to all the available
documentation and is available at the following location:
http://www.symantec.com/business/support/index?page=content&id=DOC4852
Shutting down or restarting Protection Center

You can shut down or restart the Protection Center appliance when necessary.
When Protection Center is shut down, the supported products continue to operate
as normal. However, they cannot send any product data to Protection Center until
it is restarted. If Protection Center is shut down, the supported products store
their data locally. When Protection Center restarts, it automatically collects all
retrospective data from the supported products. By storing data locally, integrated
products ensure that Protection Center can always collect a complete set of data
for reports and dashboards.
To shut down or restart Protection Center

1 In Protection Center, on the Admin > Settings menu, click Shutdown.
2 On the appliance shutdown page, select the appropriate option.
Shut down Use this option if you need to replace hardware or physically
move the appliance.
Restart Use this option after you make configuration changes or

upgrade appliance components through LiveUpdate.
3 Click Proceed.
Chapter 4
Working with Protection
Center supported products
■ About supported products
■ Integrating supported products
■ Adding a supported product to Protection Center
■ Required supported product host settings
■ Advanced supported product host settings
■ Discovering supported products on your network
■ About managing supported products
■ Enabling a supported product
■ Disabling a supported product
■ Re-enabling a disconnected product
About supported products

Protection Center lets you bring multiple security products together for centralized
security management. The products that can work or integrate with Protection
Center are known as Protection Center supported products.
Supported products can integrate with Protection Center in one or both of the
following ways:
32 Working with Protection Center supported products
Integrating supported products
■ Data aggregation
Protection Center collects data from the supported products and aggregates
the data to create cross-product reports. Protection Center also receives and
displays notifications from the supported products.
■ Product management
Protection Center centralizes the management of supported products.
Protection Center lets you access multiple products through a single interface.
For more information on supported products, see the Symantec Protection Center
Getting Started Guide. You can access the guide through the Protection Center
page on the Symantec Web site. The Protection Center page is located at the
following URL:
A current list of Symantec and third-party products that can integrate with
Protection Center is available at the following URL:
Integrating supported products

A supported product needs to be manually integrated before it can start working
with Protection Center. If the product supports data integration, it can share its
data and send security notifications to Protection Center. If the product supports
user interface integration, you can start managing the product through Protection
Center.
See “About supported products” on page 31.
See “Accessing the management interface of a supported product” on page 127.
For more information see the complete list of supported products that is located
at the following URL:
This document contains information on integrating specific supported products
and links to the appropriate information for each product.
Note: You can integrate Symantec Mail Security for Microsoft Exchange (Mail
Security) with Protection Center. However, the integration process that is described
in this section does not apply to Mail Security.
See Symantec Mail Security for Microsoft Exchange and Protection Center
Integration Guide.
Working with Protection Center supported products 33
Adding a supported product to Protection Center
The following table describes the process for integrating supported products with
Protection Center.
Table 4-1 Process for integrating supported products
Step 1 Add the supported You can add supported products as part of the initial setup that you
products. perform when you first log in to Protection Center. You can also add
supported products from the product management page at any time.
See “Adding a supported product to Protection Center” on page 33.
Step 2 (Optional) Discover You can configure Protection Center to automatically discover the
supported products. supported products that are installed on your network.
See “Discovering supported products on your network” on page 36.
Step 3 Enable the supported You can enable the supported products that are available on your network.
products. If multiple instances of a product are available, you can enable each
product instance individually.
See “About managing supported products” on page 37.
See “Enabling a supported product” on page 38.
Step 4 (Optional) Re-enable any An enabled product can become disconnected from Protection Center
products that have due to network connectivity issues or changes on the product host. You
become disconnected need to resolve the connection problem and re-enable the product in
from Protection Center. Protection Center.
See “Re-enabling a disconnected product” on page 40.
Step 5 (Optional) Disable any You can disable any enabled products that you no longer want to manage
products that you no through Protection Center.
longer want to manage
See “Disabling a supported product” on page 39.
through Protection
Center.
Adding a supported product to Protection Center

You can add a supported product to Protection Center. The supported product
must be installed on your network in a location that Protection Center can access.
Required supported product host settings
To add a supported product to Protection Center

1 In Protection Center, do one of the following:
To add a product as part of On the Initial Setup dialog box, under Product
the initial setup Integration, click Integrate products.
To add a product from the On the Admin menu, click Supported Products and
product management page then, on the product management page, click Add
Product.
2 In the Add and Enable Product Instance dialog box, specify the appropriate
product parameters.
See “Required supported product host settings” on page 34.
3 If you want to specify a particular tenant for a multi-tenant product, or if the
product host uses non-default configuration settings, click Advanced options.
In the Advanced options fields, specify the appropriate settings.
See “Advanced supported product host settings” on page 35.
4 Click Enable.
When Protection Center has validated the specified information, the product
host is added to the Enabled Supported Products tab.
Required supported product host settings

You need to specify these settings when you add a supported product to Protection
Center. You need to specify the product host location and supply the credentials
of an administrator account on the product.
Table 4-2 Required supported product host settings
Item Description
Product Applies to the Add and Enable Product Instance dialog box only.
Contains the names of all the Protection Center supported products in a drop-down list.
Advanced supported product host settings
Table 4-2 Required supported product host settings (continued)
Item Description
Host name Specifies the host name or IP address of the product instance that you want to add. You
can use IPv4 and IPv6 addresses.
In the Available Supported Products tab, this field is a drop-down list that contains the
names of all the available product instances. If only a single product instance is available,
the name is displayed in the following format: <Product Name (tenant name)>.
Administrator user Specifies the user name of an account that has full administrator access permissions to the
name product.
If you want to use a domain administrator account, you need to specify the domain. For
example, <Domain>\<User Name>.
Administrator Specifies the password of the administrator account.

password
Advanced options Displays the advanced product host settings fields.
Advanced supported product host settings

You need to specify these settings if your product host uses non-default
configuration settings. You also need to specify these settings when you want to
add a particular tenant of a multi-tenant product.
The following table describes the advanced supported product host settings. Only
the settings that are relevant to the selected product are displayed.
Table 4-3 Advanced supported product host settings
Item Description
Tenant Applies to the Add and Enable Product Instance dialog box only.
Specifies the tenant that you want to add.

Discovering supported products on your network
Table 4-3 Advanced supported product host settings (continued)
Item Description
Data feed port Specifies the product host port that is used for data feeds. Protection Center uses the
specified port for all secure Web service calls after the supported product is enabled.
Note: If the product has a single Web services port configured, that port must be used for
both data feeds and registration.
Data feed user name Specifies the administrator account that has permission to access the data feed from the
product.
By default, the user name is the same as the administrator account that you specified in
the required product host settings.
Registration port Specifies the product host port that is used for enabling the product in Protection Center.
Protection Center uses the specified port for the unsecured registration Web service calls
to the product.
Note: If the product has a single Web services port configured, that port must be used for
both data feeds and registration.
Console port Specifies the product host port that is used to access the product user interface (sometimes
referred to as the product console). The product user interface is displayed in Protection
Center as a product view.
Protection Center uses the specified port for the single sign-on Web service calls.
Use HTTPS Specifies that the product uses HTTPS connections with Protection Center.
Discovering supported products on your network

You can configure Protection Center to discover the supported products that are
available on your network. The discovery process lets you easily find the products
that can work with Protection Center. The discovery process also detects any
enabled products that support multi-tenancy, which lets you enable additional
tenants on the product host. The enabled products that do not support
multi-tenancy are not detected.
If you already know the name and IP address of a product host on your network,
you can skip the discovery process. You can add and enable the product directly
by specifying the appropriate details and supplying valid administrator credentials.
If your product does not respond to a Protection Center discovery scan due to
security reasons, you need to enable the product directly.
About managing supported products
You should run the product discovery process when you first install Protection
Center. The discovery process can take up to a few hours to complete.
To discover Protection Center supported products on your network
1 In Protection Center, on the Admin > Settings menu, click Product Discovery.
2 On the Product Discovery page, under Discovery IP Selection, specify the
IP address range or particular IP addresses that you want to search.
You can use IPv4 and IPv6 addresses. You can specify multiple IP addresses
or IP ranges by separating each entry with a comma. You can separate the IP
addresses in the range by a dash.
3 Under Supported products to Discover, select the products for which you
want to search.
4 Click Discover Products.
The details of each product instance that is discovered are displayed. The
discovered product instances are automatically added to the list in the
Available Supported Products tab.
About managing supported products

The product management page displays details of the products that are currently
enabled in Protection Center and the products that are available to be enabled.
You can add supported products to Protection Center and you can enable available
supported products. You can also disable enabled products and re-enable
disconnected products.
The following table describes the supported product management options.
Table 4-4 Supported product management options
Option Description
Add Product Attempts to integrate a particular supported product with Protection Center. The supported
product must be installed on your network in a known location.

Enabling a supported product
Table 4-4 Supported product management options (continued)
Option Description
Disable Product Disables the product that is selected in the Enabled Supported Products tab in Protection
Center.
See “Disabling a supported product” on page 39.
The Available Supported Products tab displays the summary details of the
supported products that are available on your network but are not currently
enabled in Protection Center. You can enable the products that you want by
supplying the appropriate administrator credentials.
The Enabled Supported Products tab displays the summary details of the products
that are currently enabled in Protection Center. Each product panel indicates the
current connection status of the product host: Normal or Error. If a host has a
connection error, Protection Center cannot collect any data from the product.
You need to resolve the connection error and re-enable the product in Protection
Center.
See “Re-enabling a disconnected product” on page 40.
If both of the tabs are empty in the product management page, one of the following
states might apply:
■ You have not yet performed the product discovery process or added any
supported products.
■ No Protection Center supported products can be accessed from the Protection
Center appliance location.
■ No Protection Center supported products are installed on your network.
■ No Protection Center supported products are installed on the Protection Center
appliance.
The product list has the same format in both tabs: a list of product panels, where
each panel shows the product name and version, and the number of hosts. Each
host corresponds to an available or an enabled product instance, according to the
tab. You can expand each product panel to view details of each product instance.
You can select an individual product instance in the expanded view.
Enabling a supported product

When you discover a supported product, the product instance is added to the list
of available supported products. To integrate that product with Protection Center,
Disabling a supported product
you must enable the appropriate product host in Protection Center. If you have
more than one instance of an available supported product (multiple product hosts),
you must enable each product instance separately.
When you enable a product, you might need to supply the credentials of an account
that has administrator rights to the product instance. However, some products
do not require you to supply any credentials.
To enable a supported product
1 In Protection Center, on the Admin menu, click Supported Products.
2 On the product management page, on the Available Supported Products
tab, select the product that you want to enable.
3 On the product panel, click Enable Supported Product.
The product panel expands to show the required product host settings.
4 On the product panel, specify the appropriate settings.
5 If you need to use non-default values for the registration port, the data feed
port, or the console port, click Advanced options.
In the Advanced options fields, specify the appropriate settings.
6 Click Enable.
The product instance icon is removed from the Available Supported Products
tab and appears in the Enabled Supported Products tab.
7 If an error message is displayed, click Continue.
You need to determine why the integration was unsuccessful and take the
appropriate action to resolve the issue. A typical solution is to enter the
correct administrator account credentials.
Disabling a supported product

You can disable a supported product when you no longer want to manage it from
Protection Center. You also can disable it when you want to change its integration
credentials. A disabled product is removed from the Enabled Supported Products
tab. If you later want to re-enable the product, you use the standard process for
enabling a product.
Re-enabling a disconnected product

Disabled products stop supplying data and sending notifications to Protection
Center, and they can no longer be managed through Protection Center. When a
product is disabled, Protection Center keeps the notification data that the product
sent, but it deletes the rest of the data. Disabling a product does not affect the
product itself and does not change the data that is stored on the product.
To disable a supported product
2 On the product management page, on the Enabled Supported Products tab,
select the product that you want to disable.
If multiple product instances are available, you can expand the product panel
and select the appropriate product instance.
3 Click Disable Product.
4 In the Disable Product Instance dialog box, click Disable.
A message indicates the success or failure of the action. In some scenarios
the product might not respond, so Protection Center cannot disable the
product in the usual way.
5 If necessary, click Force Disable.
6 Click Close.
The disabled product host is removed from the Enabled Supported Products
tab and it is added to the Available Supported Products tab.

If network issues in your environment disrupt the connection between Protection
Center and an integrated product, the product can become disconnected.
Disconnected products stop supplying data and sending notifications to Protection
Center, and they can no longer be managed through Protection Center. However,
the product is still enabled in Protection Center, so no data is discarded. When a
product becomes disconnected, you need to resolve the connection error and then
re-enable the product.

To re-enable a disconnected product
2 On the product management page, on the Enabled Supported Products tab,
select the product that you want to re-enable.
3 At the right end of the product panel, click Connection: Error.
4 In the Connection Error dialog box, read the error details and take the
necessary action to resolve connection issues.
5 Click Re-enable.
6 In the Re-enable Product dialog box, specify the appropriate settings.
7 Click Enable.
8 Click OK.
Chapter 5
Managing Protection Center
user accounts
■ About Protection Center user accounts
■ About the SPC_Admin account
■ Setting up Protection Center user accounts
■ Using an Active Directory or LDAP server for user account authentication
■ Protection Center user account management options
■ Creating a Protection Center user account
■ Modifying a Protection Center user account
■ Protection Center user account authentication types
■ Protection Center (local) user authentication settings
■ Active Directory and LDAP authentication settings
■ Protection Center user account permissions settings
■ Protection Center user account permissions
■ Supported product access permission settings
■ Deleting a Protection Center user account

44 Managing Protection Center user accounts
About Protection Center user accounts
About Protection Center user accounts

Each Protection Center user has a user account. A Protection Center user account
gives a user access to specific Protection Center features and functionality. A
Protection Center user account also gives a user access to specific supported
products and to the data that the products provide. You can create, modify, disable,
and delete Protection Center user accounts.
The predefined Protection Center administrator account (SPC_Admin) has full
permissions to all of the features of Protection Center. After the initial deployment
of Protection Center, you need to use the SPC_Admin account to create the other
Protection Center user accounts that you want.
See “Creating a Protection Center user account” on page 51.
See “Modifying a Protection Center user account” on page 53.
See “Deleting a Protection Center user account” on page 62.
Table 5-1 Protection Center user account features
Parameter Description
Unique user name The same user name cannot be used for two user accounts, even if the user accounts
use different authentication methods.
Authentication type Protection Center can authenticate users through local accounts, Microsoft Active
Directory, or LDAP.
See “Protection Center user account authentication types” on page 54.
Feature permissions The predefined administrator account, SPC_Admin, has all available permissions.
However, Protection Center lets you apply a reduced set of permissions to all other
user accounts.
See “Protection Center user account permissions settings” on page 57.
Products Users can be assigned the rights to access the products that are integrated into
Protection Center. If a user can access a product, they can view data from that product
in Protection Center reports. If a user cannot access a product, the data from that
product is not included in any Protection Center reports generated by the user.
See “Supported product access permission settings” on page 61.

Managing Protection Center user accounts 45
About the SPC_Admin account
About the SPC_Admin account

permissions to all of the features of Protection Center. After the initial deployment
of Protection Center, you must use the SPC_Admin account to access and create
other Protection Center user accounts.
The initial password for the SPC_Admin account is set during the Protection
Center appliance creation process. The SPC_Admin account cannot be disabled
or removed from Protection Center. You can change the password through the
Protection Center view, and you can also change the password through the
Protection Center control panel.
See “Accessing the Protection Center control panel” on page 103.
See “Changing the SPC_Admin account password” on page 104.
Setting up Protection Center user accounts

Each Protection Center user needs a user account. After the initial deployment
of Protection Center, you need to create the Protection Center user accounts that
you want. You can create, modify, disable, and delete the Protection Center user
accounts.
Table 5-2 Process for setting up Protection Center user accounts
Step Action Description
Step 1 Plan your Protection You might already have Microsoft Active Directory or LDAP user
Center user accounts. accounts set up for your network. You can use these existing accounts
as the basis for corresponding Protection Center user accounts. Microsoft
Active Directory or LDAP authenticates the user credentials when the
user logs in to Protection Center. Alternatively, you can create new
accounts in Protection Center, and let Protection Center authenticate
the user credentials.
See “Protection Center user account management options” on page 50.
Step 2 Specify an Active Directory If you want to use existing Microsoft Active Directory or LDAP user
or LDAP server. accounts, you need to specify the appropriate Active Directory or LDAP
server.
See “Using an Active Directory or LDAP server for user account

authentication” on page 46.
Using an Active Directory or LDAP server for user account authentication
Table 5-2 Process for setting up Protection Center user accounts (continued)
Step 3 Create each Protection You need to select the authentication method for the account and then
Center user account. specify the user details or select the appropriate Active Directory or
LDAP account.
You need to assign the appropriate permissions to the user account.
You need to select the supported products that the user account can
access through Protection Center.
Step 4 Modify and manage user You can modify a Protection Center user account at any time. However,
accounts as needed. changing the authentication method creates a new user account that
replaces the original account.
Using an Active Directory or LDAP server for user

account authentication
You can use the Microsoft Active Directory or LDAP user accounts that are set up
on your network to authenticate corresponding Protection Center user accounts.
To use existing Microsoft Active Directory or LDAP user accounts in Protection
Center, you need to specify the appropriate Active Directory or LDAP server. You
need to specify the server name and supply the appropriate credentials to access
the server. You also need to specify the appropriate base distinguished name (Base
DN) and user search filter.
See “Active Directory and LDAP authentication settings” on page 56.
When you create a Protection Center user account, you can specify the name of
an existing Active Directory or LDAP account. Protection Center imports the
appropriate account details from the specified Active Directory or LDAP server.
When a user logs in to Protection Center, Active Directory or LDAP authenticates

the user credentials.
To use an Active Directory or LDAP server for user account authentication
1 In Protection Center, on the Admin > Settings menu, click Active Directory
and LDAP.
2 On the Active Directory and LDAP server settings page, specify the appropriate
details.
See “Active Directory and LDAP server settings” on page 47.
3 Click Test LDAP Settings or Save Changes.
Protection Center verifies that the settings are correctly specified. If any
settings cannot be verified, an appropriate error message is displayed. If all
of the settings are verified, Protection Center saves the settings.
Active Directory and LDAP server settings

The Active Directory and LDAP server settings page lets you specify the Active
Directory or LDAP server to use to authenticate Protection Center user accounts.
You can also specify the LDAP query that extracts the Active Directory users that
you want to add to Protection Center.
See “Using an Active Directory or LDAP server for user account authentication”
on page 46.
Table 5-3 Active Directory and LDAP server settings
Item Description
Hostname Specifies the server on which the Microsoft Active Directory or domain controller resides.
You can enter the host name or IP address.
User name Specifies the user name of an account that has administrator rights to the Active Directory
or LDAP server.
Use the <Username> syntax; do not use the <Domain\Username> syntax.
This setting is required for secure authentication. Secure login to Active Directory is enabled
by default, so you should specify user credentials for the first connection attempt.
Password Specifies the password of the administrator account.

Table 5-3 Active Directory and LDAP server settings (continued)
Item Description
Authentication type Specifies the way in which Protection Center queries the Active Directory or LDAP server
as follows:
■ Secure
The connection request sends the credentials that you configured. Protection Center
connects securely to the Active Directory or LDAP server. You need to specify the
appropriate user name and password.
■ Anonymous
The connection request does not use any credentials.
Use SSL Specifies that Protection Center uses SSL for communication with the Active Directory or
LDAP server.
To make this work, your Active Directory or LDAP server needs to be properly configured
to use SSL.
Base DN Specifies the base distinguished name: the top level of the LDAP directory tree.
Build Opens the Build Base Distinguished Name dialog box that lets you specify the Base DN.
See “Specifying the Base DN” on page 48.
User search filter Specifies the filter search string to extract the user information that Protection Center
requires.
Build Opens the Build Search Filter dialog box that lets you specify the filter search string.
See “Specifying the user search filter” on page 49.
Test LDAP Settings Tests the settings to verify that they are correctly specified. This option duplicates the
Save Changes functionality.
Protection Center verifies the following:
■ The specified LDAP server is accessible.

■ The specified Base DN folder exists.
■ The specified user search filter syntax is correct.
Protection Center does not verify that the search filter returns any users.
If any settings cannot be verified, an appropriate error message is displayed. If all of the
settings are verified, Protection Center saves the settings.
Specifying the Base DN

You need to specify the Base DN for the Active Directory and LDAP server settings.
The Base DN is the top level of the LDAP directory tree. Depending on how Active
Directory is set up in your organization, the Base DN can have one or more values.
The Base DN indicates the location to search for a user.
on page 46.
You need to represent each Base DN value by a DC= prefix entry and separate
multiple values with commas.
An example follows:
CN=Users,DC=myDomain,DC=com
where Users is the name of the container in which the user accounts are located
in the directory tree. This container is found at the root of myDomain.com which
is usually the zone or your domain name.
To specify the Base DN
and LDAP.
2 On the Active Directory and LDAP server settings page, next to Base DN, click
Build.
3 In the Build Base Distinguished Name dialog box, click the folder that you
want to use.
The Selected DN box displays the selected folder name.
4 Click OK.
The specified Base DN is added to the Base DN box in the Active Directory
and LDAP server settings page.
Specifying the user search filter

You need to specify the user search filter for the Active Directory and LDAP server
settings. The filter search string lets Protection Center extract the user information
that you require from the LDAP server.
on page 46.
An example search filter follows:
(&(objectClass=user)(|(anr=%s*)(uid=%s*)))
Where:
■ objectClass=user
Specifies the type of objects to be searched.
Protection Center user account management options
■ anr=
Specifies to use Ambiguous Name Resolution.
■ uid=
Specifies to also search by user ID.
■ %s*
Specifies to match partial strings as well as whole names.
To specify the user search filter
and LDAP.
2 On the Active Directory and LDAP server settings page, next to User search
filter, click Build.
3 In the Build Search Filter dialog box, in the Search for a user box, type the
common name of a user that exists on the LDAP server.
When you start typing the common name, an auto complete list lets you select
the appropriate user. When you select a user, a list of properties that the
LDAP server stores for the selected user is displayed.
4 Select the object classes and user properties that you want to include in your
user searches.
5 The User Search Filter box displays the syntax of the corresponding user
search filter.
6 Click OK.
The specified user search filter string is added to the User search filter box
in the Active Directory and LDAP server settings page.
Protection Center user account management options

The Protection Center user management page displays summary details of all the
Protection Center user accounts. You can create, modify, and delete Protection
Center user accounts. As part of regular management of Protection Center user
accounts, you may need to reset the passwords that have been forgotten or
compromised. You may also need to disable the user accounts that are no longer
required.
You can sort the list of user accounts by clicking on the heading of the column
that you want to sort by. You can double-click an account to open the Edit User
Account dialog box for that user account.
Creating a Protection Center user account
Table 5-4 Protection Center user account management options
Option Description
New Accesses the Create User Account dialog box, which lets you create
a Protection Center user account.
Edit Accesses the Edit User Account dialog box, which lets you modify the
selected Protection Center user account.
Delete Accesses the Delete User Account dialog box, which lets you delete
the selected Protection Center user account.

You need to create a user account for each Protection Center user. A Protection
Center user account gives a user access to specific Protection Center features and
functionality. A Protection Center user account also gives a user access to specific
enabled products and to the data that the products provide.
Protection Center can authenticate user accounts by itself, or use Microsoft Active
Directory or LDAP to authenticate the user credentials. Implementing Microsoft
Active Directory or LDAP authentication for Protection Center user accounts lets
you use your normal domain authentication service for Protection Center users.
To use Active Directory or LDAP user accounts in Protection Center, you first
need to specify the appropriate Active Directory or LDAP server.
on page 46.
To create a Protection Center user account

To create a user account as On the initial settings dialog box, under User Accounts,
part of the initial setup click Create accounts.
To create a user account On the Admin menu, click User Management.

from the user management
On the user management page, click New.
page
2 In the User Accounts dialog box or the Create User Account dialog box, click
the appropriate authentication method:
Locally Authenticated Creates a local user account in Protection Center.

Account
Active Directory or LDAP Creates a user account that authenticates with your
authenticated account Active Directory or LDAP server.

3 Do one of the following:
If you created a local account Specify the local account information.
See “Protection Center (local) user authentication

settings” on page 55.
If you created an Active Specify the Active Directory account or LDAP account
Directory or an LDAP to use.
account
Protection Center extracts the account details from
the Active Directory or LDAP server.
See “Active Directory and LDAP authentication

settings” on page 56.
4 Specify the Protection Center user permissions for the account.

5 Specify the supported products that the account can access. For each product,
specify whether the account has full access or reports-only access.
6 Click Save.
7 Verify and confirm the user account details.
Modifying a Protection Center user account
8 (Optional) If you want to notify the user that the new Protection Center user
account is available, click Send notification to this user.
Protection Center sends an email notification to the email address that you
specified in the authentication settings.
This option is available only when a mail server is configured for Protection
Center and an email address is specified in the new user account.
9 Click Finish.
Modifying a Protection Center user account

You can modify a Protection Center user account at any time. You might need to
modify an account to provide the user access to a newly enabled product, or to
change the Protection Center user permissions. Note that changing the
authentication method creates a new user account that replaces the original
account.
As part of regular management, you might need to reset the passwords that have
been forgotten or compromised. You might also need to disable the user accounts
that are no longer required.
The predefined Protection Center administrator account, SPC_Admin, cannot be
disabled or removed.
To modify a Protection Center user account
1 In Protection Center, on the Admin menu, click User Management.
2 On the user management page, select the user account that you want to
modify, and then click Edit.
Alternatively, you can double-click the selected account.
Protection Center user account authentication types
3 In the Edit a Protection Center user account dialog box, on the Account
Details and Permissions tab, edit the Protection Center user account details.
If you change the authentication type, the appropriate fields are displayed.
You need to specify the required details.
See “Protection Center (local) user authentication settings” on page 55.
4 Modify the Protection Center user permissions for the account.
5 On the Supported Product Access tab, modify the supported products that
the account can access.
6 Click OK.
Protection Center user account authentication types

You need to specify the authentication type that you want to use for the Protection
Center user account. If you change the authentication type when you edit a
Protection Center user account, all of the user authentication settings are lost.
You need to specify the appropriate user details, or select the matching account,
whichever is relevant to the new authentication type.
Table 5-5 Protection Center user account authentication types
Type Description
Protection Center (local) The user account is a local Protection Center user account. When the user logs in to
Protection Center, the user name and password that they specify are authenticated by
Protection Center.
See “Protection Center (local) user authentication settings” on page 55.

Protection Center (local) user authentication settings
Table 5-5 Protection Center user account authentication types (continued)
Type Description
Active Directory or LDAP The Protection Center user account is matched with a corresponding user account that
already exists in Microsoft Active Directory or LDAP. When the user logs in to Protection
Center, the user name and password are passed to the Active Directory or the LDAP
server for authentication.
Before you can select any Active Directory or LDAP user accounts, you need to specify
the Active Directory or LDAP server to use for authentication.
on page 46.
Protection Center (local) user authentication settings

If a Protection Center user account uses local Protection Center authentication,
you need to specify the account user name, password, and user details. When the
user logs in to Protection Center, the user name and password that they specify
are authenticated by Protection Center.
Table 5-6 Protection Center (local) authentication settings
Item Description
User name Specifies the account user name. The user name is the unique identifier of the Protection
Center user account.
Password Specifies the account password. The same password must be specified in both fields.
Confirm password A local Protection Center password must contain at least eight characters and include three
of the following:
■ One uppercase (A through Z) or lowercase (a through z) alphabetic character

■ One non-alphanumeric character (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
■ One alphabetic Unicode character that is not categorized as uppercase (A through Z) or
lowercase (a through z)
Active Directory and LDAP authentication settings
Table 5-6 Protection Center (local) authentication settings (continued)
Item Description
First name Specifies the first name of the Protection Center user.
Last name Specifies the last name of the Protection Center user.
Email address Specifies the email address of the Protection Center user.
Protection Center sends automatically generated email messages, such as reports or

notifications, to this address.
This feature is available only when a mail server is configured for Protection Center.
Disable account Disables the Protection Center user account.
This option lets you create user accounts in advance but prevent the users from accessing
Protection Center until you allow it. When you want to roll out new accounts to the users,
you only need to enable the appropriate accounts.
This setting is available only when you modify a Protection Center user account.
Active Directory and LDAP authentication settings

If a Protection Center user account uses Active Directory or LDAP authentication,
you need to specify the appropriate Active Directory or LDAP user account.
Protection Center imports the corresponding user name, the password, and other
user details for the new Protection Center user account. However, these details
are still maintained in the Active Directory or LDAP server and cannot be modified
in Protection Center. When the user logs in to Protection Center, the user name
and password that they specify are passed to Active Directory or LDAP for
authentication.
Protection Center user account permissions settings
Table 5-7 Active Directory and LDAP authentication settings
Item Description
Active Directory or LDAP Specifies the user name of the Microsoft Active Directory or LDAP account that you
Account Name want to use in Protection Center.
This setting is available only when you create a new Protection Center user account.
This field is an active search field: it matches the text string that you type with the
available accounts by first name, last name, and user name.
Protection Center imports the account details from the Active Directory or LDAP server
and the remaining fields are populated automatically.
User name Specifies the user name of the specified Active Directory or LDAP account.
First name Specifies the first name of the specified Active Directory or LDAP account.
Last name Specifies the last name of the specified Active Directory or LDAP account.
Email Specifies the email address of the specified Active Directory or LDAP account.
Protection Center sends automatically generated email messages, such as reports or

notifications, to this address.
Protection Center user account permissions settings

Protection Center permissions control user access to Protection Center features
and functionality. You need to assign to the user account the permissions that
the user needs to access the appropriate Protection Center features.
For each Protection Center feature, you can give the user View permission or
Manage permission. The View permission gives the user read-only access to the
feature. The user can see the menu option and access the corresponding user
interface page to view the current settings, but cannot make any changes. The
Manage permission gives the user full access to the feature and the ability to
change the current settings.
You can assign user permissions manually by selecting individual permissions,
or you can copy the full set of permissions from another Protection Center user
account.
These user permissions apply only to Protection Center features and functionality.
You specify product access rights when you set up links to supported products.
Protection Center user account permissions
Table 5-8 Protection Center user account permissions settings
Item Description
Protection Center Contains the permissions that apply to the user account.
Permissions
See “Protection Center user account permissions” on page 58.
Copy permissions from Copies the user permissions from another Protection Center user account. The
appropriate permissions are applied as the default settings for the user account.
The drop-down list contains all of the available Protection Center user accounts. When
you select the account that you want, the appropriate permissions are checked. You
can modify them to suit the requirements of the new user.
You cannot use this feature to select and merge the permissions from two or more user
accounts. Each time you repeat this process and select a user account, the selected
account settings overwrite the existing settings.

Protection Center uses permission-based security to control user access to
Protection Center features and functionality. You can assign to each user account
the permissions that the user requires to access the appropriate Protection Center
features.
For example, the main Protection Center administrator requires full access to all
Protection Center features and therefore has all available permissions. However,
most Protection Center users primarily work with supported products. These
users do not need access to advanced Protection Center features such as creating
new Protection Center user accounts or configuring the Protection Center
appliance. These users would have a reduced set of permissions that provide
access only to the features that they need to perform their work. You can specify
the access level for managing the Protection Center features for each user.
The following permissions should be provided only to trusted administrators:
■ User Management
This permission allows the administrator to configure single sign-on user
mappings. A user with this permission is able to access or give access to all
enabled products, including administrative level access.
■ Supported Products
This permission lets a user enable and disable supported products. Modifying
the product connections affects the work of other Protection Center users.

Table 5-9 Protection Center user account permissions
Permission Description
Supported Products Lets you add supported products to Protection Center. You can enable and disable
supported products as necessary.
User Management Lets you configure Protection Center user accounts to give each user access to the
appropriate Protection Center features and functionality.
Software Update Lets you view the software updates that have been downloaded and are available for
installation on Protection Center. You can select the updates that you want to install.
Settings Lets you enable or disable all of the Settings options. If this option is selected, the View
and Manage permissions for all of the Settings options are selected. If this option is
cleared, all permissions for all of the Settings options are removed.
Active Directory and Lets you specify the Microsoft Active Directory or LDAP server that Protection Center
LDAP uses to authenticate user accounts.
on page 46.
Backup Lets you configure Protection Center backups. Protection Center uses Symantec Backup
Exec System Recovery to create regular backups.
Certificates Lets you manage the SSL certificate that is used to secure the Protection Center interface.
You can replace the default self-signed certificate with a new certificate. You can also
save the existing certificate to a backup file and restore it when necessary.
See “About managing Protection Center Web interface security certificates” on page 91.
Community Statistics Lets you specify whether Protection Center collects community statistics data and
sends it to Symantec for diagnostics purposes.

Table 5-9 Protection Center user account permissions (continued)
Date and Time Lets you set the date and time of the Protection Center appliance.
See “Date and time settings” on page 83.
Email Lets you configure the Protection Center email settings. Protection Center uses emails
to alert the administrator about the items that might require attention.
LiveUpdate Lets you choose whether to use the Symantec LiveUpdate server or a local LiveUpdate
server for Protection Center software updates. If you use a local LiveUpdate server,
you can specify the appropriate server details.
See “Specifying the LiveUpdate server to use” on page 66.
Message Logging Lets you choose the logging level that Protection Center uses: normal logging or verbose
logging.
See “Message logging settings” on page 85.
Network Lets you configure the network settings for Protection Center.
See “Network configuration settings” on page 85.
Password Change Lets you change your password at any time.
This feature applies only to locally authenticated accounts. Accounts that use Active
Directory or LDAP authentication cannot be modified within Protection Center.
Product Discovery Lets you discover the Protection Center supported products that are installed on your
network.
Proxy Lets you configure an HTTP proxy server for Protection Center. A proxy server helps
to increase the security of Protection Center.
Purge Lets you control the purging of old data from the Protection Center database. You can
set the number of days that data is retained in the database.
See “Purge settings” on page 87.
Security Audit Logs Lets you view the Security Audit Logs report. This report contains a record of the
security events and sensitive changes that have been made in Protection Center.

Supported product access permission settings
Table 5-9 Protection Center user account permissions (continued)
Shutdown Lets you shut down or restart Protection Center.
See “Shutting down or restarting Protection Center” on page 28.
Support Diagnostics Lets you gather diagnostics information and send it to Symantec for support purposes.
Workflow Lets you configure workflows to use with Protection Center.
See “Configuring administration settings for a workflow” on page 145.
See “Workflows available in Protection Center” on page 150.
System Logs Lets you view the System Logs report.
Supported product access permission settings

You need to specify the enabled products that the Protection Center user account
can access through Protection Center. For each enabled product that the account
can access, you need to specify a product user account to map to the Protection
Center user account. The product user account defines the single sign-on target
user in the integrated product. When the Protection Center user uses single sign-on
to access the integrated product, the user is logged in to the product using the
specified account.
Table 5-10 Supported product access permission settings
Item Description
Integrated Product Specifies the product instance to which you want the Protection Center user account
to have access.
Deleting a Protection Center user account
Table 5-10 Supported product access permission settings (continued)
Item Description
Linked user name Specifies the product user account that you want to link to the Protection Center user
account.
Each product user account can map to only one Protection Center user account.
Protection Center enforces this 1:1 user account mapping for security auditing purposes.
A warning is displayed if you attempt to map a product user account to multiple
Protection Center user accounts.
Note: Mapping multiple Protection Center user accounts to a single product user
account (and vice versa) was permitted in Protection Center 2.0. When you upgrade to
Protection Center 2.1, all instances of multiple mapping are cleared and a notification
is displayed in the Protection Center dashboard. You need to edit each affected Protection
Center user account to map it to the appropriate product user account.
Remove Lets you add or remove a linked product.

The appropriate option is displayed:
■ Add
Adds the specified product host and linked user account to the Protection Center
user account.
■ Remove
Removes the product host and linked user account from the Protection Center user
account.
Deleting a Protection Center user account

You can delete a Protection Center user account when the account is no longer
needed. The only account that cannot be deleted is the SPC_Admin account.
Deleting a Protection Center account has no effect on a corresponding Active
Directory or LDAP account. It does not affect the mapped user accounts on
integrated products.
To delete a Protection Center user account
1 In Protection Center, on the Admin menu, click User Management.
2 On the user management page, select the account that you want to delete,
and then click Delete.
3 In the Delete User Account dialog box, click Delete User.
The user account is removed from the user management page.
Chapter 6
software updates
■ About Protection Center software updates
■ Managing Protection Center software updates
■ Specifying the LiveUpdate server to use
■ LiveUpdate settings
About Protection Center software updates

Protection Center uses LiveUpdate to keep its software components up to date.
Protection Center also uses LiveUpdate to update the information that Protection
Center needs to work with supported products.
If you do not want Protection Center to access the Internet, either directly or
through the proxy server, you can manually download and install updates.
See “Updating the Protection Center software manually” on page 103.
The types of updates that can be available include the following:
■ Updates to the critical Microsoft product components of Protection Center,
such as Microsoft Windows Server, Internet Information Services (IIS), and
SQL Server.
Protection Center must be configured to use the local Windows Update Server
to download Windows updates. You can configure the local Windows Update
Server through the control panel.
See “Activating the Windows operating system” on page 106.
64 Managing Protection Center software updates
Managing Protection Center software updates
■ Updates and fixes to Protection Center software, reports, documentation, and

other components.
■ New and updated configuration information for supported products.
See “Managing Protection Center software updates” on page 64.
Symantec recommends that you update Protection Center at least once a day to
keep Protection Center secure from defects and vulnerabilities.
You may need to modify your Protection Center installation to suit the
requirements of your organization. For more information, see the Symantec
Note: Updates for supported products are installed on Protection Center

automatically as soon as they are downloaded. You cannot delay or schedule their
installation.

Protection Center downloads new updates from the LiveUpdate server at regular
intervals. You can override the default schedule and check for new updates at any
time. The software update management page displays summary details of the
Protection Center software updates that are available for installation. You can
choose the updates that you want to install on Protection Center. You can also
view the software updates that are already installed on Protection Center.
When you choose a software update for installation, Protection Center
automatically selects all of the relevant prerequisite updates. These prerequisite
updates are installed in the appropriate order before the chosen software update
is installed.
Note: Protection Center performs a backup before the software update installation
starts. This process might interrupt the activities of Protection Center users. The
administrator that starts the installation process sees a dialog box that displays
the current status of the installation, but the other users see nothing. If you want
to alert other Protection Center users to a software update, you need to notify
them manually.
Managing Protection Center software updates 65
To view details of the Protection Center software updates

1 In Protection Center, on the Admin menu, click Software Update.
2 On the software update management page, click one of the following:
Available Updates Displays the details of the software updates that have
been downloaded from the LiveUpdate server and are
available for installation on Protection Center.
Installed Updates Displays the details of the software updates that have
been installed on Protection Center.
3 (Optional) To see more information about a particular software update, in

the Description column, click More.
The description expands to display all of the available information for the
software update.
To check for updates immediately
2 On the software update management page, on the Available Updates tab,
click Check For Updates Now.
Protection Center checks the LiveUpdate server and downloads any new
updates immediately. The Manual Update Status dialog box shows the current
status of the process.
To install Protection Center software updates
2 On the software update management page, on the Available Updates tab,
click the updates that you want to install.
3 Click Install Updates.
4 In the Install Updates dialog box, check that the correct software updates
are listed and then click Install Updates to confirm the installation.
The Backup Protection Center dialog box shows the current status of the
backup process. When the backup is complete, the software updates are
installed. The View Update Installation Status dialog box shows the status
of the software update installation.
When the installation is complete, the View Update Installation Status dialog
box closes. The installed updates are removed from the Available Updates
tab and shown in the Installed Updates tab.
Specifying the LiveUpdate server to use
Specifying the LiveUpdate server to use

Protection Center lets you specify the LiveUpdate server to use for Protection
Center software updates. You can choose to use the Symantec LiveUpdate server
or a local LiveUpdate server. The Symantec LiveUpdate server is preconfigured
and you do not need to perform any further configuration. If you have any
LiveUpdate servers set up locally inside your organization's firewall, you can let
Protection Center use one of them. See your system administrator for information
about any local LiveUpdate servers that are available.
The port that LiveUpdate uses for downloading updates depends on the transport
protocol. For HTTP, use port 80. For HTTPS, use port 443. For FTP, use port 21.
You need to make sure that the appropriate port is available.
Note: This feature supports the use of an HTTP proxy server to access the updates.
An FTP proxy server is not supported.

Protection Center checks the LiveUpdate server at midnight each night. You
cannot change this time or frequency. If an update is found, Protection Center
automatically downloads the update. Protection Center then sends a notification
to the newsfeed to inform you that an update is available for installation. You can
then install the update.
To specify the LiveUpdate server to use
1 In Protection Center, on the Admin > Settings menu, click LiveUpdate.
2 On the LiveUpdate settings page, specify how Protection Center accesses
LiveUpdate.
See “LiveUpdate settings” on page 66.
LiveUpdate settings
Protection Center lets you specify the LiveUpdate server to use. You can choose
whether to use the Symantec LiveUpdate server or a local LiveUpdate server for
Protection Center software updates. If you use a local LiveUpdate server, you can
specify the appropriate server details. If you do not want Protection Center to
Managing Protection Center software updates 67
LiveUpdate settings
access the Internet, either directly or through the proxy server, you can disable
the LiveUpdate feature. You can manually download the software updates that
you need and install the updates through the Protection Center control panel.
Table 6-1 LiveUpdate settings
Item Description
Directly from Specifies that Protection Center downloads the appropriate software updates directly from
Symantec the Symantec LiveUpdate server.
You do not need to perform any further configuration.
Using a LiveUpdate Specifies that Protection Center uses a LiveUpdate server running locally within your
Admin Server firewall. Protection Center downloads the appropriate software updates from the specified
server instead of using the Symantec LiveUpdate server.
You need to specify the local LiveUpdate server to use as follows:
■ Host - the server name, including the Fully Qualified Domain Name. Alternatively you
can use the IP address of the LiveUpdate server host.
■ Path - the network path to the host server.
■ Protocol - the transport protocol that Protection Center uses for downloading software
updates from the host server.
The available options are: HTTP, HTTPS, and FTP.
■ Port - the port to use on the host server.
The port number depends on the transport protocol that you use. For HTTP, use port
80. For HTTPS, use port 443. For FTP, use port 21.
■ User name - the user name of an administrator account on the host server.
■ Password - the password for the administrator account on the host.
The Test LiveUpdate Settings button lets you verify the settings that you have specified.
Do not use LiveUpdate Specifies that Protection Center does not access any LiveUpdate server.
You need to manually download the software updates that you require. You can install
software updates manually through the Protection Center control panel.

LiveUpdate settings
Chapter 7
Backing up and recovering
Protection Center
■ About Protection Center backup and recovery
■ Scheduling automatic backups
■ Running a backup on demand
■ Backup settings
■ Restoring Protection Center
■ Creating the Symantec Recovery Disk
■ Testing the Symantec Recovery Disk
About Protection Center backup and recovery

Protection Center includes Symantec Backup Exec System Recovery for data and
system backup and recovery. You can configure a backup schedule to automatically
create full backups and incremental backups of the Protection Center hard drive.
A full backup is an image of the entire Protection Center appliance. The image
includes the operating system and its programs and all of the data in the Protection
Center database. An incremental backup contains only the data and the files that
are new or have been changed since the last backup. An incremental backup takes
up much less space than a full backup because it does not copy the entire hard
drive each time.
See “Scheduling automatic backups” on page 71.
See “Running a backup on demand” on page 71.
70 Backing up and recovering Protection Center
About Protection Center backup and recovery
See “Backup settings” on page 72.
Note: The Protection Center backup does not include the Web interface security
certificate and private key. You should create a backup of the certificate as part
of your regular backup process.
See “Exporting a copy of the Protection Center Web interface security certificate”
on page 93.
The first backup that is scheduled each week is a full backup; any other backups
that are scheduled for the same week are incremental backups. Protection Center
maintains backup files for the current week and for a specified number of previous
weeks. The backup purge settings let you specify how many weekly sets of backup
files to preserve. Any backups that are older than the specified number of weeks
are deleted.
If a problem occurs within Protection Center, such as a corrupt file, you can restore
the backup image to the existing Protection Center appliance. If the Protection
Center hard drive fails, you can replace that hard drive and restore the backup
image to the new drive. When you restore Protection Center from your backups,
the full backup image is installed first. The incremental backup files are then
processed one after another in the order that they were created. If the most recent
backup is a full image, then there are no incremental backup files to restore.
See “Restoring Protection Center” on page 74.
To restore Protection Center, you need a Symantec Recovery Disk. This disk is a
CD/DVD that you use to start the appliance and recover the Protection Center
hard drive from the backups that you made. The Symantec Recovery Disk is not
supplied with Protection Center: you need to create the Symantec Recovery Disk
yourself. You can download the ISO image from Symantec FileConnect and burn
it onto a blank CD/DVD. The Symantec FileConnect page is located at the following
URL:
https://fileconnect.symantec.com
To ensure that the recovery disk is available when you need it, you should create
the recovery disk when you configure backups.
See “Creating the Symantec Recovery Disk” on page 77.
See “Testing the Symantec Recovery Disk” on page 77.
Backing up and recovering Protection Center 71
Scheduling automatic backups
Scheduling automatic backups

You can configure a backup schedule to create weekly full backups and daily
incremental backups of the Protection Center hard drive automatically. The weekly
schedule starts on Sunday. The first backup that appears in the weekly schedule
is the weekly full backup. All other backups that are specified in the weekly
schedule are incremental backups. The only exception occurs when you configure
the backup schedule for the first time: the first backup is always a full backup,
regardless of which day it is made.
Protection Center creates backups in the background. When a backup is running,
a progress bar is shown in the backup settings page, but no notifications are sent
to inform you of the status of backup events. However, a notification is displayed
on the newsfeed if a backup fails. For example, if the specified backup location
does not have enough disk space available to store the backup, the backup fails
and a message is displayed.
To manage full and incremental backups, you need to know the volume of incoming
data and the rate at which the data changes. If Protection Center normally stores
a large amount of data each day, then you should configure a daily incremental
backup. If Protection Center does not store or change large amounts of data each
day, you can run the incremental backup once or twice per week.
Each incremental backup depends on the preceding incremental backup to
function. That means that if one incremental backup fails, none of the incremental
backups that are created later can be restored. Therefore you should take
immediate action if you receive a notification of a backup failure.
You can also override the backup schedule and run a backup of the Protection
Center hard drive immediately.
To schedule automatic backups
1 In Protection Center, on the Admin > Settings menu, click Backup.
2 On the backup settings page, specify the appropriate settings.
Running a backup on demand

You can override the backup schedule and run a backup of the Protection Center
hard drive immediately. You might want to create a backup immediately before
Backup settings
you apply software updates to Protection Center, in case you need to roll back the
changes. This backup is an incremental backup that is in addition to the backup
schedule. It does not affect the scheduled backup process. For purging purposes,
this incremental backup is treated as part of the weekly backup set. A backup set
is a set of one full backup and the incremental backups that were taken in the
same week.
To run a backup on demand
1 In Protection Center, on the Admin > Settings menu, click Backup.
2 On the backup settings page, specify the appropriate file location settings
and password settings.
3 Click Run Backup Now.
Backup settings
You can configure settings for backup file location, password-protected backups,
incremental backup schedules, and backup file purging. You can also override the
backup schedule and run a backup of the Protection Center hard drive immediately.
See “Scheduling automatic backups” on page 71.
Backup settings
Table 7-1 Backup settings
Item Description
Backup File Location Specifies the backup file location and access credentials.
Settings You need to specify the following:
■ Location
The location to store your Protection Center backup files.
Specify the full path to the location where the backup files are to be stored. You must
store backup files in a shared network folder. Specify the path name in the following
format: \\server\share.
■ Provide credentials
When this option is checked, it specifies that the network share location requires
authentication.
■ User name
The user name of the account that you want to use for logging in to the backup network
share location.
Specify the user name together with the domain name or the workgroup name. Separate
the two names with a backslash.
■ Password
The password of the account that you want to use for logging in to the network share
location.
Backup File Password Specifies the password that must be supplied to restore Protection Center from the backup
Settings files. To ensure security, all backup files must be password-protected.
You need to specify the following:
■ Password
■ Confirm password
Restoring Protection Center
Table 7-1 Backup settings (continued)
Item Description
Backup Schedule Specifies the backup schedule. To help prevent excessive load on the Protection Center
Settings appliance, Symantec recommends that you run the backup process outside normal working
hours.
You can specify the following:
■ Time of day
The time of day when the backup process starts on the specified days. The time is server
time and is specified using a 24-hour clock.
■ Days of week
The days of the week on which incremental backups are created.
You can specify the particular days of the week to run the backup process. For example,
you might select all of the weekdays but skip the weekend when the data changes are
minimal.
The first backup that is made on the schedule is a full backup image. A full backup is
made each week on the same day and the same time. All of the other backups in the
schedule are incremental backups.
BackupPurgeSettings Specifies the number of weekly backup file sets to preserve.

You can specify the following:
■ Number of weekly backup sets to keep

When the specified number is exceeded, Protection Center purges the oldest backup
set. The default value is 3.
Run Backup Now Runs a backup of the Protection Center hard drive immediately. This backup is an
incremental backup that is in addition to the backup schedule. It does not affect the
scheduled backup process. For purging purposes, this incremental backup is treated as part
of the weekly backup set. A backup set is a set of one full backup and a number of incremental
backups.

To restore Protection Center from a backup file, you need to use the Symantec
Recovery Disk. The Symantec Recovery Disk uses its own operating system and
includes all of the software that you need to recover Protection Center. The
Symantec Recovery Disk only needs access to the hard drive or network location
that contains your backup files. When you choose to restore a backup, the
Symantec Recovery Disk installs the appropriate image onto the Protection Center
hard drive. The recovered data includes the Protection Center appliance operating
system, its programs, and all of the data in the Protection Center database.

The Symantec Recovery Disk is not supplied with Protection Center: you need to
create the Symantec Recovery Disk yourself. You can download the ISO image
from Symantec FileConnect and burn it onto a blank CD/DVD. The Symantec
FileConnect page is located at the following URL:
To ensure that the recovery disk is available when you need it, you should create
the recovery disk when you configure backups.
When you want to restore Protection Center, ensure that you have administrative
access to the appropriate backup files because all backup files are
password-protected. The backup files must be stored on a shared network drive.
When you restore Protection Center, you would normally restore the full system.
This option uses the system index file and restores the most recent backup.
However, if you consider the most recent backup unsuitable, you can choose to
restore from an earlier backup file.
When you choose the backup file to use, note the following:
■ V2i files are full backups.
■ iv2i files are incremental backups.
■ You can use the timestamps on the full backup files and incremental backup
files to identify the appropriate backup.
■ When you restore from an incremental backup (an iv2i file), all of the required
earlier backup files are also restored.
To restore Protection Center
1 Make sure that the boot device sequence on the Protection Center appliance
boots to the CD/DVD first.
2 Make sure that no external USB or eSATA devices are connected to the
appliance.
3 Boot the Protection Center appliance from the Symantec Recovery Disk by
inserting the disk into your appliance before you power it up.
4 In the Select Language dialog box, select the language that you want to use,
and then click OK.
5 Read the license agreement, and then click Accept.
6 When you are prompted to start network services, click Yes.
7 On the Recover tab, click Recover My Computer.
8 In the welcome page of the Recover My Computer Wizard, read the

information and click Next.
9 In the Select a Recovery Point to Restore dialog box, click Map a Network
Drive.
10 In the Map Network Drive dialog box, specify the drive and folder that you
want to use, and then click OK.
To restore the most recent In the View recovery points by drop-down list, select
backup System.
Browse to your backup location and select the .sv2i file

located there.
To restore an earlier backup In the View recovery points by drop-down list, select
Filename.
Browse to your backup location and select the recovery

point that you want to use.
12 When you are prompted for the backup file password, enter the password
and click OK.
13 Click Next.
14 (Optional) In the Initialize Disk Partition Structures dialog box, select the
appropriate disk and then click OK.
This step always occurs on fresh systems and occasionally on wiped systems.
15 In the Drives to Recover dialog box, uncheck Verify recovery point before
restore.
16 Select the drive that you want to restore.
17 Click Edit and then in the Edit Target Drive and Options dialog box, check
Restore Master Boot Record.
18 Click OK and then click Next.
19 In the Completing the recover My Computer Wizard dialog, uncheck Reboot
when finished.
20 Verify that all the settings are correct and then click Finish to start the
recovery.
The recovery progress bar displays the completion percentage of the recovery
process and the time remaining until completion.
Creating the Symantec Recovery Disk
21 When the recovery process is complete, click Close in the dialog box.
The last message in the final dialog box informs you that upon exiting the
application, the appliance must be restarted.
22 Click Yes.
Creating the Symantec Recovery Disk

You need to use the Symantec Recovery Disk to boot the Protection Center
appliance when you want to restore a backup of Protection Center. The Symantec
Recovery Disk is not supplied with Protection Center: you need to create the
Symantec Recovery Disk yourself. You can download the ISO image from Symantec
FileConnect and burn it onto a blank CD/DVD.
To create the Symantec Recovery Disk
1 From a computer that has Internet access, a CD/DVD burner, and CD/DVD
burning software, access Symantec FileConnect:
2 Log in to FileConnect using the serial number of any product that supports
Protection Center.
3 In the list of available downloads for the product, select and download the
Symantec_Protection_Center_2.1_Recovery_Disk_ML.zip archive.
This archive contains the Symantec Recovery Disk ISO.
4 Use CD/DVD burning software to burn the Symantec Recovery Disk ISO onto
a blank CD/DVD.
5 Test the Symantec Recovery Disk CD/DVD.
See “Testing the Symantec Recovery Disk” on page 77.
6 After booting the appliance, verify that the network drivers work correctly
and that you can access the location where the backup files are stored.
Testing the Symantec Recovery Disk

After you have created your Symantec Recovery Disk CD/DVD, you should test it
to ensure that the recovery environment runs properly on your host.
Testing the Symantec Recovery Disk
Testing the Symantec Recovery Disk lets you identify and solve the following
types of problems:
■ You cannot start the Symantec Recovery Disk.
■ You do not have the necessary storage drivers to access the backup files that
you need.
■ You need information about your system to help you run the Symantec
Recovery Disk.
You can access help for the Symantec Recovery Disk by clicking the Help link at
the bottom left corner of the home page.
To test the Symantec Recovery Disk
1 Start the Protection Center computer using the Symantec Recovery Disk.
2 Run a mock restore of a backup file that is stored on a shared network drive
to test the connection.
Protection Center does not support storing backup files on local drives or on
CD/DVD.
3 Remove the Symantec Recovery Disk.
Chapter 8
Configuring Protection
Center settings
■ Protection Center configuration settings
■ Accessing the Protection Center configuration settings
■ Community statistics settings
■ Date and time settings
■ Email settings
■ Message logging settings
■ Network configuration settings
■ Proxy server settings
■ Purge settings
Protection Center configuration settings

Protection Center configuration settings let you configure Protection Center to
work properly in your environment and meet the needs of your organization.
All of the Protection Center configuration settings are available through the
Admin > Settings menu. The procedure for accessing and specifying the
configuration settings is similar for all of the menu options.
See “Accessing the Protection Center configuration settings” on page 82.
You can also access some configuration settings directly from the Protection
Center initial setup dialog box. The initial settings dialog box is displayed when
80 Configuring Protection Center settings
you first log in to Protection Center with the predefined Protection Center
administrator (SPC_Admin) account. The initial settings dialog box provides
information on the initial setup tasks that you need to perform to get Protection
Center ready for use.
Most of the Protection Center configuration functionality is intended for the
administrator only. However, the administrator can give a user read-only or
management access to particular Settings menu options by setting the appropriate
permissions in the user account.
The following table describes the Protection Center configuration settings.
Table 8-1 Protection Center configuration settings
Item Description
Active Directory and Lets you specify the Microsoft Active Directory or LDAP server that Protection Center
LDAP uses to authenticate user accounts.
on page 46.
Backup Lets you configure Protection Center backups. Protection Center uses Symantec Backup
Exec System Recovery to create regular backups.
Certificates Lets you manage the HTTPS certificate that is used to secure the Protection Center
interface. You can replace the default self-signed certificate with a new certificate. You
can also save the existing certificate to a backup file and restore it when necessary.
See “About managing Protection Center Web interface security certificates” on page 91.
Community Statistics Lets you enable the collection and sending of diagnostics and anonymous usage data
to the Symantec Global Intelligence Network. This data helps Symantec to identify
emerging threats and trending on a global scale.
Date and Time Lets you set the date and time of Protection Center.
See “Date and time settings” on page 83.
Email Lets you set the email address Protection Center uses to send messages to alert the
administrator about the items that might require attention. Email is also used to
distribute reports.

Configuring Protection Center settings 81
Table 8-1 Protection Center configuration settings (continued)
Item Description
LiveUpdate Lets you choose whether to use the Symantec LiveUpdate server or a local LiveUpdate
server for Protection Center software updates. If you use a local LiveUpdate server,
you can specify the appropriate server details.
Message Logging Lets you choose the logging level that Protection Center uses: normal logging or verbose
logging.
Network Lets you change the IPv4 or IPv6 address of Protection Center.
Password Change Lets you change your password at any time.
Product Discovery Lets you discover the Protection Center supported products that are installed on your
network.
Proxy Lets you configure an HTTP proxy server for Protection Center. A proxy server helps
to increase the security of Protection Center.
Purge Lets you control the purging of old data from the Protection Center database. You can
set the number of days that data is retained in the database.
Security Audit Logs Lets you view the Security Audit Logs report. This report contains a record of the
security events and sensitive changes that have been made in Protection Center.
Shutdown Lets you shut down or restart Protection Center.
See “Shutting down or restarting Protection Center” on page 28.
Support Diagnostics Lets you gather diagnostics information and send it to Symantec for support purposes.

Accessing the Protection Center configuration settings
Table 8-1 Protection Center configuration settings (continued)
Item Description
Workflow Lets you configure workflows to use with Protection Center.
Accessing the Protection Center configuration

settings
Protection Center configuration settings let you configure Protection Center to
work properly in your environment.
To access the Protection Center configuration settings
1 In Protection Center, on the Admin > Settings menu, click the appropriate
setting option from the list.
2 In the corresponding configuration page, specify the appropriate information.
Community statistics settings

You can enable the collection and sending of diagnostics data and anonymous
usage data to Symantec. This data, such as system statistics and crash information,
lets Symantec track Protection Center stability and can help Symantec to improve
the product.
The use of this feature is optional. However, you are encouraged to use this feature
to help Symantec provide improved product quality and enhanced support. Data
collection is enabled by default and is scheduled to be sent to Symantec once a
day at random times. If you disable the data collection, the diagnostics data is no
longer collected and sent to Symantec. Any previous statistics that were collected
are purged.
Date and time settings
Table 8-2 Community statistics settings
Item Description
Enable community Specifies that the community statistics data is collected and sent to Symantec. This setting
statistics is enabled by default. You are encouraged to keep this feature enabled so that Symantec
can use the data to provide improved product quality and enhanced support.
Company name Specifies the name of your organization.
Date and time settings

You can set the Protection Center appliance date and time.
Table 8-3 Date and time settings
Item Description
Appliance time zone Lets you set the time zone where Protection Center is located. The time zone is detected
automatically, but you can change it if necessary.
Appliance date and Lets you set the current Protection Center date and time.
time
Email settings
You can specify the mail server that Protection Center uses to send email messages.
Protection Center can send messages to users, such as a notification when their
new user accounts are created. You can also specify the administrator email
addresses to which Protection Center sends messages. The email address can be
any valid SMTP address that your SMTP server recognizes.
The SMTP server that you use must accept SSL connections. To ensure mail
security, Protection Center encrypts all messages.
Protection Center sends an email message when an urgent issue arises that might
need attention. These email messages are related to the functioning of Protection
Center.
Email settings
When you supply an email address and valid SMTP server information, you can
receive the email messages that contain the following information:
■ Notices of reports successfully distributed
■ Automatic actions executed
■ System checks
■ Notifications from supported products
■ Notices of issues with Protection Center
These email messages help you monitor and manage Protection Center activities.
Table 8-4 SMTP server settings
Item Description
Server Lets you specify the host name or IP address of the SMTP server that Protection
Center uses to send email messages.
Protection Center uses this server to send email messages to alert the administrator
of any urgent issues and to distribute regularly scheduled reports.
Port Lets you set the port that is used to access the SMTP server.
User name Lets you enter the user name of an account that has the right to access the SMTP
server.
Password Lets you enter the password for the user account.
Table 8-5 Administrator email settings
Item Description
From address Lets you set the email address that is shown as the email sender in all email messages
that Protection Center sends.
From name Lets you set the email sender name. This name is shown as the email sender (From:)
name in all email messages that Protection Center sends.
This name should correspond to the email address that you specified.
To address Lets you set the email address to which Protection Center sends administrative email
messages.
This address is not the email address to which regularly scheduled reports are sent.
The email addresses for reports are specified with each report.
See “Report distribution settings” on page 137.
Send availability alerts Lets you enable the sending of generated system notifications to the administrator.
Message logging settings
Table 8-5 Administrator email settings (continued)
Item Description
Send Test Email Lets you test the mail server and address settings by sending an email message using
the current settings.
Message logging settings

Protection Center maintains a message log. You can control the level of message
logging that Protection Center performs: normal logging or verbose logging.
Symantec recommends that you choose the normal logging option for everyday
logging. You can switch to the verbose logging option to help troubleshoot a
technical problem. After the problem is solved, change back to the normal logging
option.
You can view the system log files through the System Logs report. To have access
to the System Logs report, your user account requires the System Logs permission.
By default the log files are stored for 30 days. However, you can change the
retention period in accordance with the volume of your data and your particular
retention needs through the data purging settings.
Table 8-6 Message logging settings
Item Description
Normal Logs only the error, warning, and informational messages.
Verbose Logs the error, warning, and informational messages along

with the additional messages that can be used for debugging
purposes.
Network configuration settings

You can configure the network settings that Protection Center uses. You can
configure an IPv4 address and an IPv6 address, and you can configure DNS settings
for both. Protection Center must have an IPv4 address configured. The IPv6
Proxy server settings
address is optional. You must configure a static IP address. Protection Center does
not support dynamic IP addresses.
You can configure the network settings through the Protection Center interface
or through the Protection Center control panel.
See “Protection Center control panel options” on page 101.
See “Specifying network settings” on page 105.
Table 8-7 IP address settings
Item Description
Appliance IP address Specifies the IP address of the Protection Center appliance.
Subnet mask (IPv4 addresses only) Specifies the subnet mask.
Subnet prefix length (IPv6 addresses only) Specifies the length of the subnet prefix.
Default gateway Specifies the default gateway.
Table 8-8 DNS settings
Item Description
Primary server Specifies the primary DNS server address.
Alternate server Specifies the secondary DNS server address.
Proxy server settings

You can specify an HTTP proxy server for Protection Center to use. Using a proxy
server can increase the security of Protection Center because the proxy server
prevents direct access to Protection Center. For example, if you have Protection
Center inside your organization's firewall, setting up a proxy server provides a
safe way through the firewall without exposing Protection Center. Using a proxy
server helps Protection Center more safely obtain patches or download updates
from external Web sites.
Protection Center is configured by default not to use a proxy server. Whether you
use a proxy server depends on how your network environment is configured.
Purge settings
Table 8-9 HTTP proxy server settings
Item Description
Do not use an HTTP proxy server Specifies that Protection Center does not use a proxy server for HTTP
connections.
Use the specified HTTP proxy server Specifies that Protection Center uses an HTTP proxy server.
settings
HTTP proxy server Specifies the host name or IP address of the HTTP proxy server that you
want Protection Center to use.
Proxy server port Specifies the port that is used to access the HTTP proxy server.
HTTP proxy server user name Specifies the user name of an account that has the right to access the HTTP
proxy server.
This setting is optional. It needs to be supplied only if the proxy server

requires credentials.
HTTP proxy server password Specifies the password of the user account that has the right to access the
HTTP proxy server.
This setting is optional. It needs to be supplied only if the proxy server

requires credentials.
Test HTTP Settings Tests the HTTP proxy server settings. Protection Center uses the specified
settings in an attempt to connect to an external Web site.
You need to save the configuration settings before you can test the HTTP
proxy settings.
If an error message appears when you test the settings, ensure that your
authentication credentials are correct and that your proxy server is running.
You should also ensure that there are no general network errors.
Purge settings
You can control how long Protection Center data is kept before it is removed from
the Protection Center database. The Purge settings page lets you configure the
number of days for storing data. The purge operation does not affect the data that
is stored in the integrated products' database.
The Purge settings page also lets you manage the retention period for keeping
asset data in the Protection Center database. An asset is an endpoint that one or
more of the integrated security products currently monitor. Integrated products
send asset data to Protection Center along with other data. If an integrated product
Purge settings
does not report an asset for the specified number of days, the asset data is marked
as purged. The default retention period for keeping asset data in the database is
45 days.
When two thirds of the configured asset data retention period expires, the assets
are shown in the Endpoint List report under the Pending Removal filter.
The assets that are marked as purged are kept for an additional period equal to
the retention period. After twice the asset purge period, if the asset is not reported,
the asset is deleted from the Protection Center database. However, if during that
period an integrated product reports data about the asset, the asset is restored.
The purge feature deletes the following data:
■ Event summary data that Protection Center generates based on the processing
of incoming events
■ Event data that is stored in archives
■ Diagnostics core dumps
■ Log data
■ Asset data
Protection Center displays the total disk space for the following types of data:
notifications, raw events, summary data, asset data, support files, and other data.
This information helps you understand the amount of disk space that Protection
Center uses.
Table 8-10 Data purging settings
Item Description
Daily data purge time Lets you set the time of day when the purging process starts.
Symantec recommends that you set the purging process to run at off-peak times.
Purging data at off-peak times helps prevent excessive load on Protection Center
during peak times.
Days to keep data Lets you set the maximum time that data is stored in the Protection Center database.
The default value is 45 days.

Purge settings
Table 8-10 Data purging settings (continued)
Item Description
Days to keep assets after the Lets you set the maximum time that asset data is stored after the last time that the
last connection asset was connected to the network. If an integrated product does not report an asset
for the specified number of days, the asset data is marked as purged.
Asset data that is marked as purged is kept for an additional period equal to the
retention period. If during this period an integrated product reports data about the
asset, the asset is restored.
The default value is 45 days.
Purge Now Runs the purging process immediately.
All data that is older than the current Days to keep data setting is removed from the
database.
Asset data for the assets that an integrated product has not reported for more that
the current Days to keep assets after the last connection time is marked as purged.
All asset data that has been marked as purged for more than the current Days to
keep assets after the last connection time is deleted from the Protection Center
database.
If the values of Days to keep data and Days to keep assets after the last connection
have not been saved, Protection Center uses the last saved values in the purging
process. Be sure to click Save Changes before you click Purge now.
Purge settings
Chapter 9
Web interface security
certificates
■ About managing Protection Center Web interface security certificates
■ Protection Center Web interface security certificate settings
■ Exporting a copy of the Protection Center Web interface security certificate
■ Creating a certificate signing request (CSR)
■ Importing a certificate into Protection Center
■ Creating and applying a self-signed certificate
About managing Protection Center Web interface

security certificates
Protection Center uses SSL to secure the Protection Center Web interface.
Protection Center provides features that let you manage the Web interface security
certificate. You can replace the default self-signed certificate with a new certificate.
You can also save the existing certificate to a backup file and restore it when
necessary.
A self-signed HTTPS certificate is supplied with Protection Center. However, when
you access the Protection Center Web interface, your browser does not
automatically trust the self-signed certificate. The browser displays a warning
message saying that Protection Center has presented a certificate that was not
92 Managing Protection Center Web interface security certificates
Protection Center Web interface security certificate settings
issued by a trusted certificate authority. To improve the security of your system,

you can replace the default Protection Center self-signed certificate with another
certificate that your browser recognizes and trusts.
Note: This certificate applies only to the Protection Center Web interface. It is not
used for securing integrated products.
Protection Center lets you perform the following Web interface security certificate
management tasks:
■ Create a certificate signing request (CSR) to obtain a new certificate from a
certificate authority (CA).
■ Replace the default self-signed certificate with a new certificate issued by a
CA or by your organization’s public key infrastructure (PKI).
■ Create a new self-signed certificate and use that certificate in Protection Center.
You might want to create a new self-signed certificate if the existing self-signed
certificate has been compromised or if a certificate issued by a CA has expired.
Protection Center displays a warning message on the newsfeed in the Protection
Center dashboard if the current certificate is due to expire within 30 days.
■ Create a backup of the existing certificate by exporting a copy of it to an
external location.
You should back up the existing certificate as part of your regular backup
process. The Protection Center backup schedule backs up the database and
Protection Center settings, but does not include the HTTPS certificate.
■ Restore the certificate by importing it from a backup file.

To manage the Protection Center Web interface security certificate
1 In Protection Center, on the Admin > Settings menu, click Certificates.
2 On the Certificate Settings page, specify the appropriate settings.
See “Protection Center Web interface security certificate settings” on page 92.
Protection Center Web interface security certificate

settings
The Web interface security certificate management features let you manage the
HTTPS certificate that is used to secure the Protection Center interface. You can
replace the default self-signed certificate with a new certificate. You can also save
the existing certificate to a backup file and restore it when necessary.
Managing Protection Center Web interface security certificates 93
Exporting a copy of the Protection Center Web interface security certificate

on page 91.
Table 9-1 shows the options on the Certificate Settings page.
Table 9-1 Options on the Certificate Settings page
Item Description
Learn more about SSL This link opens a Web page that contains detailed information about SSL certificates:
certificates
http://www.verisign.com/ssl/index.html
Current Certificate This panel shows details of the Web interface security certificate that Protection Center
Details currently uses.
Export Certificate This option lets you export a copy of the current certificate and associated private key to
an external file. You can use this feature to create a backup of the certificate or to move
the certificate to another computer.
You should create a backup of the existing certificate as part of your regular backup process.
The Protection Center backup schedule backs up the database and Protection Center settings,
but does not include the HTTPS certificate.
See “Exporting a copy of the Protection Center Web interface security certificate” on page 93.
Import Certificate This option lets you load a certificate into Protection Center. You can import the certificate
file or copy and paste the certificate block.
See “Importing a certificate into Protection Center” on page 97.
Create Self-signed This option lets you create and apply a self-signed certificate for Protection Center to use.
Certificate
See “Creating and applying a self-signed certificate” on page 99.
Create CSR This option lets you create a certificate signing request (CSR), which you can use to obtain
a certificate from a certificate authority.
See “Creating a certificate signing request (CSR)” on page 95.
Exporting a copy of the Protection Center Web

interface security certificate
You can export a copy of the current Protection Center certificate and private key
to an external file. You can use this feature to create a backup of the certificate
or to move the certificate to another appliance.
on page 91.
Exporting a copy of the Protection Center Web interface security certificate
As part of the export process, you can specify a password to protect the certificate
and private key. Protection Center generates a PFX file that contains the certificate
and private key and displays it in a read-only text box. You can copy and paste
the content into a text file, or you can save the PFX file to a specified location.
To export a copy of the Protection Center Web interface security certificate
2 On the Certificate Settings page, click Export Certificate.
3 In the Export Certificate dialog box, specify an encryption password:
Password The password can be any character string. Protection

Center does not enforce any password complexity
requirements.
The use of a password is optional. If you do not want

to specify a password, leave this box empty.
Confirm The character string must match that specified in the

Password box.
4 Click Next.
Creating a certificate signing request (CSR)
5 On the Export Certificate page, do one of the following:
To copy the certificate block Select the certificate block text and copy it. You can
paste the copied text to the appropriate location.
For example, you can paste the certificate block into

the body of an email, rather than attaching the
certificate file to the email message.
To save the certificate to a Click Save Certificate File.

PFX file
If appropriate, in the Save As dialog box, specify the
appropriate folder and file name, and then click Save.
Note: The ability to specify the file name is true for
Internet Explorer only. If your browser is Mozilla
Firefox, you do not have the option to specify the file
name or location. The file is saved in the default
location with the default name. You can then rename
the file manually and move it to the appropriate
location.
If your browser is Internet Explorer 9.0, the browser

settings must be configured to allow the file to be saved
to your local disk. To configure the settings, open the
Internet Options dialog box. On the Advanced tab,
under Security, ensure that the Do not save encrypted
pages to disk setting is unchecked.
6 Click Close.

You can create a certificate signing request (CSR) that you can send to a CA as
part of a request for a certificate. When you receive the certificate, you need to
import the new certificate on the same Protection Center appliance as you used
to create the CSR. You cannot import the certificate into a different Protection
Center appliance.
on page 91.
The scenarios in which you might want to obtain a new CA certificate are as
follows:
■ The existing CA-issued certificate is about to expire, has been compromised,
or needs to be changed according to your organization’s security policy.
■ You want to replace the existing self-signed certificate with one that the
computers that access the Protection Center interface already trust.
To create a certificate signing request (CSR)
2 On the Certificate Settings page, click Create CSR.
3 In the Create CSR dialog box, specify the appropriate information.
You need to specify the information in the format that the CA requires. Consult
the CA for details on which fields must be specified and what values are
allowed.
Common Name The name that the computer uses to access Protection
Center. This name might not be the same as the
computer name. The format is as follows:
spc.example.com
This field is always required.
Contact Email For example, the email address of the current user, as
specified in the user account settings.
Organization Name The name of your company or organization.
Organization Unit The name of your department or business unit.
City/Locality The city or locality in which the Protection Center

appliance is located.
Province/State The province or state in which the Protection Center

Country The two-letter ISO 3166 code for the country. For
example, US, JP, or FR.
4 Click Next.
Importing a certificate into Protection Center
5 On the Create CSR dialog box, do one of the following:
To copy the certificate Select the text and copy it. You can paste the copied
signing request text into a text file or the body of an email message to
send to the CA.
To save the certificate Click Save CSR File.

signing request to an
In the Save As dialog box, specify the appropriate
external file
folder and file name, and then click Save.
Note: The ability to specify the file name is true for
Internet Explorer only. If your browser is Mozilla
Firefox, you do not have the option to specify the file
name or location. The file is saved in the default
location with the default name. You can then rename
the file manually and move it to the appropriate
location.
If your browser is Internet Explorer 9.0, the browser

settings must be configured to allow the file to be saved
to your local disk. To configure these settings, open
the Internet Options dialog box. On the Advanced tab,
under Security, ensure that the Do not save encrypted
pages to disk setting is unchecked.
6 Click Close.

When you have received a new certificate from the CA, you need to import it into
the Protection Center appliance. You can copy and paste the certificate block or
import the certificate file.
on page 91.
When you import a certificate into the Protection Center appliance, the new
certificate replaces the existing certificate. You should create a backup of the
existing certificate and private key before you import a new certificate. You create
the backup by exporting the existing certificate to an external file before you
import the new certificate.
You are automatically logged out of Protection Center when the new certificate
is applied. All other logged in users are not logged out automatically, but should
log out immediately. Each user needs to log in to Protection Center again to resume
working.
Note: This certificate applies only to the Protection Center Web interface and is
used for securing the Protection Center interface. Importing a new certificate into
Protection Center has no effect on the currently integrated products.
To import a certificate into Protection Center

2 On the Certificate Settings page, click Import Certificate.
An Alert dialog box warns you that you are logged out of Protection Center
automatically when the new certificate is applied.
3 In the Alert dialog box, click Continue.
4 In the Import Certificate dialog box, in the Import method box, select the
appropriate method:
Certificate Block In the Certificate box, paste the certificate block.

You can paste the certificate block in one of the following
formats:
■ CER file
This file contains only the issued certificate. The
certificate is valid only if the public key matches the
private key that was used to generate a CSR previously.
■ P7B file
This file is similar to a CER file but contains the entire
certificate chain.
■ PFX file
This file contains the certificate, private key, and possibly
the chain. The file may be password-protected. Unlike
CER and P7B files, the key does not need to be associated
with a private key that was used to generate a CSR
previously.
Certificate File In the File box, specify the file name or click Browse and
then select the appropriate file.
Creating and applying a self-signed certificate
5 If necessary, in the Password box, enter the appropriate password.

A password is required only if you import a password-protected PFX file. A
message warns you that you are logged out of Protection Center automatically
when the new certificate is applied.
6 Click Import Certificate.
The certificate is applied to Protection Center. You are logged out
automatically and redirected to the Protection Center login page.

You can create and apply a self-signed certificate for Protection Center to use.
Protection Center generates a self-signed certificate that uses an RSA 2048-bit
key with SHA1 as its hashing algorithm.
on page 91.
The scenarios in which you might want to create and apply a self-signed certificate
are as follows:
■ The existing CA-issued certificate is about to expire or must be changed due
to your organization’s security policy. You may have requested a new CA-issued
certificate but it is not yet available.
■ The existing CA-issued certificate has been compromised and you need to
replace it immediately.
■ The subject of the original self-signed certificate is set to the computer’s FQDN
but you need to access Protection Center using a DNS alias (CNAME).
When you create and apply a self-signed certificate to the Protection Center
appliance, the new certificate replaces the existing certificate. You should create
a backup of the existing certificate and private key before you import a new
certificate. You create the backup by exporting the existing certificate to an
external file before you start creating a self-signed certificate.
You are automatically logged out of Protection Center when the new certificate
is applied. All other logged in users are not logged out automatically, but should
log out immediately. Each user needs to log in to Protection Center again to resume
working.
Note: This certificate applies only to the Protection Center Web interface and is
used for securing the Protection Center interface. Importing a new certificate into
Protection Center has no effect on the currently integrated products.
To create and apply a self-signed certificate

2 On the Certificate Settings page, click Create Self-signed Certificate.
An Alert dialog box warns you that you are logged out of Protection Center
automatically when the new certificate is applied.
3 In the Alert dialog box, click Continue.
4 In the Create Self-signed Certificate dialog box, specify the appropriate
information:
Common Name The name that the computer uses to access Protection
Center. This name might not be the same as the
computer name. The format is as follows:
spc.example.com
This field is always required.
Contact Email For example, the email address of the current user, as
specified in the user account settings.
Organization Name The name of your company or organization.
Organization Unit The name of your department or business unit.
City/Locality The city or locality in which the Protection Center

Province/State The province or state in which the Protection Center

Country The two-letter ISO 3166 code for the country. For
example, US, JP, or FR.
5 Click Create and Apply Certificate.

The certificate is applied to Protection Center. You are logged out
automatically and redirected to the Protection Center login page.
Chapter 10
Using the Protection Center
control panel
■ Protection Center control panel options
■ Accessing the Protection Center control panel
■ Updating the Protection Center software manually
■ Changing the SPC_Admin account password
■ Specifying network settings
■ Activating the Windows operating system
Protection Center control panel options

The Protection Center control panel is the user interface of the Protection Center
appliance that is equivalent to the desktop of a Windows computer. The control
panel lets you perform some essential configuration tasks. Some of the tasks that
you can perform through the control panel are also available in the Protection
Center interface. For example, you can update the appliance software, change the
administrator password, and specify the appliance network settings in both
locations. However, tasks such as activating Windows can only be performed
through the control panel.
102 Using the Protection Center control panel
Protection Center control panel options
The control panel is not the same as the Protection Center interface. The Protection
Center interface is a browser-based user interface that lets Protection Center
users log in to Protection Center from remote computers.
Before you can access the control panel, you need to connect a monitor directly
to the Protection Center appliance. Alternatively, you can use a virtual console if
one is provided within your virtual environment.
Note: Only the Protection Center administrator (SPC_Admin) account can access
the Protection Center control panel.
Table 10-1 Protection Center control panel options
Option Description
Protection Center Update Lets you update Protection Center by manually running a Protection Center update
file.
Administrator Password Lets you change the password for the predefined Protection Center administrator
account (SPC_Admin).
IPv4 Network Settings Lets you specify the IPv4 network settings that Protection Center uses.
IPv6 Network Settings Lets you specify the IPv6 network settings that Protection Center uses.
Windows Activation Lets you activate the copy of Microsoft Windows that Protection Center uses.
See “Activating the Windows operating system” on page 106.
Language Lets you select the language to use for the Protection Center control panel.
Red button The red button with the circle and the vertical line shuts down Protection Center.
Arrow button Lets you log out, shut down, or restart the Protection Center appliance.
The arrow button opens a context menu that provides options to log out, restart, or
shut down Protection Center. This functionality is identical to pressing Ctrl+Alt+Del
on the Protection Center appliance.
Using the Protection Center control panel 103
Accessing the Protection Center control panel
Accessing the Protection Center control panel

The Protection Center control panel is the appliance user interface that is
equivalent to the desktop of a Windows computer. Before you can access the
control panel, you need to connect a monitor directly to the Protection Center
appliance. Alternatively, you can use a virtual console if one is provided within
your virtual environment.
Only the Protection Center administrator (SPC_Admin) account can access the
Protection Center control panel.
To access the Protection Center control panel
1 Connect a monitor to the Protection Center appliance or use a console that
your virtual environment provides.
2 Press Ctrl + Alt + Del.
3 At the login screen, enter the Protection Center administrator (SPC_Admin)
account credentials.
Updating the Protection Center software manually

By default, Protection Center uses LiveUpdate to automatically keep its software
components up to date. Protection Center also uses LiveUpdate to update the
information that Protection Center needs to work with supported products.
See “Where to get more information about Protection Center” on page 12.
If you do not use the Protection Center automatic update feature, you can update
the Protection Center software manually. You might need to use manual updates
when Protection Center has no access to the Internet. You might also perform
manual updates if you need to perform an update immediately and do not want
to wait for the automatic mechanism.
Changing the SPC_Admin account password
Warning: When you install a PAC update manually, Protection Center does not
create a backup as part of the software update process. When you install any other
type of update (such as a system update or a documentation update) Protection
Center automatically creates a backup. Before you install a PAC update manually,
you should create a backup of Protection Center.
To update the Protection Center software manually

1 From a computer that has access to the Internet, go to the following location:
2 On the Protection Center Web page, select Use and then select Product
Updates.
3 Locate and download the appropriate update files.
4 Save the files on appropriate storage media (USB drive, DVD, or CD) that the
Protection Center appliance can read.
Do not select network drives, Web sites, or FTP addresses.
5 Log in to Protection Center.
6 In the Protection Center control panel, under Manual Protection Center
Update, click Install Protection Center Update.
7 In the Install Protection Center Update dialog box, click Browse and then
select the update file that you want to install.
8 Click Run.
What happens next depends on the update script that is running. In some
cases you might be prompted to restart Protection Center or be required to
take further action.
Changing the SPC_Admin account password

You can change the SPC_Admin account password through the Protection Center
control panel.
Specifying network settings
To change the SPC_Admin account password

2 In the Protection Center control panel, under Administrator Password, click
Change Password.
3 In the Change Password dialog box, enter the following details.
Current Password The current password for the SPC_Admin account.
New Password The new password for the SPC_Admin account.

The password must contain at least eight characters and
include three of the following:
■ One uppercase (A through Z) or lowercase (a through z)

alphabetic character
■ One non-alphanumeric character
(~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
■ One alphabetic Unicode character that is not categorized
as uppercase (A through Z) or lowercase (a through z)
Confirm Password The new password for the SPC_Admin account.
4 Click OK.
Specifying network settings

In some scenarios you might be unable to access Protection Center on the network.
For example, an incorrect IP address, subnet mask, or gateway information might
be specified when Protection Center is configured through the Protection Center
interface. The control panel functionality ensures that such network configuration
problems can be corrected.
You can configure the network settings that Protection Center uses. You can
configure an IPv4 address and an IPv6 address. Protection Center must have an
IPv4 address configured. The IPv6 address is optional. You must configure a static
IP address. Protection Center does not provide an option to configure a DHCP
address.
You can also configure the network settings through the Protection Center
interface.
Activating the Windows operating system

To specify network settings
2 In the Protection Center control panel, do one of the following:
To specify the IPv4 network Under IPv4 Network Settings, click Enter IPv4
settings Network Settings.
To specify the IPv6 network Under IPv6 Network Settings, click Enter IPv6
settings Network Settings.
3 In the Enter IPv4 Network Settings dialog box or Enter IPv6 Network
Settings dialog box, click one of the following:
Do Not Configure IPv6 No IPv6 address is configured for Protection Center.

Any existing configuration settings are disabled.
This option is available only in the Enter IPv6 Network

Settings dialog box.
Use The Following An IPv4 address or IPv6 address (whichever is

appropriate) is configured for Protection Center using
the specified settings.
4 Enter the appropriate IP address settings and DNS settings.

5 Click OK.

You can activate Windows by entering a product key or by specifying the licensing
server name. Microsoft requires that you activate any Windows operating system
so that it can be properly licensed. You can also configure the Windows Update
server location that Protection Center uses to maintain security updates for
Windows.
Note: If you activated Windows during the appliance creation process, you do not
need to perform any further configuration. You should use this feature only when
you want to change the Windows settings.
If the licensing server does not use the default port, you need to specify the correct
port. You need to append a colon (:) and the port number to the end of the server
name. For example, kms.server.com:6000 or 192.196.15.25:6000.
To activate the Windows operating system
2 In the Protection Center control panel, under Windows Activation and
Settings, click Change Windows Settings.
If Windows has not been activated, the icon to the left of this option is yellow
and the text says Windows is not activated.
If Windows is already activated, no icon is displayed. The text says Windows
is activated and shows the appropriate product ID.
3 In the Change Windows Settings dialog box, under Activation, do one of the
following:
To use a product key Click Windows Product Key and then enter the
appropriate product key.
You can obtain the necessary product key from

Microsoft.
To use a licensing server Click Windows Licensing Server and then enter the
appropriate licensing server name.
You can get the address of the Key Management Server

(KMS) from your system administrator.
4 Under Updates, specify the Windows Update Server that you want to use:
To use Microsoft's Update Click Use Microsoft's Windows Update Servers from
Servers the Internet.
To use a local update server Click Provide a URL to locally maintained Windows
Update Server and then enter the appropriate URL.
You can get the address of the local Windows Update

Server from your system administrator.
5 Click OK.
If Windows is activated successfully, the yellow icon and Windows is not
activated message are replaced with a Windows is activated message and
the appropriate product ID.
If the Windows activation fails due to an invalid product key or an incorrect
Key Management Server address, a standard Microsoft Activation error dialog
box is displayed. You need to read the error message and take the appropriate
action to resolve it.
No restarts are needed. If a product key is used, it is sent to Microsoft where
it is validated. If a Key Management Server is used, there is some
communication between the Key Management Server and the Protection
Center appliance as Windows is activated.
Chapter 11
Getting help with Protection
Center issues
■ Protection Center resources for resolving issues
■ Getting help from Symantec Support
■ Symantec Support diagnostics options
■ Gathering Protection Center diagnostics data
■ Support case settings
■ Saving a diagnostics file
■ Sending a diagnostics file to Symantec Support
Protection Center resources for resolving issues

When you have a Protection Center issue, the first thing you should do is check
the Protection Center User Guide or Help. If you still cannot find the information
that you need, several other resources are available. The following table lists the
resources available to you and the types of issues for which they are best suited.
110 Getting help with Protection Center issues
Protection Center resources for resolving issues
Table 11-1 Protection Center resources for resolving issues
Resource Description
Protection Center Web page The Protection Center page contains high-level information about
Protection Center and links to documentation and other resources.
The Protection Center page is located on the Symantec Web site at the
following URL:
The links to the Protection Center documentation are available by clicking

the Product Manuals link, on the Use tab of the Protection Center page.
Protection Center Release Notes The Protection Center release notes provide the latest information on issues
and workarounds. Protection Center release notes are continuously updated
as Symantec Support and other product experts address new issues and
provide solutions.
The release notes are a good resource to check if you need information on
a specific feature or a specific task. If a Protection Center feature does not
work as expected or as outlined in the user documentation, the release
notes might contain an up-to-date description.
You can access the release notes from the Protection Center page on the
Symantec Web site. The Protection Center page is located at the following
URL:
SymWISE SymWISE is Symantec's knowledgebase where you can search for very
specific information. Unlike the user documentation, the knowledgebase
contains articles that are responses to very specific questions and issues.
The knowledgebase is a good resource if you have an issue and suspect that
other users might have had the same issue or know the answer. The
knowledgebase is also a good resource if you need help with a situation
that is too specific to be covered in the documentation.
You can access SymWISE at the following URL:
http://www.symantec.com/business/theme.jsp?themeid=support-knowledgebase
System Logs report The System Logs report details the activities within Protection Center.
This information can help you diagnose a problem that has occurred. This
report is accessed through the Protection Center Reports tab.
The System Logs report is a good resource for obtaining details of the
events that have happened within your system. Information in the logs
can help you diagnose your issue.
Getting help with Protection Center issues 111
Getting help from Symantec Support
Table 11-1 Protection Center resources for resolving issues (continued)
Resource Description
SymConnect forums The SymConnect forums let you search for answers and ask questions.
Product experts and other users that might have experienced and resolved
similar problems monitor and contribute to these forums.
The SymConnect forums are a good resource for asking a community of

Protection Center users your specific questions.
You can access SymConnect at the following URL:
http://www.symantec.com/connect/
Symantec Support The Symantec support team has extensive experience with Protection
Center and can help you with any issues that you might have. As part of
working with Symantec Support, you might need to prepare and send a
diagnostics file to help Symantec Support diagnose your issue.
Symantec Support is a good resource if you cannot solve your issue in any
other way and you need to talk directly to someone with extensive product
knowledge.
Getting help from Symantec Support

If you contact Symantec Support for assistance with a Protection Center problem,
support might ask you to collect diagnostics data to help resolve the issue. When
you perform the diagnostics collection process, Protection Center sends an
encrypted diagnostics file to Symantec Support.
See “Symantec Support diagnostics options” on page 112.
See “Support case settings” on page 115.
Table 11-2 Process for getting help from Symantec Support
Step 1 Ensure that verbose Protection Center message logging needs to collect as much information
logging is configured. as possible to help diagnose the problem. As soon as you become aware
of a problem with Protection Center, you should configure verbose
logging.

Symantec Support diagnostics options
Table 11-2 Process for getting help from Symantec Support (continued)
Step 2 Contact Symantec support Contact Symantec Support to start the diagnostics process.
and request assistance.
Symantec Support asks you to collect the Protection Center diagnostics
information. The support team provides a unique customer support
case ID to identify this particular support issue.
Step 3 Create the appropriate In Protection Center, open the Symantec Support diagnostics page. This
support case. page lets you create a support case and configure it to send an encrypted
diagnostics file to Symantec Support.
You need to specify the appropriate details: your customer support ID,
the configuration file to use, and the diagnostics file transfer details.
See “Gathering Protection Center diagnostics data” on page 114.
Step 4 (Optional) Rerun the If necessary, you can modify the support case settings and repeat the
diagnostics collection diagnostics collection process. Some issues might require you to collect
process. diagnostics data multiple times to resolve the issue.
Step 5 Send the diagnostics You can download the diagnostics results file from Protection Center
results file to Symantec and save it on your local drive. You can then attach the diagnostics
Support. results file to an email and send it to Symantec Support. You can also
transfer the file using FTP.
See “Saving a diagnostics file” on page 117.

See “Sending a diagnostics file to Symantec Support” on page 118.

Protection Center lets you create and send an encrypted diagnostics file to
Symantec Support for troubleshooting purposes. It also displays details of the
current support case: the support case ID, file transfer details, and diagnostics
collection results.
Note: Protection Center message logging needs to collect as much information as

possible to help diagnose the problem. You need to configure verbose logging
before you attempt to collect any diagnostics information.
When you need to collect the Protection Center diagnostics information, Symantec
Support provides the information that you need to create the appropriate customer
support case. This information includes the customer support case ID, the
appropriate configuration file, and the FTP file transfer information.
Table 11-3 Symantec Support diagnostics options
Option Description
Create a New Support Lets you create a new customer support case. You need to specify the appropriate details
Case in the Start a New Support Case dialog box.
Rerun Diagnostics Lets you modify the support case settings and repeat the diagnostics collection process.
Some issues might require you to collect diagnostics data multiple times to resolve the
issue.
Save Diagnostics File Lets you download the diagnostics results file from Protection Center and save it on your
local drive.
Send Diagnostics to Lets you send diagnostics results to Symantec Support manually. If you do not specify the
Support FTP transfer details in the support case, the diagnostics results file is not transferred to
Symantec Support. When the diagnostics data is collected, the diagnostics results file is
stored on Protection Center. This option lets you transfer the diagnostics results to Symantec
Support later.
Table 11-4 Symantec Support diagnostics details
Item Description
Customer Support Specifies the customer support ID number that uniquely identifies the support case.
Case ID Symantec Support allocates the appropriate support case ID.
Gathering Protection Center diagnostics data
Table 11-4 Symantec Support diagnostics details (continued)
Item Description
File transfer details Shows the FTP transfer details that are configured in the support case.
The following information is displayed:
■ Symantec FTP URL - the Symantec Support FTP server address.

■ User name - the user account that you use to upload to the Symantec Support FTP site.
■ FTP directory - the path where the uploaded diagnostics results file is stored.
■ Port - the port that the FTP site uses.
If the automatic file transfer is disabled in the support case, this item is not displayed.
Diagnostic Collection Shows the results of the last diagnostics collection process.
Results The following information is displayed:
■ Date run - the date and time that the diagnostics results were collected.
■ Status - indicates whether the diagnostics collection was successful. This value can be
Complete or Complete with Errors.
■ FTP Status - indicates whether the diagnostics results file was transferred to Symantec
Support successfully.
■ Errors - indicates any errors that occurred during the diagnostics collection process.
Gathering Protection Center diagnostics data

You need to gather diagnostics data from Protection Center when requested to
do so by Symantec Support. Symantec Support provides you with the customer
support ID number that you need to use for the support case. Symantec Support
also provides the FTP transfer details that you need to transfer the diagnostics
results file directly from Protection Center to Symantec. If a custom configuration
file is required for collecting the diagnostics data, Symantec Support also provides
the appropriate file.
You need to create a new support case and specify the following details: your
customer support ID, the configuration file to use, and the diagnostics file transfer
details. When you confirm the details, Protection Center collects the diagnostics
data and displays a summary of the results.
If you have specified the appropriate FTP transfer details in the support case,
Protection Center sends the diagnostics results file directly to Symantec Support.
If you choose not to transfer the diagnostics results file directly from Protection
Center, you need to send it to Symantec Support manually.
Support case settings
Note: Protection Center does not support FTP proxy servers. If your environment
uses a proxy server, you need to save the diagnostics results file and send it to
Symantec Support manually.
To gather diagnostics data for Symantec Support

1 In Protection Center, on the Admin > Settings menu, click Support
Diagnostics.
2 On the support diagnostics page, click Create a New Support Case.
3 In the Start a New Support Case dialog box, specify the appropriate details.
4 Click OK to confirm the support case details.
Protection Center collects the diagnostics data and displays summary details
under Diagnostics Collection Results.
If you specified the appropriate FTP transfer details in the support case,
Protection Center sends the diagnostics results file directly to Symantec
Support.
If the support case does not transfer the diagnostics results file directly to
Symantec Support, you can send the diagnostics results file later. You can
transfer the file directly from Protection Center, or you can download the file
and send it to Symantec Support manually.
5 (Optional) If you want to modify the support case settings and repeat the
diagnostics collection process, click Rerun Diagnostics.
In the Continue Support Case dialog box, specify the appropriate details.

The Start a New Support Case dialog box lets you create a new support case. The
Continue Support Case dialog box lets you rerun the diagnostics collection process
or send the current diagnostics results file to Symantec Support.
Table 11-5 Support case settings
Item Description
Customer Support Specifies the customer support ID number that uniquely identifies the support case.
Information
Symantec Support allocates you the appropriate ID when you make a support request.
Configuration File Details the configuration file to use for collecting diagnostics data from Protection Center.
The options are as follows:
■ Use the default configuration file

The default configuration file is included with Protection Center. This configuration
file collects a standard set of diagnostics data from Protection Center and is suitable
for diagnosing most issues.
■ Use a custom configuration file
In some cases the default configuration file might not gather the data that Symantec
Support requires to diagnose the issue. If necessary, Symantec Support provides a
custom configuration file that you need to use. You need to place the custom
configuration file in an accessible location and use this option to upload it to Protection
Center.
Symantec Support creates the custom configuration files. They are digitally signed for
security and you cannot modify them.
Saving a diagnostics file
Table 11-5 Support case settings (continued)
Item Description
Diagnostics File Specifies whether the diagnostics results are sent directly from Protection Center to
Transfer Settings Symantec Support or saved so that you can send the results file manually.
Protection Center does not support FTP proxy servers. If your environment uses a proxy
server, you need to save the diagnostics results file and send it to Symantec Support
manually.
The options are as follows:
■ Do not use Protection Center to send the file

The diagnostics results file is stored on Protection Center. You can transfer the file to
Symantec Support later, or you can download the file and send it manually.
■ Use Protection Center to send the file
The diagnostics results file is transferred directly to Symantec Support at the end of
the collection process.
Symantec Support provides the FTP transfer details that you need to specify in the following
fields:
■ Symantec FTP server URL - the Symantec Support FTP server address.
■ FTP directory - the path where the uploaded diagnostics results file is stored.
■ User name - the user name of the account that you use to upload to the Symantec Support
FTP site.
■ Password - the password of the account that you use to upload to the Symantec Support
FTP site.
■ Port - the port that the FTP site uses. The default is port 21.
FTP has variable ports, which may cause problems if your organization has firewalls in
place. Port 21 is used for control, but any port over 1024 can be used for data transfer.
Saving a diagnostics file

If you do not want to send the diagnostics file to Symantec using FTP, you can
email it instead. When the diagnostics data is collected, the diagnostics results
file is stored on Protection Center. You can download the diagnostics results file
from Protection Center and save it on your local drive, and then send it to Symantec
Support manually.
Sending a diagnostics file to Symantec Support
To save a diagnostics file

Diagnostics.
2 On the Symantec Support diagnostics page, click Save Diagnostics File.
3 In the File Download dialog box, click Save.
4 In the Save As dialog box, specify the appropriate location and file name, and
then click Save.
Note: The ability to specify the file name is true for Internet Explorer only.
If your browser is Mozilla Firefox, you do not have the option to specify the
file name or location. The file is saved in the default location with the default
name. You can then rename the file manually and move it to the appropriate
location.
If your browser is Internet Explorer 9.0, the browser settings must be
configured to allow the file to be saved to your local disk. To configure these
settings, open the Internet Options dialog box. On the Advanced tab, under
Security, ensure that the Do not save encrypted pages to disk setting is
unchecked.
5 When the diagnostics results file has finished downloading, close the
confirmation dialog box.

In some scenarios the diagnostics results file might not be transferred to Symantec
Support when the diagnostics data is collected. For example, if you do not specify
any FTP transfer details in the support case, or if the connection fails, the results
cannot be transferred. However, the diagnostics results file is stored on Protection
Center and you can transfer it to Symantec Support by specifying the appropriate
FTP transfer details.
To send a diagnostics file to Symantec Support
Diagnostics.
2 On the Symantec Support diagnostics page, click Send Diagnostics to Support.
3 In the Continue Support Case dialog box, under Diagnostics File Transfer
Settings, specify the appropriate FTP transfer settings.
4 Click OK.
The diagnostics results are transferred from Protection Center to Symantec
Support. The Diagnostics Collection Results details are updated accordingly.
Section 3
Security Management
■ Chapter 12. Introduction to Protection Center security management
■ Chapter 13. Using Protection Center reports
■ Chapter 14. Working with notifications
■ Chapter 15. Working with workflows and tasks

122
Chapter 12
Introduction to Protection
Center security
management
■ Performing Protection Center security management tasks
■ About the Protection Center dashboard
■ Accessing the management interface of a supported product
Performing Protection Center security management

tasks
The role of a security manager is to ensure that the organization's network is
secure. Your organization might have a single security manager with full
responsibility for network security. Alternatively, your organization might have
several security managers that are each responsible for a different aspect of your
security.
If you are a security manager, you should become familiar with security
management tasks before you start using Protection Center for the very first time.
You do not need to perform any initial configuration of Protection Center before
you begin using Protection Center to perform security management tasks. However,
you might want to configure the reports that you intend to use regularly and save
them as saved reports.
124 Introduction to Protection Center security management
Performing Protection Center security management tasks
The following table describes the process for performing Protection Center security
management tasks.
Table 12-1 Process for performing Protection Center security management

tasks
Step 1 Log in to Protection When you log in to Protection Center, you are in the Protection Center
Center. view. This view provides access to all of the Protection Center functionality.
Step 2 View the dashboard. The dashboard lets you quickly see the current status of your security.
See “About the Protection Center dashboard” on page 125.
Step 3 Use reports. Reports are based on data from supported products and help you determine
the status of your network and endpoint environment.
Step 4 Use business analytics. The Protection Center business analytics feature provides
multi-dimensional analysis and robust graphical reporting to help you
analyze your data.
See “About Protection Center business analytics” on page 28.
Step 5 Use workflows. Protection Center provides workflows to simplify your security
management and help you maintain a secure environment. When you
select an action in a report, Protection Center starts the corresponding
workflow on the appropriate endpoint.
Step 6 Work with notifications. Notifications are the messages that keep you informed of significant events
that occur in Protection Center and integrated products. Protection Center
generates a notification for each important event or activity that occurs
in Protection Center or is detected in an integrated product.
Step 7 Manage products. Protection Center lets you manage your security products through the
Protection Center interface.
See “Accessing the management interface of a supported product”

on page 127.
Introduction to Protection Center security management 125
About the Protection Center dashboard

The Protection Center dashboard is the first thing that you see each time you log
in to Protection Center. It lets you view the current status of your security and
manage security events based on your user role and administrative permissions.
See “Performing Protection Center security management tasks” on page 123.
The Protection Center dashboard contains a number of charts and a newsfeed.
The newsfeed displays the most important or the most recent notifications. The
charts display the summary information that helps you to understand the current
status of your security. Some charts let you drill down into the summary data to
obtain additional details.
Table 12-2 Information provided by the Protection Center dashboard
Chart Description
Protection Overview Displays the summary information for two types of threats: malware and intrusions.
The summary information for each type of threat includes the following: a trend line of
activity over the previous 24 hours, a count value, and the percentage change since the
previous 24-hour period.
A click on the Malware trend line or other Malware data drills down to the Malware
Summary report.
A click on the Intrusions trend line or other Intrusions data drills down to the IDS
Signature Summary report.
Product Server Status Displays the overall connectivity status for all the product servers. The status reflects
the state of the data feed connections.
The host status values are as follows:
■ Good
The total number of product servers that are connected and have no agent problems
or data feed problems. A stopped product on a connected server is a data feed problem.
■ Warning
A server has an out-of-date Symantec Management Agent, an out-of-date plug-in, or
there is a data feed problem. The product is stopped or there is a problem with the
user ID being used for data feed access.
■ Error
Communication with a previously integrated product has failed.
■ Not Enabled
A product server that is available for integration but is not yet enabled.
Table 12-2 Information provided by the Protection Center dashboard

(continued)
Chart Description
Product Integration Displays information about the level of security coverage that Protection Center provides
Status in your environment. It tells you how many supported products you have currently
integrated, and how many more are available but are not enabled.
System Status Displays the status of the critical components of the Protection Center appliance. This
panel gives information on Protection Center system uptime, CPU usage, memory usage,
and disk usage.
Newsfeed Displays a list of all notifications being tracked in Protection Center. Notifications can
be warnings, events, or informational messages. Notifications can relate to security
products, the Protection Center infrastructure, or the Global Intelligence Network.
You can sort the list by priority or by date. Each notification item in the newsfeed includes
a notification severity icon, timestamp, title, and detailed description.
The View full list link opens the Notifications report.
Threatcon Status Displays the current ThreatCon status and lets you access security notification information
and up-to-date virus definitions.
You can click on the following items to access more information:
■ ThreatCon Status indicator: Opens the Threat Explorer page that provides
comprehensive and up-to-date information on the latest threats, risks, and
vulnerabilities.
http://www.symantec.com/business/security_response/threatexplorer/
■ Security Alerts: Opens the Security Response page.
http://www.symantec.com/business/security_response/
■ Definitions: Opens the Virus Definitions & Security Updates page.
http://www.symantec.com/business/security_response/definitions.jsp
Global Intelligence Displays a subset of the information that is available on the DeepSight Early Warning
Network Services. DeepSight Early Warning Services is a Symantec service that monitors security
events on a global basis and delivers early warning notifications about attacks.
Top Corporate Threats Displays a list of the top five malicious software threats that organizations currently
face.
Introduction to Protection Center security management 127
Accessing the management interface of a supported product
Accessing the management interface of a supported

product
You can access the management interface of a supported product from the product
selector menu in Protection Center. The product selector menu is to the left of
the Home menu and displays the name of the currently selected product. When
you click the product selector menu, a drop-down list of enabled products is
displayed.
permissions to access supported products. Protection Center user accounts must
be given the appropriate permissions to access supported products through the
product selector.
To access the management interface of a supported product
1 In Protection Center, on the product selector, click the down arrow symbol.
2 Click <Product Name> > <Host Name>.
The home page of the product management interface opens.
3 Perform the appropriate management functions.
For information about using the functionality that the product provides, click
Help in the navigation area to access the help documentation for that product.
Accessing the management interface of a supported product
Chapter 13
Using Protection Center
reports
■ About reports
■ About charts
■ About report actions
■ About report filters
■ Viewing a report
■ Applying filters to a report
■ Creating a saved report
■ Deleting a saved report
■ Configuring the distribution of a saved report
■ Report management settings
■ Report distribution settings
About reports
Protection Center provides reports to keep your organization informed about
security issues and help you respond quickly to security events. The data in the
reports is supplied by the integrated products in your environment as well as by
Protection Center.
130 Using Protection Center reports
About charts
The specific report data that you can view is based on your Protection user account
permissions. Your account must have access to an integrated product to view data
from that product.
Report data is organized into charts so that the data is easy to read and analyze.
For example, a pie chart makes it easy to identify the various categories of malware
that were blocked. Based on this information, you can quickly understand whether
any aspects of your security might be vulnerable. Some charts also let you take
action in response to a reported event.
With each report, you can also apply filters so that you only see the information
that you consider relevant to your situation. If you plan to access the same set of
filtered data again, you can save the report and its filters under a new name. Then,
when you need to access this specific set of data, you can open the saved report.
See “About charts” on page 130.
See “About report actions” on page 131.
See “About report filters” on page 131.
See “Creating a saved report” on page 134.
To ensure that the appropriate personnel have the security information they need,
you can schedule when and to whom to distribute a saved report. The report
recipients can then receive a link to the report, or receive an HTML file of report
results. The HTML file lets the recipient view the report results without having
to log in to Protection Center.
See “Configuring the distribution of a saved report” on page 136.
A product that sends data to Protection Center might also supply its own unique
reports. For example, if you have integrated Mail Security with Protection Center,
Mail Security-specific reports become available.
About charts
A chart is a component of a report that uses a single mechanism for displaying
data in a way that is organized and easy to analyze. The most common display
formats that charts use are pie chart, bar chart, area chart, line graph, and table.
Each report includes one or more charts. With some charts, you can drill down
to get more detailed information about the data. Some charts let you perform
specific actions related to the chart data. These actions simplify the process of
resolving issues.
Using Protection Center reports 131
About report actions
About report actions

Report actions let you perform the tasks that are required to maintain the security
of your endpoints. For example, you might take an action to quarantine a computer
that does not have the latest virus definitions installed.
Charts that contain detailed information, such as those in detailed reports, often
have actions associated with them. The actions that are available depend on the
data in the chart and the Protection Center supported products you have available.
See “About charts” on page 130.
If actions are available for a report, the Actions menu is shown at the top of the
relevant chart. To perform an action on an endpoint, select the appropriate item
in the chart and then choose the action from the menu.
The options on the Actions menu are linked to workflows. When you select a
menu option, you start the corresponding workflow.
See “Starting a workflow” on page 146.
About report filters

You can apply filters to a report so that the report only displays the data that you
want to see.
The Add Filter option lets you access the filters that are available in a report. You
can use some or all of the available filters.
You can use the following guidelines when you apply filters to a report:
■ Each filter corresponds to a data column in the report.
■ For each filter, you can specify one parameter value.
■ You can add multiple filters for the same data column.
■ For each filter, the parameter value is matched with the data value, which
either is enumerated or uses unconstrained text.
Report filters support partial word searches, but they do not support any wildcard
characters. The wildcard characters ? and * are treated as normal characters rather
than wildcards. Report filters are not case-sensitive.
The filters that you have added to a report are shown in the report header, on the
left side. On the right side of the report header you can access the predefined time
Viewing a report
range filters. These filters let you view the data that was collected in the previous
day, previous week, previous month, or previous three months. The custom filter
lets you specify the start date and end date of the time range that you want to
view.
The filters that you apply to a report are cleared when you navigate away from
the report. If you want to preserve a particular filter configuration on a report,
you can create a saved report using the Save as option. The next time you access
the saved report, the filters that you specified are applied automatically. In
addition, you can save new and modified filter settings in a saved report using
the Save option at the top of the report page.
Viewing a report
You can view a Protection Center report. You can refine the results of a report by
using filters to hide some data, leaving only the report results that you want to
view. You can sort the data by a particular column. When you refresh a report,
the filters and data sorting settings are preserved.
If no data is available in the report, Protection Center displays the appropriate
message. There might be no data available because there are no integrated products
that supply the appropriate data. Alternatively, the products might be integrated
but your user account is not mapped to a product that provides the data for the
report. Protection Center also displays a list of the supported products that can
enable the report.
To view a report
1 In Protection Center, in the navigation area, click Reports.
2 In the left pane, select the appropriate list of reports:
To view the list of predefined reports Click the Reports icon.
To view the list of saved reports Click the Saved Reports icon.
3 In the list of the reports, click the report you want to view.
Applying filters to a report
4 (Optional) In the Please enter the following required parameter(s) dialog

box, specify the appropriate value and then click Apply Filter.
If the report requires you to specify any parameters, Protection Center
prompts you for the appropriate information.
If the parameter has enumerated values, you can select the appropriate value
from a drop-down list. If the parameter can take any value, you need to type
a matching text string. The report results include any full matches or partial
matches to the specified filter text string.
By default, each report includes the data that Protection Center has collected
during the last seven days.
5 (Optional) In the report header, specify the time filter for the data that you
want to view.
You can choose one of the predefined time periods or set a custom time range.
6 (Optional) In the report header, configure any filters that you want to apply
to the report.
See “Applying filters to a report” on page 133.
7 (Optional) Click a chart to drill down to a more detailed report.
The filter parameters that correspond to the item that you clicked are applied
to the detailed report.
Applying filters to a report

You can apply filters to a report to refine the results and display only the report
results that you want to view. Each filter corresponds to one of the data columns
in the report. You can specify only one parameter value for each filter. However,
in some cases you can add multiple filters of the same type with different
parameter values in each. The parameter value in each filter is compared to the
data values in the corresponding column in the report and all matching results
are displayed.
If the data column that you want to filter contains enumerated values, you can
select from the available values to match. If the data column contains
unconstrained text, you can specify a custom text string to match.
The filters that you have added to a report are shown in the report header, on the
left side. You can modify filters by specifying different parameter values, and you
Creating a saved report
can remove any filters that you no longer require. However, you cannot remove
the required filters from detailed reports.
To add a filter to a report
2 In the list of reports, click the report you want to view.
3 In the report header area, click Add Filter.
4 In the drop-down list, select the appropriate filter parameter and then do one
of the following:
To select one of the enumerated values Click the value that you want to use.
To specify a custom value Click Custom Filter, then type the

appropriate value, and then click Apply
filter.
Note that some filters might not let you specify custom filters.
To edit a filter
1 In the report header, click the filter that you want to edit.
2 In the drop-down list, do one of the following:
■ Click the value that you want to use.
■ Click Custom Filter, then type the appropriate value, and then click Apply
filter.
Note that some filters might not let you specify custom filters.
To remove a filter
◆ In the report header, in the filter that you want to remove, click the Delete
(x) symbol.
You cannot remove any required filters from a report. A required filter
contains no Delete symbol.
Creating a saved report

You can create a saved report by saving a predefined report or another saved
report under a new name.
For example, after you apply filters to a report, you can save a copy of the report
under a new name. You can then configure the report distribution. When you
Deleting a saved report
access the saved report, its filters and distribution settings are already applied;
you do not need to specify them again. Instead, you can quickly view the saved
report and, in turn, take action based on the report data.
You can use a saved report to generate additional customized reports. For example,
you can modify a saved report and then save it under a different name.
You can also delete a saved report.
See “Deleting a saved report” on page 135.
The saved reports that you create are available to all Protection Center users.
However, when a user views the report, the report results include only the data
to which the user has access.
To create a saved report
2 In the left pane, select the appropriate list of reports:
To view the list of predefined reports Click the Reports icon.
To view the list of saved reports Click the Saved Reports icon.
3 In the list of the reports, click the report you want to view.
4 In the report header, configure the filters that you want to apply to the report.
5 At the top of the report page, click Save as.
6 In the Save a copy of <Report Name> as dialog box, in the Report Name box,
enter the name of the new saved report, and then click Save.
Deleting a saved report

You can delete a saved report when you no longer need it. You cannot delete any
of the predefined Protection Center reports.
Configuring the distribution of a saved report
To delete a saved report

2 In the left pane, click the Saved Reports icon.
3 In the list of the reports, click the report you want to delete.
4 At the top of the report, click Delete.
Configuring the distribution of a saved report

You can configure any saved Protection Center reports to be generated and
distributed to the appropriate people by email on a regular schedule. Protection
Center generates the report at the scheduled times and includes the data that is
available at the time. The data that is included in the report depends on the product
access permissions of the user who last saved the report. Protection Center sends
the report to the specified list of email addresses as an HTML file attachment, or
as a link to the report.
You cannot schedule or distribute any predefined Protection Center reports. To
schedule the distribution for such a report, you need to save a copy of the report
to create a saved report. You can then schedule the distribution of the saved report.
You can also change the name and description of a saved report. You cannot
modify the name and description of a predefined Protection Center report.
To configure the distribution of a report
2 In the left pane, click Manage Reports.
3 In the Manage Reports dialog box, in the left pane, click Saved.
4 In the upper part of the right pane, click the report that you want to modify.
5 (Optional) In the lower part of the right pane, make the appropriate changes
to the report name and description.
See “Report management settings” on page 137.
6 In the Distribution box, do one of the following:
If no schedule is configured Click Specify schedule and recipients.
If a schedule is already configured Click Edit.

Report management settings
7 In the Edit Schedule dialog box, specify the appropriate report distribution
options.
See “Report distribution settings” on page 137.
8 Click Save.
9 Click Close.
Report management settings

The report management settings let you view all of the Protection Center reports
and modify the saved reports.
Table 13-1 Report management settings
Item Description
Name Contains the report name.
You cannot modify the name of a predefined Protection Center report.
Description Contains the report description.
You cannot modify the description of a predefined Protection Center report.
Owner Specifies the Protection Center user account that saved the report.
This setting applies to saved reports only. It is displayed for your information and you cannot
modify it.
Distribution Specifies the schedule for generating the report and the email addresses of the recipients.
This setting applies to saved reports only. You cannot schedule a predefined report for
distribution.
Protection Center generates the report at the scheduled times and includes the data that is
available at the time. The data that is included in the report depends on the product access
permissions of the user who last saved the report. Protection Center sends the report to the
specified list of email addresses as an HTML file attachment, or as a link to the report.
Open report Opens the report in Protection Center.
Report distribution settings

The report distribution settings let you schedule the generation of any Protection
Center saved report and its email distribution.
Report distribution settings
Table 13-2 Distribution schedule settings
Item Description
None Disables the scheduled report distribution for the report.
Daily Distributes reports every day or the specified interval (a number of days) at the specified time.
Weekly Distributes reports each week at the specified time on the specified day of the week.
Monthly Distributes reports each month at the specified date and at the specified time.
You can set a starting date and an ending date for all distribution frequency settings.
Table 13-3 Recipients and email settings
Item Description
Recipients Specifies the email addresses to which Protection Center sends the report results. An email
message is sent each time Protection Center generates the report on the specified schedule.
If you specify multiple email addresses, you need to separate each address with a comma or a
semicolon.
Email format Specifies whether the report results are sent directly to recipients in HTML format, or if a link
to the actual report is sent. Note that some reports do not support HTML format. For example,
the Notifications report results can only be emailed as a link.
If the report results are sent as an attached HTML document, the results are scoped according
to the user who last saved the report.
If the email contains a link to the report, each recipient must log in to Protection Center to see
the report results. The report results are scoped according to the user account that is used to
log in to Protection Center.
Email subject Specifies the subject line of the email message that contains the report results.
Email message Specifies the accompanying email message that is sent with the report.
Chapter 14
Working with notifications
■ About notifications
■ Viewing and managing notifications
About notifications
Notifications keep you informed of the significant events that occur in Protection
Center and integrated products. Protection Center generates a notification for
each important event or activity that occurs in Protection Center or is detected
in an integrated product. Each notification includes details about itself: its severity,
state, description, the time that it was created, and the product to which it relates.
See “Viewing and managing notifications” on page 140.
The Protection Center dashboard contains a newsfeed that displays the most
important or the most recent notifications. These notifications alert you to issues
that you need to take action on. For example, you might need to add a new product,
research the latest security threats, or make changes based on a security event.
See “About the Protection Center dashboard” on page 125.
The notification severity indicates the urgency of a notification: critical, warning,
or informational. The Notification Summary bar in the Protection Center footer
area indicates the number of unresolved notifications of each state. If there are
no unresolved notifications of a particular severity, the corresponding icon is
hidden. Each notification severity icon blinks each time that the number of
notifications of that severity changes. You can click on a notification severity icon
to open the Notifications report and display summary details of all the
notifications of that severity.
Notifications are grouped into categories that identify the type of data that they
contain, such as Infrastructure, Global Intelligence Network, Security, and
140 Working with notifications
Viewing and managing notifications
General Information. The category helps you sort notifications so that you can
more easily find the notifications in which you are interested.

The Notifications report shows details of the notifications that Protection Center
has received. You can use the Notifications report to view and manage Protection
Center notifications. You can filter the list of notifications to display the
notifications that have a specific severity or belong to a specific category. You
can also filter the list by date or time range. You can view detailed information
about each notification, and you can change the notification state when
appropriate. When you refresh the report, the filter settings are preserved.
The notification state lets you identify which notifications are new, acknowledged,
or resolved. When a notification is generated, the new state is indicated by
Acknowledge. When you click Acknowledge to indicate that you have seen the
notification, the state is set to Resolve. When you have resolved the issue that
caused the notification, you can click Resolve to change the state to Resolved.
The Resolved state is indicated by a green tick. The number of new and
acknowledged notifications are added together to get the number of notifications
of each type shown in the notification summary. You set the notification state to
resolved when you have taken the appropriate actions based on the notification.
When you set the state of a notification to resolved, the notification is removed
from the notification summary count. However, it is not removed from the
Notifications report.
To view notifications
To view all notifications ■ In the navigation area, click Reports.

■ In the left pane, in the Reports list, click
Notifications.
Working with notifications 141
To view the notifications of In the Notification Summary bar in the Protection

a particular severity Center footer area, click the icon for the severity that
you want to view:
■ Critical
■ Warning
■ Informational
2 (Optional) In the Notifications report header, set the Alert Severity filter
that you want to apply to the report.
To change the state of a notification
1 In the Notifications report, find the notification that you want to modify.
To change the notification state to Click Acknowledge.

Acknowledged
To change the notification state to Click Resolve.

Resolved
142 Working with notifications
Chapter 15
Working with workflows
and tasks
■ About workflows
■ Using Protection Center workflows
■ Configuring administration settings for a workflow
■ Starting a workflow
■ Monitoring your workflows and tasks
■ Workflow details
■ Task details
■ Responding to a task assignment
■ Workflows available in Protection Center
About workflows
Protection Center provides workflows to simplify your security management and
help you maintain a secure environment. A workflow is a series of tasks that are
linked together in a predefined order to accomplish an objective. Some workflows
are run automatically while others require a user action to start.
The tasks in a workflow are the individual steps that must be performed to
complete the workflow. Most of the tasks in a workflow are run automatically
without user intervention. Some tasks do require user interaction, in which case
the task is added to the Workflow Status report. From the report, you can perform
144 Working with workflows and tasks
Using Protection Center workflows
the necessary actions to complete the task. To help you track your tasks, the
notification summary area in the Protection Center footer displays a clipboard
icon that indicates the number of tasks that you have. You can click on the icon
to open the Workflow Status report to view and work on those tasks.
Tasks can be performed serially or in parallel, depending on the workflow process.
At some points in the workflow process it might be necessary for all previous
tasks to be complete before the workflow can continue.
All workflows are included with Protection Center; integrated products do not
add them. Some workflows rely on certain products and are not available unless
those products are integrated with Protection Center. For example, the Move
Endpoint, Quarantine Endpoint, Update Virus Definitions And Scan Endpoint,
and Update Virus Definitions On Endpoint workflows require Symantec Endpoint
Protection to be integrated.
See “Using Protection Center workflows” on page 144.
See “Monitoring your workflows and tasks” on page 147.
Using Protection Center workflows

Protection Center workflows let you perform actions on specific endpoints. The
Protection Center administrator needs to configure each workflow to suit the
requirements of your organization. A security manager can then use the workflows
to resolve any security issues that are detected in your environment.
To use a workflow, you select the appropriate endpoint in a report and then select
the action that you want to perform. Protection Center starts the corresponding
workflow. You can monitor the status of the workflows that you started. You can
also view the tasks that need to be performed and take action on those that are
assigned to you.
The following table outlines the process for using workflows in Protection Center.
Working with workflows and tasks 145
Configuring administration settings for a workflow
Table 15-1 Process for using Protection Center workflows
Step 1 Configure the workflow Every workflow includes at least one configurable setting. Before you can
administration settings. use a workflow, you need to configure its administration settings to suit
the requirements of your organization.
Step 2 Start workflows. When you select an action in a report, Protection Center starts the
corresponding workflow on the appropriate endpoint. For most workflows
you need to specify the relevant action settings, such as assigning the
workflow tasks to the appropriate Protection Center users.
Step 3 View the workflow The Workflow Status report shows details of all of the workflows that
status. were started within a specified date range. You can monitor the status of
the workflows that you started.
Step 4 Respond to your The Workflow Status report lets you view the tasks that need to be
assigned tasks. performed. You can take the appropriate action to complete the tasks that
are assigned to you.
See “Responding to a task assignment” on page 149.
Step 5 Troubleshoot workflow If a workflow fails, an email message containing details of the failure is
failures. sent to the appropriate workflow owner.
Configuring administration settings for a workflow

Every Protection Center workflow includes at least one configurable setting. For
example, most workflows let you specify the email address of the workflow
administrator. If the workflow fails, Protection Center sends an email message
containing details of the failure to the appropriate administrator. Before you can
use a workflow, you need to configure its administration settings to suit the
requirements of your organization.
Note: Your Protection Center user account requires the Workflow permission to
configure administration settings for a workflow.

Starting a workflow
To configure administration settings for a workflow

1 In Protection Center, on the Admin > Settings menu, click Workflow.
2 In the User Editable Workflows drop-down list, select the workflow that you
want to configure.
3 Specify the appropriate administration settings.
Starting a workflow
When you select an action in a report, Protection Center starts the corresponding
workflow on the appropriate endpoint. For most workflows you need to specify
the relevant action settings, such as assigning the workflow tasks to the
appropriate Protection Center users.
Workflows are available from the Actions menu in the relevant Protection Center
reports.
To start a workflow, you must have the appropriate permissions on the products
that perform the workflow tasks. If you do not have the necessary product
permissions, the workflow fails with a "No user was associated with Product
Server" error.
To start a workflow
2 In the left pane, in the Reports list, click the appropriate report.
3 In the report, in the appropriate chart, select the endpoint on which you want
to take action.
4 In the top right corner, click Actions, and then click the workflow that you
want to start.
5 In the Settings Configuration dialog box, specify the relevant action settings.
6 Click Submit.
7 When the confirmation message appears, click Close.
Monitoring your workflows and tasks
Monitoring your workflows and tasks

The Workflow Status report shows details of all of the workflows that were started
within a specified date range. You can monitor the status of the workflows that
you started. The report indicates the workflows that have completed and provides
a percentage complete value for the workflows that are still in progress.
The Workflow Status report lets you view the tasks that need to be performed
and take action on those that are assigned to you. For example, you can
unquarantine an endpoint that has been added to a quarantine group in Symantec
Endpoint Protection. The actions that are available depend on the task that is
selected and the products that are integrated with Protection Center.
The workflows that do not require any integrated products typically run in the
background and do not need any user interaction. These workflows do not appear
in the Workflow Status report. For example, the NationalThreatLevelMonitor
and ZeroDayVulnerability workflows monitor data feeds and send email alerts
when necessary.
To monitor your workflows and tasks
To view all of the workflows ■ In the navigation area, click Reports.

that are associated with you ■ In the left pane, in the Reports list, click Workflow
Status.
To view the tasks that need On the Notification Summary area at the bottom left,
to be performed click the Task (clipboard) icon.
2 (Optional) In the Workflow Status report header, specify the time period for
the workflows and tasks that you want to view.
You can choose one of the predefined time periods or set a custom time period.
3 View the workflow details and the task details.
See “Workflow details” on page 148.
See “Task details” on page 148.
4 (Optional) Refresh the report to ensure that the latest details are displayed.
The workflow status information can take a few minutes to update.
Workflow details
Workflow details
The Workflow Status chart displays details of each of the workflows that you
started and lets you monitor the status of each workflow.
The following table describes the information that is shown in the Workflow
Status chart for each workflow.
Table 15-2 Workflow details
Item Description
Process ID Specifies the process ID for the workflow.
This ID lets you match the workflow to any of its tasks that are displayed in the My Tasks
chart.
Name Specifies the name of the workflow.
Status Specifies the status of the workflow. The status values are specific to each workflow.
Generally, the status values are In Process, In Progress, Completed, and Failed.
Started Specifies the start date and time of the workflow.
Ended Specifies the end date and time of the workflow.
% complete Indicates the percentage of the workflow that is complete.
Each individual workflow uses its own criteria to determine how complete it is.
Task details
The My Tasks chart displays details of the tasks that need to be performed and
lets you take the appropriate action on those that are assigned to you.
The following table describes the information that is shown in the My Tasks chart
for each task.
Table 15-3 Task details
Item Description
Process ID Specifies the process ID for the parent workflow. This ID lets you
match the task to the corresponding workflow in the Workflow
Status chart.
Responding to a task assignment
Table 15-3 Task details (continued)
Item Description
Task Name Specifies the name of the task.
Name Specifies the name of the workflow process that is associated with
the task.
Date Assigned Specifies the date on which the task was assigned to a user.
Date Due Specifies the date on which the task is due for completion.
Status Specifies the current status of the task: Open or Closed.
Actions Lets you access the actions that are available for the task.
The Respond option lets you complete the task.
Responding to a task assignment

When you are assigned a workflow task, you need to respond to the task and take
the appropriate action. The response normally requires you to supply the
information that is required to complete the task.
To respond to a task assignment
■ In the navigation area, click Reports and then, in the Reports list, click
Workflow Status.
■ In the Notification Summary area, click the Task (clipboard) icon.
2 In the Workflow Status report, in the My Tasks chart, click the task that you
want to complete.
3 Click Actions, and then click Respond.
4 In the Action for Respond dialog box, perform the actions that are necessary
to complete the task.
The actions that you need to perform depend on the task to which you respond.
Workflows available in Protection Center
5 (Optional) If you want to close the task without performing any actions, click
Close Task/Complete Process.
You need to close a task if the task actions have already been performed
outside the Protection Center environment.
For example, if an endpoint is moved out of a quarantine group within
Symantec Endpoint Protection, the corresponding Handle Unquarantined
Machine task might remain open in Protection Center. You need to close the
task without taking any further action.
6 Click Close.

All workflows are included with Protection Center; integrated products do not
add them. Some workflows rely on certain products and are not available unless
those products are integrated with Protection Center.
Table 15-4 Workflows available in Protection Center
Workflow Required Description

Product
Move Endpoint Symantec Moves the selected endpoint to a different group in

Endpoint Symantec Endpoint Protection Manager.
Protection
This workflow is available in the Specific Malware report.
The action name is Move to a different SEP group.
See “Move Endpoint workflow” on page 154.
Quarantine Endpoint Symantec Moves the selected endpoint to a specific quarantine group
Endpoint in Symantec Endpoint Protection Manager. The workflow
Protection also assigns the corresponding unquarantine task to a
specified user.

The action name is Quarantine using SEP.
See “Quarantine Endpoint workflow” on page 151.

Table 15-4 Workflows available in Protection Center (continued)
Workflow Required Description

Product
Update Virus Definitions And Symantec Updates the virus definitions on the selected endpoint and
Scan Endpoint Endpoint then performs a virus scan on that endpoint.
Protection
The action name is Update definitions and scan.
See “Update Virus Definitions And Scan Endpoint

workflow” on page 155.
Update Virus Definitions On Symantec Updates the virus definitions on the selected endpoint.
Endpoint Endpoint
Protection
The action name is Update definitions.
This workflow is also available in the Specific Endpoint

report, through the Update definitions button.
See “Update Virus Definitions On Endpoint workflow”

on page 153.
NationalThreatLevelMonitor None Monitors the NationalThreatLevelMonitor data feed.

When the threat level changes, the workflow sends an email
notification to the user that is specified in the workflow
settings.
This workflow runs in the background and does not appear

in the Workflow Status report. You cannot start it
manually.
See “NationalThreatLevelMonitor workflow” on page 156.
ZeroDayVulnerabilityMonitor None Monitors the ZeroDayVulnerabilityMonitor data feed.

When a new infection is detected, the workflow sends an
email notification to the user that is specified in the
workflow settings.
This workflow runs in the background and does not appear

in the Workflow Status report. You cannot start it
manually.
See “ZeroDayVulnerabilityMonitor workflow” on page 157.
Quarantine Endpoint workflow

The Quarantine Endpoint workflow moves the selected endpoint to the specified
group within Symantec Endpoint Protection Manager. It also creates a
corresponding unquarantine task. The assigned user then needs to resolve the
issue on the endpoint. When the issue is resolved, the user can respond to the
task and move the endpoint back to the original group. When the endpoint is
successfully moved, the task is closed and marked as completed.
This workflow is available only if Symantec Endpoint Protection is integrated
with Protection Center.
Warning: If the endpoint is already in the selected quarantine group when the
workflow starts, the unquarantine task is not created. An appropriate notification
is displayed in the Notifications report.
The user that is assigned to the unquarantine task must have permission in
Symantec Endpoint Protection to move a client. Otherwise, the unquarantine step
within the workflow fails with a permission error.
Table 15-5 Quarantine Endpoint workflow administration settings
Setting Description
Is Using Task Alert Emails Specifies that the workflow sends alert emails to the task owner.
Hours To Wait For Assignee Specifies the time that the workflow waits for the assigned task owner to take the
To Work Task appropriate action.
The task fails if the specified waiting time is exceeded. The Workflow Status report
is updated to show the task status as Failed. Protection Center also sends a notification
to the Newsfeed in the Protection Center dashboard.
Workflow Owner Email Specifies the email address of the Protection Center workflow administrator. If the
workflow fails, Protection Center sends details of the failure to the workflow
administrator.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
The Quarantine Endpoint workflow is available in the Specific Malware report,

through the Quarantine using SEP action.
The Action for Quarantine using SEP dialog box appears when you start the
Quarantine Endpoint workflow. This dialog box lets you specify the quarantine
group to which to add the selected endpoint. It also lets you assign the
corresponding Handle Unquarantined Machines task to the appropriate
Protection Center user.
Table 15-6 Quarantine using SEP action settings
Setting Description
Group Selection Specifies the quarantine group to which to add the endpoint.
Assign to User Specifies the Protection Center user to whom the Handle Unquarantined Machines
task is assigned.
The user that is assigned to the Handle Unquarantined Machines task must have
permission in Symantec Endpoint Protection to move a client.
The Action for Respond dialog box appears when you respond to a Handle
Unquarantined Machines task. This dialog box lets you confirm that you want
to remove the specified endpoint from quarantine and close the task.
The following table describes the settings that you can make for a Handle
Unquarantined Machines task.
Table 15-7 Handle Unquarantined Machines task settings
Setting Description
Quarantined Machines Displays the endpoint that is quarantined and lets you specify that you want to
unquarantine it.
Remove from Quarantine Specifies that the selected endpoint is removed from the quarantine group and is
placed back in its original group.
Close Task / Complete Specifies that the task is complete and closed.
Process
If a quarantined endpoint is moved out of the quarantine group within Symantec
Endpoint Protection, the corresponding task might remain open in Protection Center.
You need to close the Handle Unquarantined Machine task without taking any
further action.
Update Virus Definitions On Endpoint workflow

The Update Virus Definitions On Endpoint workflow updates the virus definitions
on the selected endpoint. No further user action is required.
Table 15-8 Update Virus Definitions On Endpoint workflow administration

settings
Setting Description
Hours To Wait For Specifies the time that the workflow waits for Symantec Endpoint Protection Manager
Command To Finish to confirm that the action has completed.
The workflow fails if the specified waiting time is exceeded. The Workflow Status
report is updated to show the workflow status as Failed. Protection Center also sends
a notification to the Newsfeed in the Protection Center dashboard.
This failure indicates that the command has not completed within the specified time.
However, the command might still be running on the Symantec Endpoint Protection
Manager server. You should check the status of the targeted endpoints before taking
any further action.
administrator.
The Update Virus Definitions On Endpoint workflow is available in the Specific

Malware report, through the Update definitions action. This workflow is also
available in the Specific Endpoint report, through the Update definitions button.
The Action for Update definitions dialog box appears when you start the Update
Virus Definitions On Endpoint workflow. This dialog box lets you confirm that
the correct endpoint is selected. The name and IP address of the selected endpoint
are displayed. You do not need to specify any further action settings.
Move Endpoint workflow

The Move Endpoint workflow moves the selected endpoint to the specified group.
No further user action is required.
Table 15-9 Move Endpoint workflow administration settings
Setting Description
administrator.
The Move Endpoint workflow is available in the Specific Malware report, through
the Move to a different SEP group action.
The Action for Move to a different SEP group dialog box appears when you start
the Move Endpoint workflow. This dialog box lets you specify the group to which
the endpoint is moved.
Table 15-10 Move to a different SEP group action settings
Setting Description
Group Selection Specifies the quarantine group to which the endpoint is moved.
Update Virus Definitions And Scan Endpoint workflow

The Update Virus Definitions And Scan Endpoint workflow updates the virus
definitions on the selected endpoint and then initiates a virus scan on the endpoint.
No further user action is required.
Table 15-11 Update Virus Definitions And Scan Endpoint workflow

administration settings
Setting Description
Hours To Wait For Specifies the time that the workflow waits for Symantec Endpoint Protection Manager
Command To Finish to confirm that the action has completed.
The workflow fails if the specified waiting time is exceeded. The Workflow Status
report is updated to show the workflow status as Failed. Protection Center also sends
a notification to the Newsfeed in the Protection Center dashboard.
This failure indicates that the command has not completed within the specified time.
However, the command might still be running on the Symantec Endpoint Protection
Manager server. You should check the status of the targeted endpoints before taking
any further action.
administrator.
The Update Virus Definitions And Scan Endpoint workflow is available in the
Specific Malware report, through the Update definitions and scan action.
The Action for Update definitions and scan dialog box appears when you start
the Update Virus Definitions And Scan Endpoint workflow. This dialog box lets
you specify the type of virus scan to perform on the endpoint.
Table 15-12 Update definitions and scan action settings
Setting Description
Scan Type Specifies the type of virus scan to perform on the endpoint:
■ Quick Scan
Scans only the most commonly infected areas.
■ Full Scan
Scans the entire computer.
NationalThreatLevelMonitor workflow
The NationalThreatLevelMonitor workflow monitors the NationalThreatLevel
data feed. When the threat level changes, the workflow sends an email alert to
the specified administrator. It runs in the background and no user action is

required.
This workflow is included with Protection Center.
Table 15-13 NationalThreatLevelMonitor workflow administration settings
Setting Description
Alert To Email Address Specifies the email address to which to send NationalThreatLevel alerts.
ZeroDayVulnerabilityMonitor workflow
The ZeroDayVulnerabilityMonitor workflow monitors the ZeroDayVulnerability
data feed. When a new infection is detected, the workflow sends an email alert to
the specified administrator. It runs in the background and no user action is
required.
This workflow is included with Protection Center.
Table 15-14 ZeroDayVulnerabilityMonitor workflow administration settings
Setting Description
Feed URL Specifies the URL of the ZeroDayVulnerability data feed.
The default is http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
Alert To Email Address Specifies the email address to which to send ZeroDayVulnerability alerts.

Index
A backup (continued)
action scheduling automatic 71
Move to a different SEP group, description 154 specifying settings 71
Move to a different SEP group, settings 155 Backup Exec System Recovery. See backup
Quarantine using SEP, description 152
Quarantine using SEP, settings 153 C
Update definitions and scan, description 155 chart
Update definitions and scan, settings 156 about 130
Update definitions, description 153 types used in reports 130
Update definitions, settings 154 community statistics
Active Directory about settings 82
authentication settings 56 configuring settings 82
Base DN, specifying 49 control panel
creating Protection Center user account from 51 about 102
server settings, specifying 47 accessing 103
user account authentication 46 activating Windows operating system from 106
user search filter, specifying 49 changing SPC_Admin password from 104
administrator SPC_Admin account 103–104
about 15 specifying network settings from 105
about administrator tasks 23 specifying Windows Update server location 106
accessing Protection Center as 16 updating Protection Center software from 103
changing user account password 19
initial setup options 18
initial setup tasks 18
D
role definition 23 dashboard
shutting down Protection Center 28 about 125
assets purging corporate threats chart 126
assets retention period setting 89 Global Intelligence Network status chart 126
newsfeed chart 126
product integration status chart 126
B product server status chart 125
backup protection overview chart 125
about 69 system status chart 126
about settings 72 ThreatCon status chart 126
backup file location 73 data
backup file password protection 73 backing up in Protection Center 69
backup schedule settings 74 chart 130
full 69 restoring from backups 74
image 69 running immediate backup 72
incremental 69 scheduling automatic backups 71
restoring from 74 data purging
running on demand 72 about settings 87
160 Index
data purging (continued) FTP (continued)

data types purged 88 diagnostics file transfer settings, specifying 115
disk space settings 87 using to send diagnostics file to Symantec
immediate setting 89 support 118
retention period setting 88
schedule setting 88 G
date and time
Global Intelligence Network
about settings 83
about 11
configuring settings 83
notifications in news feed 125
current time setting 83
time zone setting 83
DeepSight H
about 125 Home page. See dashboard
diagnostics data HTTP proxy server
creating support case 114 about 86
customer support ID 113, 116 specifying 86
diagnostics collection results 114 HTTPS certificate. See Web interface security
diagnostics configuration file 116 certificate
diagnostics file transfer details 114
diagnostics file transfer settings 117 I
gathering 111, 114 initial setup
resources for resolving issues 109 about 18
saving diagnostics results file 117 adding a product 33
sending diagnostics file to Symantec adding tenant of multi-tenant product 33
support 118 community statistics 18
support case settings 115 mail server 18
support diagnostics settings 112 product integration 18
DNS proxy server 18
address, alternate server 86 user accounts 18
address, primary server 86
specifying settings for IPv4 or IPv6 network 105
L
LDAP
E authentication settings 56
early warning alerts. See Global Intelligence Network Base DN, specifying 49
email creating Protection Center user account from 51
about settings 83 server settings, specifying 47
administrator address settings 83 user account authentication 46
configuring settings 83 user search filter, specifying 49
mail server settings 83 LiveUpdate. See software update
email settings
destination address 84
sending address 84 M
SMTP server name 84 message logging
SMTP server port 84 about settings 85
configuring settings 85
normal logging settings 85
F verbose logging settings 85
FTP Microsoft Active Directory. See Active Directory
diagnostics file transfer details, viewing 112
Index 161
N Protection Center (continued)

network how it works 12
about configuration settings 86 integrating a product 32
about settings 86 LDAP settings 47
configuring settings 86 logging in 16
configuring settings in control panel 105 logging out 19
default gateway setting 86 managing a product 127
DNS server setting, alternate 86 notifications. See notification
DNS server setting, primary 86 obtaining additional information 12
IP address setting, appliance 86 operating system, activating 106
subnet mask setting 86 product discovery 36
subnet prefix length setting 86 re-enabling a product 40
notification reports. See report
about 139 restarting 28
filtering in report 140 restoring from backup 74
severity, viewing 140 security auditing 25
state, changing 140 shutting down 28
state, viewing 140 software updates. See software update
viewing in report 140 updating software components manually 103
user account. See user account
user permissions 58
P Windows Update server location, specifying 106
password proxy server
changing 19 about settings 86
setting 55 configuring settings 86
SPC_Admin account, changing 104 HTTP proxy server name setting 87
product discovery settings HTTP proxy server port setting 87
configuring 36 purge. See assets purging. See data purging
multi-tenant host 36
Protection Center
about 11 R
about administrator tasks 15 report
about security manager tasks 15 about 129
about supported products 31 actions 131
Active Directory settings 47 chart 130
adding a product 33 deleting 135
backing up 69 description, modifying 137
See also backup distributing results by email 136
business analytics, configuring 28 distribution format settings 137
business analytics, overview 28 distribution frequency settings 137
configuration settings. See settings distribution, modifying 137
control panel. See control panel drill-down reports 132
dashboard 125 editing 136
default administrator account 44–45 email distribution settings 137
disabling a product 39 emailing 136
enabling a product 39 filter parameters 131
gathering diagnostics data 111 filter settings, saving 134
See also diagnostics data filter, about 131
getting started 15 filter, applying 133
Home page. See dashboard filter, custom values 133
162 Index
report (continued) settings (continued)

filter, enumerated values 133 control panel 102
filter, predefined time ranges 132 See also control panel
filter, removing 133 data purging 87
management settings 137 See also data purging
managing 136 date and time 83
name, modifying 137 See also date and time
notifications, summary details 140 email server 83
notifications, viewing 140 See also email
owner 137 LiveUpdate 67
process for using 132 message logging 85
properties 137 See also message logging
required parameters, specifying 132 network configuration 86
saved report, creating 134 See also network
scheduling 136 product access permission 61
viewing 132 Protection Center (local) authentication 55
viewing detailed reports 132 Protection Center configuration, about 79
workflow, starting 131 Protection Center user account permissions 57
restart proxy server 86
Protection Center 28 See also proxy server
restore report distribution 137
about 70 report management 137
backup file password protection 73 required supported product host 34
creating recovery disk 77 support case 115
data from backup files 74 Web interface security certificate
Symantec Recovery Disk 74 management 91–92
testing recovery disk 77 shut down
Protection Center 28
S SMTP
about 83
security auditing
specifying server 83
about 25
software update
information logged 27
about 63
Security Audit Logs report 27
checking for new updates on demand 64
viewing security audit logs 27
disabling automatic updates 67
security manager
downloading from LiveUpdate server 64
about 15
installing 64
about security management tasks 123
local LiveUpdate server settings 67
accessing Protection Center as 16
manual 103
changing user account password 19
using local LiveUpdate server 66
role definition 123
using Symantec LiveUpdate server 66
settings
viewing 64
accessing in user interface 82
SPC_Admin account
Active Directory and LDAP authentication 56
accessing control panel 103
Active Directory and LDAP server 47
changing password 104
administration, configuring for a workflow 145
supported product
advanced supported product host 35
about 31
backup 72
about managing 37
community statistics 82
accessing 127
See also community statistics
Index 163
supported product (continued) troubleshooting

adding 33 creating support case 114
adding tenant of multi-tenant 33 customer support ID 113, 116
advanced host settings for adding 35 diagnostics collection results 114
available 37 diagnostics configuration file 116
disabling 33, 39 diagnostics file transfer details 114
disabling instance 39 diagnostics file transfer settings 117
discovering available 33, 36 gathering diagnostics data 111, 114
discovering enabled multi-tenant 36 resources for resolving issues 109
enabled 37 saving diagnostics results file 117
enabling 33 sending diagnostics file to Symantec
enabling additional tenants 36 support 118
enabling available 39 support case settings 115
enabling instance 39 support diagnostics settings 112
integrating 32
list 37 U
management options 37
user account
managing 127
about 44
re-enabling 33, 40
about local authentication 54
removing 39
accessible products 44
required host settings for adding 34
Active Directory and LDAP authentication
required host settings for adding tenant of
settings 56
multi-tenant 35
authentication method 44
Symantec Recovery Disk
creating 51
creating 77
default administrator account 44–45
testing 77
deleting 62
using for restoring Protection Center 74
disabling 53, 56
Symantec Support
editing 53
using to resolve issue 111
email address 56
SymConnect forum
enabling 53
LDAP authentication 55
SymWISE
local authentication settings 55
managing 50
system logs
Microsoft Active Directory authentication 55
purging 85
modifying 53
password changing 19
viewing 85
password complexity requirements 19, 55, 105
password setting 55
T permissions 44
task process for configuring 45
about 143 product access permission settings 61
Action for Respond settings 153 reports only access to integrated product 61
actions 147 selecting Active Directory account for
completing 153 authentication 56
details 148 selecting LDAP account for authentication 56
Handle Unquarantined Machines 153 SPC_Admin account 45
managing 147 user authentication types 54
responding to assigned 149 user name 44
viewing 147 user permissions 58
164 Index
user account (continued) workflow (continued)

user permissions settings 57 Update Virus Definitions On Endpoint,
username 55 description 153
viewing summary details 50 Update Virus Definitions On Endpoint,
user interface settings 154
accessing 16 ZeroDayVulnerability 151
logging in 16 ZeroDayVulnerabilityMonitor, description 157
logging out 19 ZeroDayVulnerabilityMonitor, settings 157
supported browsers 16
user permissions settings
about 57
W
Web interface security certificate
backing up 93
certificate signing request, creating 95
exporting 93
importing 97
managing 91
self-signed certificate, creating 99
settings 92
workflow
about 143
available in Protection Center, list of 150
configuring action settings 146
configuring administration settings 145
details 148
Move Endpoint 150
Move Endpoint, description 154
Move Endpoint, settings 155
My Tasks chart 148
NationalThreatLevel 151
NationalThreatLevelMonitor, description 157
NationalThreatLevelMonitor, settings 157
process for using 144
Quarantine Endpoint 150
Quarantine Endpoint, description 152
Quarantine Endpoint, responding to task
assignment 153
Quarantine Endpoint, settings 152
starting in Protection Center 146
status, monitoring 147
Update Virus Definitions And Scan
Endpoint 151
Update Virus Definitions And Scan Endpoint,
description 155
Update Virus Definitions And Scan Endpoint,
settings 156
Update Virus Definitions On Endpoint 151

Symantec Protection Center 2 1 User Guide EN

Uploaded by

Copyright:

Available Formats

You might also like

Symantec Protection Center 2 1 User Guide EN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Symantec Protection Center 2 1 User Guide EN

Uploaded by

Copyright:

Available Formats

Symantec™ Protection Center

2.1 User Guide

Section 1 Protection Center Overview .................................... 9

Chapter 2 Getting started using Protection Center ........................ 15

Section 2 Setup and Administration ...................................... 21

Performing Protection Center administration tasks ............................ 23

Chapter 4 Working with Protection Center supported

Enabling a supported product ......................................................... 38

Chapter 5 Managing Protection Center user accounts .................. 43

Chapter 6 Managing Protection Center software updates ............ 63

Chapter 7 Backing up and recovering Protection Center .............. 69

Chapter 8 Configuring Protection Center settings .......................... 79

Chapter 9 Managing Protection Center Web interface security

Chapter 10 Using the Protection Center control panel ................... 101

Chapter 11 Getting help with Protection Center issues ................. 109

Section 3 Security Management ............................................. 121

Chapter 13 Using Protection Center reports ..................................... 129

Chapter 14 Working with notifications .............................................. 139

Chapter 15 Working with workflows and tasks ................................ 143

ZeroDayVulnerabilityMonitor workflow ................................... 157

Index ................................................................................................................... 159

■ Chapter 1. Introducing Protection Center

■ Chapter 2. Getting started using Protection Center

■ About Protection Center

■ How Protection Center works

■ Where to get more information about Protection Center

About Protection Center

■ Single sign-on access to Symantec and third-party security products.

How Protection Center works

Where to get more information about Protection

Table 1-1 Where to get more information about Protection Center

See “About Protection Center” on page 11.

■ Getting started with Protection Center

■ Accessing Protection Center

■ Performing the initial setup of Protection Center

■ Changing your user account password

■ Logging out of Protection Center

Getting started with Protection Center

■ Monitor Protection Center performance by using reports.

Accessing Protection Center

See “Changing your user account password” on page 19.

Note: If your Protection Center installation uses a self-signed security certificate,

To access Protection Center

Performing the initial setup of Protection Center

Step Task Description

See “Integrating supported products” on page 32.

See “Setting up Protection Center user accounts” on page 45.

See “Email settings” on page 83.

See “Proxy server settings” on page 86.

See “Community statistics settings” on page 82.

Changing your user account password

Logging out of Protection Center

■ Chapter 3. Introduction to Protection Center administration

■ Chapter 4. Working with Protection Center supported products

■ Chapter 5. Managing Protection Center user accounts

■ Chapter 6. Managing Protection Center software updates

■ Chapter 7. Backing up and recovering Protection Center

■ Chapter 8. Configuring Protection Center settings