Professional Documents
Culture Documents
Symantec Protection Center 2 1 User Guide EN
Symantec Protection Center 2 1 User Guide EN
Symantec Protection Center 2 1 User Guide EN
Legal Notice
Copyright © 2011 Symantec Corporation. All rights reserved.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec
Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Item Description
Protection Center Web page High-level information about Protection Center and links to documentation and other
resources.
The Protection Center page is located on the Symantec Web site at the following URL:
http://go.symantec.com/protection-center
The links to the Protection Center documentation are available by clicking the Product
Manuals link, on the Use tab of the Protection Center page.
Symantec Protection Center Information about deploying Protection Center: the architecture, requirements,
Getting Started Guide appliance creation, and initial setup.
This information is available in PDF format by clicking Product Manuals on the Use
tab of the Protection Center page.
Symantec Protection Center Detailed information about modifying your Protection Center installation to suit the
Sizing and Scalability Guide requirements of your organization.
This information is available in PDF format by clicking Product Manuals on the Use
tab of the Protection Center page.
Symantec Protection Center Detailed information about using Protection Center, including administration and
Help security management.
This help is available in HTML format through Protection Center. You can access the
information through the Help option in the top right corner of the Protection Center
interface.
Symantec Protection Center Detailed information to help you understand and use the reports that are included
Reports Guide with Protection Center.
This information is available in PDF format by clicking Product Manuals on the Use
tab of the Protection Center page.
Symantec Protection Center The most current information about Protection Center features, known issues, and
Release Notes resolved issues.
This information is available in PDF format by clicking Product Manuals on the Use
tab of the Protection Center page.
Note: Some products that integrate their user interface with Protection Center
do not support all of the browsers that Protection Center supports. See the
documentation for the specific product to determine the browsers that the product
supports.
A current list of Symantec and third-party products that can integrate with
Protection Center is available at the following URL:
http://www.symantec.com/docs/DOC4806
Protection Center also requires that your monitor be set to a minimum resolution
of 1024x768 pixels.
Protection Center can support up to 10 concurrently logged-in users.
If you want to use more concurrently logged-in users, you may need to modify
your Protection Center installation. For more information, see the Symantec
Protection Center Sizing and Scalability Guide.
Table 2-1 Process for performing the initial setup of Protection Center
Step 1 Integrate supported Integrate any of the Protection Center supported products that are
products. available on your network.
Step 2 Set up user accounts. Set up the Protection Center user accounts that you require.
Step 3 Configure email settings. Set up the mail server that you want Protection Center to use for emailing
notifications and distributing reports. In addition, set up the email address
of the administrator who you want to receive the notifications that
Protection Center sends.
Step 4 Set up a proxy server. Specify an HTTP proxy server for Protection Center to use if your
organization uses an HTTP proxy.
Step 5 Set up Protection Center Enable the collection and sending of diagnostics data and anonymous
to collect and send usage data to Symantec. Although use of this feature is optional, you are
community statistics encouraged to use it to help Symantec provide improved product quality
data to Symantec. and enhanced support.
Your current view, which can be a Protection Center page or a product view, is
preserved between sessions. When you log in again, the same view is restored
automatically.
See “Getting started with Protection Center” on page 15.
See “Accessing Protection Center” on page 16.
To log out of Protection Center
◆ In Protection Center, at the top right of the header area, click Logout.
Section 2
Setup and Administration
Step 1 Log in to Protection Access Protection Center through the Protection Center interface. You
Center. normally log in to Protection Center using the predefined SPC_Admin
account.
Step 2 Perform the initial setup Complete the initial setup tasks that are required to ensure that Protection
of Protection Center. Center is ready for use.
Step 3 Configure software Configure Symantec LiveUpdate to regularly check for updates to the
update settings. Protection Center software components.
Step 4 Configure backup Configure Symantec Backup Exec System Recovery to create regular
settings. backups of Protection Center data and system files.
Step 5 Customize Protection Change the configuration settings to make Protection Center work in your
Center for your specific environment and ensure that it meets the needs of your
environment. organization.
Step 6 If necessary, replace the Replace the default self-signed certificate with a new certificate issued by
Web interface security a certificate authority or by your organization’s public key infrastructure
certificate. (PKI).
Step 7 Configure the workflows Configure each workflow to suit the requirements of your organization.
which let you perform After you perform this task, the security manager can then use the
actions on specific workflows to resolve any security issues that are detected in your
endpoints. environment.
Step 8 Perform the ongoing Integrate additional supported products as they become available on your
integration of additional network.
products with Protection
See “Integrating supported products” on page 32.
Center.
Introduction to Protection Center administration 25
About auditing Protection Center administration
Step 9 Perform the ongoing Set up additional Protection Center user accounts as needed.
setup of user accounts.
See “Setting up Protection Center user accounts” on page 45.
Step 10 Monitor the status of Monitor the status of your network and endpoint environment by using
your network and the reports that contain Protection Center-specific data.
computer environment.
See “About reports” on page 129.
Step 11 Identify and respond to Identify and respond to hardware, software, and performance issues
hardware, software, and through notifications. A notification is a message that informs you about
performance issues. an event that has occurred. Protection Center generates notifications
when you need to be made aware of an issue.
Step 12 Troubleshoot Protection Gather diagnostics information from Protection Center and send it to
Center as needed. Symantec for support purposes.
Field Description
Date The date and time that the entry was written to the security audit
log.
User The name of the Protection Center user that performed the
operation.
Client The FQDN or the IP address of the computer from which the
operation was initiated, if available.
By default, the security audit log stores the 10,000 most recent log entries. As
further events are logged, Protection Center rotates the security audit log to
remove the oldest entries. The Protection Center database purge schedule does
not purge the security audit log.
Introduction to Protection Center administration 27
Viewing the security audit logs
■ User
Lets you view all of the log entries that relate to a specific Protection
Center user.
■ Status
Lets you view all of the log entries that have a specific status. For example,
Success or Failure.
28 Introduction to Protection Center administration
About Protection Center business analytics
Shut down Use this option if you need to replace hardware or physically
move the appliance.
3 Click Proceed.
30 Introduction to Protection Center administration
Shutting down or restarting Protection Center
Chapter 4
Working with Protection
Center supported products
This chapter includes the following topics:
■ Data aggregation
Protection Center collects data from the supported products and aggregates
the data to create cross-product reports. Protection Center also receives and
displays notifications from the supported products.
■ Product management
Protection Center centralizes the management of supported products.
Protection Center lets you access multiple products through a single interface.
For more information on supported products, see the Symantec Protection Center
Getting Started Guide. You can access the guide through the Protection Center
page on the Symantec Web site. The Protection Center page is located at the
following URL:
http://go.symantec.com/protection-center
A current list of Symantec and third-party products that can integrate with
Protection Center is available at the following URL:
http://www.symantec.com/docs/DOC4806
Note: You can integrate Symantec Mail Security for Microsoft Exchange (Mail
Security) with Protection Center. However, the integration process that is described
in this section does not apply to Mail Security.
See Symantec Mail Security for Microsoft Exchange and Protection Center
Integration Guide.
Working with Protection Center supported products 33
Adding a supported product to Protection Center
The following table describes the process for integrating supported products with
Protection Center.
Step 1 Add the supported You can add supported products as part of the initial setup that you
products. perform when you first log in to Protection Center. You can also add
supported products from the product management page at any time.
Step 2 (Optional) Discover You can configure Protection Center to automatically discover the
supported products. supported products that are installed on your network.
Step 3 Enable the supported You can enable the supported products that are available on your network.
products. If multiple instances of a product are available, you can enable each
product instance individually.
Step 4 (Optional) Re-enable any An enabled product can become disconnected from Protection Center
products that have due to network connectivity issues or changes on the product host. You
become disconnected need to resolve the connection problem and re-enable the product in
from Protection Center. Protection Center.
Step 5 (Optional) Disable any You can disable any enabled products that you no longer want to manage
products that you no through Protection Center.
longer want to manage
See “Disabling a supported product” on page 39.
through Protection
Center.
To add a product as part of On the Initial Setup dialog box, under Product
the initial setup Integration, click Integrate products.
To add a product from the On the Admin menu, click Supported Products and
product management page then, on the product management page, click Add
Product.
2 In the Add and Enable Product Instance dialog box, specify the appropriate
product parameters.
See “Required supported product host settings” on page 34.
3 If you want to specify a particular tenant for a multi-tenant product, or if the
product host uses non-default configuration settings, click Advanced options.
In the Advanced options fields, specify the appropriate settings.
See “Advanced supported product host settings” on page 35.
4 Click Enable.
When Protection Center has validated the specified information, the product
host is added to the Enabled Supported Products tab.
Item Description
Product Applies to the Add and Enable Product Instance dialog box only.
Contains the names of all the Protection Center supported products in a drop-down list.
Working with Protection Center supported products 35
Advanced supported product host settings
Item Description
Host name Specifies the host name or IP address of the product instance that you want to add. You
can use IPv4 and IPv6 addresses.
In the Available Supported Products tab, this field is a drop-down list that contains the
names of all the available product instances. If only a single product instance is available,
the name is displayed in the following format: <Product Name (tenant name)>.
Administrator user Specifies the user name of an account that has full administrator access permissions to the
name product.
If you want to use a domain administrator account, you need to specify the domain. For
example, <Domain>\<User Name>.
Item Description
Tenant Applies to the Add and Enable Product Instance dialog box only.
Item Description
Data feed port Specifies the product host port that is used for data feeds. Protection Center uses the
specified port for all secure Web service calls after the supported product is enabled.
Note: If the product has a single Web services port configured, that port must be used for
both data feeds and registration.
Data feed user name Specifies the administrator account that has permission to access the data feed from the
product.
By default, the user name is the same as the administrator account that you specified in
the required product host settings.
Registration port Specifies the product host port that is used for enabling the product in Protection Center.
Protection Center uses the specified port for the unsecured registration Web service calls
to the product.
Note: If the product has a single Web services port configured, that port must be used for
both data feeds and registration.
Console port Specifies the product host port that is used to access the product user interface (sometimes
referred to as the product console). The product user interface is displayed in Protection
Center as a product view.
Protection Center uses the specified port for the single sign-on Web service calls.
Use HTTPS Specifies that the product uses HTTPS connections with Protection Center.
You should run the product discovery process when you first install Protection
Center. The discovery process can take up to a few hours to complete.
See “Enabling a supported product” on page 38.
See “About managing supported products” on page 37.
To discover Protection Center supported products on your network
1 In Protection Center, on the Admin > Settings menu, click Product Discovery.
2 On the Product Discovery page, under Discovery IP Selection, specify the
IP address range or particular IP addresses that you want to search.
You can use IPv4 and IPv6 addresses. You can specify multiple IP addresses
or IP ranges by separating each entry with a comma. You can separate the IP
addresses in the range by a dash.
3 Under Supported products to Discover, select the products for which you
want to search.
4 Click Discover Products.
The details of each product instance that is discovered are displayed. The
discovered product instances are automatically added to the list in the
Available Supported Products tab.
Option Description
Add Product Attempts to integrate a particular supported product with Protection Center. The supported
product must be installed on your network in a known location.
Option Description
Disable Product Disables the product that is selected in the Enabled Supported Products tab in Protection
Center.
The Available Supported Products tab displays the summary details of the
supported products that are available on your network but are not currently
enabled in Protection Center. You can enable the products that you want by
supplying the appropriate administrator credentials.
The Enabled Supported Products tab displays the summary details of the products
that are currently enabled in Protection Center. Each product panel indicates the
current connection status of the product host: Normal or Error. If a host has a
connection error, Protection Center cannot collect any data from the product.
You need to resolve the connection error and re-enable the product in Protection
Center.
See “Re-enabling a disconnected product” on page 40.
If both of the tabs are empty in the product management page, one of the following
states might apply:
■ You have not yet performed the product discovery process or added any
supported products.
See “Discovering supported products on your network” on page 36.
■ No Protection Center supported products can be accessed from the Protection
Center appliance location.
■ No Protection Center supported products are installed on your network.
■ No Protection Center supported products are installed on the Protection Center
appliance.
The product list has the same format in both tabs: a list of product panels, where
each panel shows the product name and version, and the number of hosts. Each
host corresponds to an available or an enabled product instance, according to the
tab. You can expand each product panel to view details of each product instance.
You can select an individual product instance in the expanded view.
you must enable the appropriate product host in Protection Center. If you have
more than one instance of an available supported product (multiple product hosts),
you must enable each product instance separately.
See “About supported products” on page 31.
See “Discovering supported products on your network” on page 36.
When you enable a product, you might need to supply the credentials of an account
that has administrator rights to the product instance. However, some products
do not require you to supply any credentials.
To enable a supported product
1 In Protection Center, on the Admin menu, click Supported Products.
2 On the product management page, on the Available Supported Products
tab, select the product that you want to enable.
3 On the product panel, click Enable Supported Product.
The product panel expands to show the required product host settings.
4 On the product panel, specify the appropriate settings.
See “Required supported product host settings” on page 34.
5 If you need to use non-default values for the registration port, the data feed
port, or the console port, click Advanced options.
In the Advanced options fields, specify the appropriate settings.
See “Advanced supported product host settings” on page 35.
6 Click Enable.
The product instance icon is removed from the Available Supported Products
tab and appears in the Enabled Supported Products tab.
7 If an error message is displayed, click Continue.
You need to determine why the integration was unsuccessful and take the
appropriate action to resolve the issue. A typical solution is to enter the
correct administrator account credentials.
6 Click Close.
The disabled product host is removed from the Enabled Supported Products
tab and it is added to the Available Supported Products tab.
8 Click OK.
42 Working with Protection Center supported products
Re-enabling a disconnected product
Chapter 5
Managing Protection Center
user accounts
This chapter includes the following topics:
Parameter Description
Unique user name The same user name cannot be used for two user accounts, even if the user accounts
use different authentication methods.
Authentication type Protection Center can authenticate users through local accounts, Microsoft Active
Directory, or LDAP.
Feature permissions The predefined administrator account, SPC_Admin, has all available permissions.
However, Protection Center lets you apply a reduced set of permissions to all other
user accounts.
Products Users can be assigned the rights to access the products that are integrated into
Protection Center. If a user can access a product, they can view data from that product
in Protection Center reports. If a user cannot access a product, the data from that
product is not included in any Protection Center reports generated by the user.
Step 1 Plan your Protection You might already have Microsoft Active Directory or LDAP user
Center user accounts. accounts set up for your network. You can use these existing accounts
as the basis for corresponding Protection Center user accounts. Microsoft
Active Directory or LDAP authenticates the user credentials when the
user logs in to Protection Center. Alternatively, you can create new
accounts in Protection Center, and let Protection Center authenticate
the user credentials.
Step 2 Specify an Active Directory If you want to use existing Microsoft Active Directory or LDAP user
or LDAP server. accounts, you need to specify the appropriate Active Directory or LDAP
server.
Table 5-2 Process for setting up Protection Center user accounts (continued)
Step 3 Create each Protection You need to select the authentication method for the account and then
Center user account. specify the user details or select the appropriate Active Directory or
LDAP account.
You need to select the supported products that the user account can
access through Protection Center.
Step 4 Modify and manage user You can modify a Protection Center user account at any time. However,
accounts as needed. changing the authentication method creates a new user account that
replaces the original account.
Item Description
Hostname Specifies the server on which the Microsoft Active Directory or domain controller resides.
You can enter the host name or IP address.
User name Specifies the user name of an account that has administrator rights to the Active Directory
or LDAP server.
This setting is required for secure authentication. Secure login to Active Directory is enabled
by default, so you should specify user credentials for the first connection attempt.
Item Description
Authentication type Specifies the way in which Protection Center queries the Active Directory or LDAP server
as follows:
■ Secure
The connection request sends the credentials that you configured. Protection Center
connects securely to the Active Directory or LDAP server. You need to specify the
appropriate user name and password.
■ Anonymous
The connection request does not use any credentials.
Use SSL Specifies that Protection Center uses SSL for communication with the Active Directory or
LDAP server.
To make this work, your Active Directory or LDAP server needs to be properly configured
to use SSL.
Base DN Specifies the base distinguished name: the top level of the LDAP directory tree.
Build Opens the Build Base Distinguished Name dialog box that lets you specify the Base DN.
User search filter Specifies the filter search string to extract the user information that Protection Center
requires.
Build Opens the Build Search Filter dialog box that lets you specify the filter search string.
Test LDAP Settings Tests the settings to verify that they are correctly specified. This option duplicates the
Save Changes functionality.
Protection Center verifies the following:
If any settings cannot be verified, an appropriate error message is displayed. If all of the
settings are verified, Protection Center saves the settings.
Directory is set up in your organization, the Base DN can have one or more values.
The Base DN indicates the location to search for a user.
See “Using an Active Directory or LDAP server for user account authentication”
on page 46.
You need to represent each Base DN value by a DC= prefix entry and separate
multiple values with commas.
An example follows:
CN=Users,DC=myDomain,DC=com
where Users is the name of the container in which the user accounts are located
in the directory tree. This container is found at the root of myDomain.com which
is usually the zone or your domain name.
To specify the Base DN
1 In Protection Center, on the Admin > Settings menu, click Active Directory
and LDAP.
2 On the Active Directory and LDAP server settings page, next to Base DN, click
Build.
3 In the Build Base Distinguished Name dialog box, click the folder that you
want to use.
The Selected DN box displays the selected folder name.
4 Click OK.
The specified Base DN is added to the Base DN box in the Active Directory
and LDAP server settings page.
■ anr=
Specifies to use Ambiguous Name Resolution.
■ uid=
Specifies to also search by user ID.
■ %s*
Specifies to match partial strings as well as whole names.
To specify the user search filter
1 In Protection Center, on the Admin > Settings menu, click Active Directory
and LDAP.
2 On the Active Directory and LDAP server settings page, next to User search
filter, click Build.
3 In the Build Search Filter dialog box, in the Search for a user box, type the
common name of a user that exists on the LDAP server.
When you start typing the common name, an auto complete list lets you select
the appropriate user. When you select a user, a list of properties that the
LDAP server stores for the selected user is displayed.
4 Select the object classes and user properties that you want to include in your
user searches.
5 The User Search Filter box displays the syntax of the corresponding user
search filter.
6 Click OK.
The specified user search filter string is added to the User search filter box
in the Active Directory and LDAP server settings page.
Option Description
New Accesses the Create User Account dialog box, which lets you create
a Protection Center user account.
Edit Accesses the Edit User Account dialog box, which lets you modify the
selected Protection Center user account.
Delete Accesses the Delete User Account dialog box, which lets you delete
the selected Protection Center user account.
To create a user account as On the initial settings dialog box, under User Accounts,
part of the initial setup click Create accounts.
2 In the User Accounts dialog box or the Create User Account dialog box, click
the appropriate authentication method:
Active Directory or LDAP Creates a user account that authenticates with your
authenticated account Active Directory or LDAP server.
If you created an Active Specify the Active Directory account or LDAP account
Directory or an LDAP to use.
account
Protection Center extracts the account details from
the Active Directory or LDAP server.
8 (Optional) If you want to notify the user that the new Protection Center user
account is available, click Send notification to this user.
Protection Center sends an email notification to the email address that you
specified in the authentication settings.
This option is available only when a mail server is configured for Protection
Center and an email address is specified in the new user account.
See “Email settings” on page 83.
9 Click Finish.
3 In the Edit a Protection Center user account dialog box, on the Account
Details and Permissions tab, edit the Protection Center user account details.
If you change the authentication type, the appropriate fields are displayed.
You need to specify the required details.
See “Protection Center user account authentication types” on page 54.
See “Protection Center (local) user authentication settings” on page 55.
See “Active Directory and LDAP authentication settings” on page 56.
4 Modify the Protection Center user permissions for the account.
See “Protection Center user account permissions settings” on page 57.
5 On the Supported Product Access tab, modify the supported products that
the account can access.
See “Supported product access permission settings” on page 61.
6 Click OK.
Type Description
Protection Center (local) The user account is a local Protection Center user account. When the user logs in to
Protection Center, the user name and password that they specify are authenticated by
Protection Center.
Type Description
Active Directory or LDAP The Protection Center user account is matched with a corresponding user account that
already exists in Microsoft Active Directory or LDAP. When the user logs in to Protection
Center, the user name and password are passed to the Active Directory or the LDAP
server for authentication.
Before you can select any Active Directory or LDAP user accounts, you need to specify
the Active Directory or LDAP server to use for authentication.
See “Using an Active Directory or LDAP server for user account authentication”
on page 46.
Item Description
User name Specifies the account user name. The user name is the unique identifier of the Protection
Center user account.
Password Specifies the account password. The same password must be specified in both fields.
Confirm password A local Protection Center password must contain at least eight characters and include three
of the following:
Item Description
First name Specifies the first name of the Protection Center user.
Last name Specifies the last name of the Protection Center user.
Email address Specifies the email address of the Protection Center user.
This feature is available only when a mail server is configured for Protection Center.
This option lets you create user accounts in advance but prevent the users from accessing
Protection Center until you allow it. When you want to roll out new accounts to the users,
you only need to enable the appropriate accounts.
This setting is available only when you modify a Protection Center user account.
Item Description
Active Directory or LDAP Specifies the user name of the Microsoft Active Directory or LDAP account that you
Account Name want to use in Protection Center.
This setting is available only when you create a new Protection Center user account.
This field is an active search field: it matches the text string that you type with the
available accounts by first name, last name, and user name.
Protection Center imports the account details from the Active Directory or LDAP server
and the remaining fields are populated automatically.
User name Specifies the user name of the specified Active Directory or LDAP account.
First name Specifies the first name of the specified Active Directory or LDAP account.
Last name Specifies the last name of the specified Active Directory or LDAP account.
Email Specifies the email address of the specified Active Directory or LDAP account.
Item Description
Protection Center Contains the permissions that apply to the user account.
Permissions
See “Protection Center user account permissions” on page 58.
Copy permissions from Copies the user permissions from another Protection Center user account. The
appropriate permissions are applied as the default settings for the user account.
The drop-down list contains all of the available Protection Center user accounts. When
you select the account that you want, the appropriate permissions are checked. You
can modify them to suit the requirements of the new user.
You cannot use this feature to select and merge the permissions from two or more user
accounts. Each time you repeat this process and select a user account, the selected
account settings overwrite the existing settings.
Permission Description
Supported Products Lets you add supported products to Protection Center. You can enable and disable
supported products as necessary.
User Management Lets you configure Protection Center user accounts to give each user access to the
appropriate Protection Center features and functionality.
Software Update Lets you view the software updates that have been downloaded and are available for
installation on Protection Center. You can select the updates that you want to install.
Settings Lets you enable or disable all of the Settings options. If this option is selected, the View
and Manage permissions for all of the Settings options are selected. If this option is
cleared, all permissions for all of the Settings options are removed.
Active Directory and Lets you specify the Microsoft Active Directory or LDAP server that Protection Center
LDAP uses to authenticate user accounts.
See “Using an Active Directory or LDAP server for user account authentication”
on page 46.
Backup Lets you configure Protection Center backups. Protection Center uses Symantec Backup
Exec System Recovery to create regular backups.
Certificates Lets you manage the SSL certificate that is used to secure the Protection Center interface.
You can replace the default self-signed certificate with a new certificate. You can also
save the existing certificate to a backup file and restore it when necessary.
See “About managing Protection Center Web interface security certificates” on page 91.
Community Statistics Lets you specify whether Protection Center collects community statistics data and
sends it to Symantec for diagnostics purposes.
Permission Description
Date and Time Lets you set the date and time of the Protection Center appliance.
Email Lets you configure the Protection Center email settings. Protection Center uses emails
to alert the administrator about the items that might require attention.
LiveUpdate Lets you choose whether to use the Symantec LiveUpdate server or a local LiveUpdate
server for Protection Center software updates. If you use a local LiveUpdate server,
you can specify the appropriate server details.
Message Logging Lets you choose the logging level that Protection Center uses: normal logging or verbose
logging.
Network Lets you configure the network settings for Protection Center.
This feature applies only to locally authenticated accounts. Accounts that use Active
Directory or LDAP authentication cannot be modified within Protection Center.
Product Discovery Lets you discover the Protection Center supported products that are installed on your
network.
Proxy Lets you configure an HTTP proxy server for Protection Center. A proxy server helps
to increase the security of Protection Center.
Purge Lets you control the purging of old data from the Protection Center database. You can
set the number of days that data is retained in the database.
Security Audit Logs Lets you view the Security Audit Logs report. This report contains a record of the
security events and sensitive changes that have been made in Protection Center.
Permission Description
Support Diagnostics Lets you gather diagnostics information and send it to Symantec for support purposes.
Item Description
Integrated Product Specifies the product instance to which you want the Protection Center user account
to have access.
62 Managing Protection Center user accounts
Deleting a Protection Center user account
Item Description
Linked user name Specifies the product user account that you want to link to the Protection Center user
account.
Each product user account can map to only one Protection Center user account.
Protection Center enforces this 1:1 user account mapping for security auditing purposes.
A warning is displayed if you attempt to map a product user account to multiple
Protection Center user accounts.
Note: Mapping multiple Protection Center user accounts to a single product user
account (and vice versa) was permitted in Protection Center 2.0. When you upgrade to
Protection Center 2.1, all instances of multiple mapping are cleared and a notification
is displayed in the Protection Center dashboard. You need to edit each affected Protection
Center user account to map it to the appropriate product user account.
■ Add
Adds the specified product host and linked user account to the Protection Center
user account.
■ Remove
Removes the product host and linked user account from the Protection Center user
account.
■ LiveUpdate settings
Note: Protection Center performs a backup before the software update installation
starts. This process might interrupt the activities of Protection Center users. The
administrator that starts the installation process sees a dialog box that displays
the current status of the installation, but the other users see nothing. If you want
to alert other Protection Center users to a software update, you need to notify
them manually.
Managing Protection Center software updates 65
Managing Protection Center software updates
Available Updates Displays the details of the software updates that have
been downloaded from the LiveUpdate server and are
available for installation on Protection Center.
Installed Updates Displays the details of the software updates that have
been installed on Protection Center.
Note: This feature supports the use of an HTTP proxy server to access the updates.
An FTP proxy server is not supported.
LiveUpdate settings
Protection Center lets you specify the LiveUpdate server to use. You can choose
whether to use the Symantec LiveUpdate server or a local LiveUpdate server for
Protection Center software updates. If you use a local LiveUpdate server, you can
specify the appropriate server details. If you do not want Protection Center to
Managing Protection Center software updates 67
LiveUpdate settings
access the Internet, either directly or through the proxy server, you can disable
the LiveUpdate feature. You can manually download the software updates that
you need and install the updates through the Protection Center control panel.
See “About Protection Center software updates” on page 63.
See “Managing Protection Center software updates” on page 64.
See “Specifying the LiveUpdate server to use” on page 66.
Item Description
Directly from Specifies that Protection Center downloads the appropriate software updates directly from
Symantec the Symantec LiveUpdate server.
Using a LiveUpdate Specifies that Protection Center uses a LiveUpdate server running locally within your
Admin Server firewall. Protection Center downloads the appropriate software updates from the specified
server instead of using the Symantec LiveUpdate server.
You need to specify the local LiveUpdate server to use as follows:
■ Host - the server name, including the Fully Qualified Domain Name. Alternatively you
can use the IP address of the LiveUpdate server host.
■ Path - the network path to the host server.
■ Protocol - the transport protocol that Protection Center uses for downloading software
updates from the host server.
The available options are: HTTP, HTTPS, and FTP.
■ Port - the port to use on the host server.
The port number depends on the transport protocol that you use. For HTTP, use port
80. For HTTPS, use port 443. For FTP, use port 21.
■ User name - the user name of an administrator account on the host server.
■ Password - the password for the administrator account on the host.
The Test LiveUpdate Settings button lets you verify the settings that you have specified.
Do not use LiveUpdate Specifies that Protection Center does not access any LiveUpdate server.
You need to manually download the software updates that you require. You can install
software updates manually through the Protection Center control panel.
■ Backup settings
Note: The Protection Center backup does not include the Web interface security
certificate and private key. You should create a backup of the certificate as part
of your regular backup process.
See “Exporting a copy of the Protection Center Web interface security certificate”
on page 93.
The first backup that is scheduled each week is a full backup; any other backups
that are scheduled for the same week are incremental backups. Protection Center
maintains backup files for the current week and for a specified number of previous
weeks. The backup purge settings let you specify how many weekly sets of backup
files to preserve. Any backups that are older than the specified number of weeks
are deleted.
You may need to modify your Protection Center installation to suit the
requirements of your organization. For more information, see the Symantec
Protection Center Sizing and Scalability Guide.
If a problem occurs within Protection Center, such as a corrupt file, you can restore
the backup image to the existing Protection Center appliance. If the Protection
Center hard drive fails, you can replace that hard drive and restore the backup
image to the new drive. When you restore Protection Center from your backups,
the full backup image is installed first. The incremental backup files are then
processed one after another in the order that they were created. If the most recent
backup is a full image, then there are no incremental backup files to restore.
See “Restoring Protection Center” on page 74.
To restore Protection Center, you need a Symantec Recovery Disk. This disk is a
CD/DVD that you use to start the appliance and recover the Protection Center
hard drive from the backups that you made. The Symantec Recovery Disk is not
supplied with Protection Center: you need to create the Symantec Recovery Disk
yourself. You can download the ISO image from Symantec FileConnect and burn
it onto a blank CD/DVD. The Symantec FileConnect page is located at the following
URL:
https://fileconnect.symantec.com
To ensure that the recovery disk is available when you need it, you should create
the recovery disk when you configure backups.
See “Creating the Symantec Recovery Disk” on page 77.
See “Testing the Symantec Recovery Disk” on page 77.
Backing up and recovering Protection Center 71
Scheduling automatic backups
you apply software updates to Protection Center, in case you need to roll back the
changes. This backup is an incremental backup that is in addition to the backup
schedule. It does not affect the scheduled backup process. For purging purposes,
this incremental backup is treated as part of the weekly backup set. A backup set
is a set of one full backup and the incremental backups that were taken in the
same week.
See “About Protection Center backup and recovery” on page 69.
To run a backup on demand
1 In Protection Center, on the Admin > Settings menu, click Backup.
2 On the backup settings page, specify the appropriate file location settings
and password settings.
See “Backup settings” on page 72.
3 Click Run Backup Now.
Backup settings
You can configure settings for backup file location, password-protected backups,
incremental backup schedules, and backup file purging. You can also override the
backup schedule and run a backup of the Protection Center hard drive immediately.
See “Scheduling automatic backups” on page 71.
Backing up and recovering Protection Center 73
Backup settings
Item Description
Backup File Location Specifies the backup file location and access credentials.
Settings You need to specify the following:
■ Location
The location to store your Protection Center backup files.
Specify the full path to the location where the backup files are to be stored. You must
store backup files in a shared network folder. Specify the path name in the following
format: \\server\share.
■ Provide credentials
When this option is checked, it specifies that the network share location requires
authentication.
■ User name
The user name of the account that you want to use for logging in to the backup network
share location.
Specify the user name together with the domain name or the workgroup name. Separate
the two names with a backslash.
■ Password
The password of the account that you want to use for logging in to the network share
location.
Backup File Password Specifies the password that must be supplied to restore Protection Center from the backup
Settings files. To ensure security, all backup files must be password-protected.
You need to specify the following:
■ Password
■ Confirm password
74 Backing up and recovering Protection Center
Restoring Protection Center
Item Description
Backup Schedule Specifies the backup schedule. To help prevent excessive load on the Protection Center
Settings appliance, Symantec recommends that you run the backup process outside normal working
hours.
You can specify the following:
■ Time of day
The time of day when the backup process starts on the specified days. The time is server
time and is specified using a 24-hour clock.
■ Days of week
The days of the week on which incremental backups are created.
You can specify the particular days of the week to run the backup process. For example,
you might select all of the weekdays but skip the weekend when the data changes are
minimal.
The first backup that is made on the schedule is a full backup image. A full backup is
made each week on the same day and the same time. All of the other backups in the
schedule are incremental backups.
Run Backup Now Runs a backup of the Protection Center hard drive immediately. This backup is an
incremental backup that is in addition to the backup schedule. It does not affect the
scheduled backup process. For purging purposes, this incremental backup is treated as part
of the weekly backup set. A backup set is a set of one full backup and a number of incremental
backups.
To restore the most recent In the View recovery points by drop-down list, select
backup System.
To restore an earlier backup In the View recovery points by drop-down list, select
Filename.
12 When you are prompted for the backup file password, enter the password
and click OK.
13 Click Next.
14 (Optional) In the Initialize Disk Partition Structures dialog box, select the
appropriate disk and then click OK.
This step always occurs on fresh systems and occasionally on wiped systems.
15 In the Drives to Recover dialog box, uncheck Verify recovery point before
restore.
16 Select the drive that you want to restore.
17 Click Edit and then in the Edit Target Drive and Options dialog box, check
Restore Master Boot Record.
18 Click OK and then click Next.
19 In the Completing the recover My Computer Wizard dialog, uncheck Reboot
when finished.
20 Verify that all the settings are correct and then click Finish to start the
recovery.
The recovery progress bar displays the completion percentage of the recovery
process and the time remaining until completion.
Backing up and recovering Protection Center 77
Creating the Symantec Recovery Disk
21 When the recovery process is complete, click Close in the dialog box.
The last message in the final dialog box informs you that upon exiting the
application, the appliance must be restarted.
22 Click Yes.
Testing the Symantec Recovery Disk lets you identify and solve the following
types of problems:
■ You cannot start the Symantec Recovery Disk.
■ You do not have the necessary storage drivers to access the backup files that
you need.
■ You need information about your system to help you run the Symantec
Recovery Disk.
You can access help for the Symantec Recovery Disk by clicking the Help link at
the bottom left corner of the home page.
To test the Symantec Recovery Disk
1 Start the Protection Center computer using the Symantec Recovery Disk.
2 Run a mock restore of a backup file that is stored on a shared network drive
to test the connection.
Protection Center does not support storing backup files on local drives or on
CD/DVD.
3 Remove the Symantec Recovery Disk.
Chapter 8
Configuring Protection
Center settings
This chapter includes the following topics:
■ Email settings
■ Purge settings
you first log in to Protection Center with the predefined Protection Center
administrator (SPC_Admin) account. The initial settings dialog box provides
information on the initial setup tasks that you need to perform to get Protection
Center ready for use.
See “Performing the initial setup of Protection Center” on page 18.
Most of the Protection Center configuration functionality is intended for the
administrator only. However, the administrator can give a user read-only or
management access to particular Settings menu options by setting the appropriate
permissions in the user account.
The following table describes the Protection Center configuration settings.
Item Description
Active Directory and Lets you specify the Microsoft Active Directory or LDAP server that Protection Center
LDAP uses to authenticate user accounts.
See “Using an Active Directory or LDAP server for user account authentication”
on page 46.
Backup Lets you configure Protection Center backups. Protection Center uses Symantec Backup
Exec System Recovery to create regular backups.
Certificates Lets you manage the HTTPS certificate that is used to secure the Protection Center
interface. You can replace the default self-signed certificate with a new certificate. You
can also save the existing certificate to a backup file and restore it when necessary.
See “About managing Protection Center Web interface security certificates” on page 91.
Community Statistics Lets you enable the collection and sending of diagnostics and anonymous usage data
to the Symantec Global Intelligence Network. This data helps Symantec to identify
emerging threats and trending on a global scale.
Date and Time Lets you set the date and time of Protection Center.
Email Lets you set the email address Protection Center uses to send messages to alert the
administrator about the items that might require attention. Email is also used to
distribute reports.
Item Description
LiveUpdate Lets you choose whether to use the Symantec LiveUpdate server or a local LiveUpdate
server for Protection Center software updates. If you use a local LiveUpdate server,
you can specify the appropriate server details.
Message Logging Lets you choose the logging level that Protection Center uses: normal logging or verbose
logging.
Network Lets you change the IPv4 or IPv6 address of Protection Center.
Product Discovery Lets you discover the Protection Center supported products that are installed on your
network.
Proxy Lets you configure an HTTP proxy server for Protection Center. A proxy server helps
to increase the security of Protection Center.
Purge Lets you control the purging of old data from the Protection Center database. You can
set the number of days that data is retained in the database.
Security Audit Logs Lets you view the Security Audit Logs report. This report contains a record of the
security events and sensitive changes that have been made in Protection Center.
Support Diagnostics Lets you gather diagnostics information and send it to Symantec for support purposes.
Item Description
Item Description
Enable community Specifies that the community statistics data is collected and sent to Symantec. This setting
statistics is enabled by default. You are encouraged to keep this feature enabled so that Symantec
can use the data to provide improved product quality and enhanced support.
Item Description
Appliance time zone Lets you set the time zone where Protection Center is located. The time zone is detected
automatically, but you can change it if necessary.
Appliance date and Lets you set the current Protection Center date and time.
time
Email settings
You can specify the mail server that Protection Center uses to send email messages.
Protection Center can send messages to users, such as a notification when their
new user accounts are created. You can also specify the administrator email
addresses to which Protection Center sends messages. The email address can be
any valid SMTP address that your SMTP server recognizes.
The SMTP server that you use must accept SSL connections. To ensure mail
security, Protection Center encrypts all messages.
See “Protection Center configuration settings” on page 79.
See “Accessing the Protection Center configuration settings” on page 82.
Protection Center sends an email message when an urgent issue arises that might
need attention. These email messages are related to the functioning of Protection
Center.
84 Configuring Protection Center settings
Email settings
When you supply an email address and valid SMTP server information, you can
receive the email messages that contain the following information:
■ Notices of reports successfully distributed
■ Automatic actions executed
■ System checks
■ Notifications from supported products
■ Notices of issues with Protection Center
These email messages help you monitor and manage Protection Center activities.
Item Description
Server Lets you specify the host name or IP address of the SMTP server that Protection
Center uses to send email messages.
Protection Center uses this server to send email messages to alert the administrator
of any urgent issues and to distribute regularly scheduled reports.
Port Lets you set the port that is used to access the SMTP server.
User name Lets you enter the user name of an account that has the right to access the SMTP
server.
Password Lets you enter the password for the user account.
Item Description
From address Lets you set the email address that is shown as the email sender in all email messages
that Protection Center sends.
From name Lets you set the email sender name. This name is shown as the email sender (From:)
name in all email messages that Protection Center sends.
This name should correspond to the email address that you specified.
To address Lets you set the email address to which Protection Center sends administrative email
messages.
This address is not the email address to which regularly scheduled reports are sent.
The email addresses for reports are specified with each report.
Send availability alerts Lets you enable the sending of generated system notifications to the administrator.
Configuring Protection Center settings 85
Message logging settings
Item Description
Send Test Email Lets you test the mail server and address settings by sending an email message using
the current settings.
Item Description
address is optional. You must configure a static IP address. Protection Center does
not support dynamic IP addresses.
You can configure the network settings through the Protection Center interface
or through the Protection Center control panel.
See “Protection Center configuration settings” on page 79.
See “Accessing the Protection Center configuration settings” on page 82.
See “Protection Center control panel options” on page 101.
See “Accessing the Protection Center control panel” on page 103.
See “Specifying network settings” on page 105.
Item Description
Subnet prefix length (IPv6 addresses only) Specifies the length of the subnet prefix.
Item Description
Item Description
Do not use an HTTP proxy server Specifies that Protection Center does not use a proxy server for HTTP
connections.
Use the specified HTTP proxy server Specifies that Protection Center uses an HTTP proxy server.
settings
HTTP proxy server Specifies the host name or IP address of the HTTP proxy server that you
want Protection Center to use.
Proxy server port Specifies the port that is used to access the HTTP proxy server.
HTTP proxy server user name Specifies the user name of an account that has the right to access the HTTP
proxy server.
HTTP proxy server password Specifies the password of the user account that has the right to access the
HTTP proxy server.
Test HTTP Settings Tests the HTTP proxy server settings. Protection Center uses the specified
settings in an attempt to connect to an external Web site.
You need to save the configuration settings before you can test the HTTP
proxy settings.
If an error message appears when you test the settings, ensure that your
authentication credentials are correct and that your proxy server is running.
You should also ensure that there are no general network errors.
Purge settings
You can control how long Protection Center data is kept before it is removed from
the Protection Center database. The Purge settings page lets you configure the
number of days for storing data. The purge operation does not affect the data that
is stored in the integrated products' database.
The Purge settings page also lets you manage the retention period for keeping
asset data in the Protection Center database. An asset is an endpoint that one or
more of the integrated security products currently monitor. Integrated products
send asset data to Protection Center along with other data. If an integrated product
88 Configuring Protection Center settings
Purge settings
does not report an asset for the specified number of days, the asset data is marked
as purged. The default retention period for keeping asset data in the database is
45 days.
When two thirds of the configured asset data retention period expires, the assets
are shown in the Endpoint List report under the Pending Removal filter.
The assets that are marked as purged are kept for an additional period equal to
the retention period. After twice the asset purge period, if the asset is not reported,
the asset is deleted from the Protection Center database. However, if during that
period an integrated product reports data about the asset, the asset is restored.
See “Protection Center configuration settings” on page 79.
See “Accessing the Protection Center configuration settings” on page 82.
The purge feature deletes the following data:
■ Event summary data that Protection Center generates based on the processing
of incoming events
■ Event data that is stored in archives
■ Diagnostics core dumps
■ Log data
■ Asset data
Protection Center displays the total disk space for the following types of data:
notifications, raw events, summary data, asset data, support files, and other data.
This information helps you understand the amount of disk space that Protection
Center uses.
Item Description
Daily data purge time Lets you set the time of day when the purging process starts.
Symantec recommends that you set the purging process to run at off-peak times.
Purging data at off-peak times helps prevent excessive load on Protection Center
during peak times.
Days to keep data Lets you set the maximum time that data is stored in the Protection Center database.
Item Description
Days to keep assets after the Lets you set the maximum time that asset data is stored after the last time that the
last connection asset was connected to the network. If an integrated product does not report an asset
for the specified number of days, the asset data is marked as purged.
Asset data that is marked as purged is kept for an additional period equal to the
retention period. If during this period an integrated product reports data about the
asset, the asset is restored.
All data that is older than the current Days to keep data setting is removed from the
database.
Asset data for the assets that an integrated product has not reported for more that
the current Days to keep assets after the last connection time is marked as purged.
All asset data that has been marked as purged for more than the current Days to
keep assets after the last connection time is deleted from the Protection Center
database.
If the values of Days to keep data and Days to keep assets after the last connection
have not been saved, Protection Center uses the last saved values in the purging
process. Be sure to click Save Changes before you click Purge now.
90 Configuring Protection Center settings
Purge settings
Chapter 9
Managing Protection Center
Web interface security
certificates
This chapter includes the following topics:
Note: This certificate applies only to the Protection Center Web interface. It is not
used for securing integrated products.
Protection Center lets you perform the following Web interface security certificate
management tasks:
■ Create a certificate signing request (CSR) to obtain a new certificate from a
certificate authority (CA).
■ Replace the default self-signed certificate with a new certificate issued by a
CA or by your organization’s public key infrastructure (PKI).
■ Create a new self-signed certificate and use that certificate in Protection Center.
You might want to create a new self-signed certificate if the existing self-signed
certificate has been compromised or if a certificate issued by a CA has expired.
Protection Center displays a warning message on the newsfeed in the Protection
Center dashboard if the current certificate is due to expire within 30 days.
■ Create a backup of the existing certificate by exporting a copy of it to an
external location.
You should back up the existing certificate as part of your regular backup
process. The Protection Center backup schedule backs up the database and
Protection Center settings, but does not include the HTTPS certificate.
Item Description
Learn more about SSL This link opens a Web page that contains detailed information about SSL certificates:
certificates
http://www.verisign.com/ssl/index.html
Current Certificate This panel shows details of the Web interface security certificate that Protection Center
Details currently uses.
Export Certificate This option lets you export a copy of the current certificate and associated private key to
an external file. You can use this feature to create a backup of the certificate or to move
the certificate to another computer.
You should create a backup of the existing certificate as part of your regular backup process.
The Protection Center backup schedule backs up the database and Protection Center settings,
but does not include the HTTPS certificate.
See “Exporting a copy of the Protection Center Web interface security certificate” on page 93.
Import Certificate This option lets you load a certificate into Protection Center. You can import the certificate
file or copy and paste the certificate block.
Create Self-signed This option lets you create and apply a self-signed certificate for Protection Center to use.
Certificate
See “Creating and applying a self-signed certificate” on page 99.
Create CSR This option lets you create a certificate signing request (CSR), which you can use to obtain
a certificate from a certificate authority.
As part of the export process, you can specify a password to protect the certificate
and private key. Protection Center generates a PFX file that contains the certificate
and private key and displays it in a read-only text box. You can copy and paste
the content into a text file, or you can save the PFX file to a specified location.
To export a copy of the Protection Center Web interface security certificate
1 In Protection Center, on the Admin > Settings menu, click Certificates.
2 On the Certificate Settings page, click Export Certificate.
3 In the Export Certificate dialog box, specify an encryption password:
4 Click Next.
Managing Protection Center Web interface security certificates 95
Creating a certificate signing request (CSR)
To copy the certificate block Select the certificate block text and copy it. You can
paste the copied text to the appropriate location.
6 Click Close.
■ You want to replace the existing self-signed certificate with one that the
computers that access the Protection Center interface already trust.
To create a certificate signing request (CSR)
1 In Protection Center, on the Admin > Settings menu, click Certificates.
2 On the Certificate Settings page, click Create CSR.
3 In the Create CSR dialog box, specify the appropriate information.
You need to specify the information in the format that the CA requires. Consult
the CA for details on which fields must be specified and what values are
allowed.
Common Name The name that the computer uses to access Protection
Center. This name might not be the same as the
computer name. The format is as follows:
spc.example.com
Contact Email For example, the email address of the current user, as
specified in the user account settings.
Country The two-letter ISO 3166 code for the country. For
example, US, JP, or FR.
4 Click Next.
Managing Protection Center Web interface security certificates 97
Importing a certificate into Protection Center
To copy the certificate Select the text and copy it. You can paste the copied
signing request text into a text file or the body of an email message to
send to the CA.
6 Click Close.
Note: This certificate applies only to the Protection Center Web interface and is
used for securing the Protection Center interface. Importing a new certificate into
Protection Center has no effect on the currently integrated products.
■ CER file
This file contains only the issued certificate. The
certificate is valid only if the public key matches the
private key that was used to generate a CSR previously.
■ P7B file
This file is similar to a CER file but contains the entire
certificate chain.
■ PFX file
This file contains the certificate, private key, and possibly
the chain. The file may be password-protected. Unlike
CER and P7B files, the key does not need to be associated
with a private key that was used to generate a CSR
previously.
Certificate File In the File box, specify the file name or click Browse and
then select the appropriate file.
Managing Protection Center Web interface security certificates 99
Creating and applying a self-signed certificate
Note: This certificate applies only to the Protection Center Web interface and is
used for securing the Protection Center interface. Importing a new certificate into
Protection Center has no effect on the currently integrated products.
100 Managing Protection Center Web interface security certificates
Creating and applying a self-signed certificate
Common Name The name that the computer uses to access Protection
Center. This name might not be the same as the
computer name. The format is as follows:
spc.example.com
Contact Email For example, the email address of the current user, as
specified in the user account settings.
Country The two-letter ISO 3166 code for the country. For
example, US, JP, or FR.
The control panel is not the same as the Protection Center interface. The Protection
Center interface is a browser-based user interface that lets Protection Center
users log in to Protection Center from remote computers.
Before you can access the control panel, you need to connect a monitor directly
to the Protection Center appliance. Alternatively, you can use a virtual console if
one is provided within your virtual environment.
Note: Only the Protection Center administrator (SPC_Admin) account can access
the Protection Center control panel.
See “About the SPC_Admin account” on page 45.
Option Description
Protection Center Update Lets you update Protection Center by manually running a Protection Center update
file.
Administrator Password Lets you change the password for the predefined Protection Center administrator
account (SPC_Admin).
IPv4 Network Settings Lets you specify the IPv4 network settings that Protection Center uses.
IPv6 Network Settings Lets you specify the IPv6 network settings that Protection Center uses.
Windows Activation Lets you activate the copy of Microsoft Windows that Protection Center uses.
Language Lets you select the language to use for the Protection Center control panel.
Red button The red button with the circle and the vertical line shuts down Protection Center.
Arrow button Lets you log out, shut down, or restart the Protection Center appliance.
The arrow button opens a context menu that provides options to log out, restart, or
shut down Protection Center. This functionality is identical to pressing Ctrl+Alt+Del
on the Protection Center appliance.
Using the Protection Center control panel 103
Accessing the Protection Center control panel
Warning: When you install a PAC update manually, Protection Center does not
create a backup as part of the software update process. When you install any other
type of update (such as a system update or a documentation update) Protection
Center automatically creates a backup. Before you install a PAC update manually,
you should create a backup of Protection Center.
See “Running a backup on demand” on page 71.
4 Click OK.
To specify the IPv4 network Under IPv4 Network Settings, click Enter IPv4
settings Network Settings.
To specify the IPv6 network Under IPv6 Network Settings, click Enter IPv6
settings Network Settings.
3 In the Enter IPv4 Network Settings dialog box or Enter IPv6 Network
Settings dialog box, click one of the following:
Note: If you activated Windows during the appliance creation process, you do not
need to perform any further configuration. You should use this feature only when
you want to change the Windows settings.
Using the Protection Center control panel 107
Activating the Windows operating system
If the licensing server does not use the default port, you need to specify the correct
port. You need to append a colon (:) and the port number to the end of the server
name. For example, kms.server.com:6000 or 192.196.15.25:6000.
See “Protection Center control panel options” on page 101.
To activate the Windows operating system
1 Log in to Protection Center.
See “Accessing the Protection Center control panel” on page 103.
2 In the Protection Center control panel, under Windows Activation and
Settings, click Change Windows Settings.
If Windows has not been activated, the icon to the left of this option is yellow
and the text says Windows is not activated.
If Windows is already activated, no icon is displayed. The text says Windows
is activated and shows the appropriate product ID.
3 In the Change Windows Settings dialog box, under Activation, do one of the
following:
To use a product key Click Windows Product Key and then enter the
appropriate product key.
To use a licensing server Click Windows Licensing Server and then enter the
appropriate licensing server name.
4 Under Updates, specify the Windows Update Server that you want to use:
To use Microsoft's Update Click Use Microsoft's Windows Update Servers from
Servers the Internet.
To use a local update server Click Provide a URL to locally maintained Windows
Update Server and then enter the appropriate URL.
5 Click OK.
If Windows is activated successfully, the yellow icon and Windows is not
activated message are replaced with a Windows is activated message and
the appropriate product ID.
If the Windows activation fails due to an invalid product key or an incorrect
Key Management Server address, a standard Microsoft Activation error dialog
box is displayed. You need to read the error message and take the appropriate
action to resolve it.
No restarts are needed. If a product key is used, it is sent to Microsoft where
it is validated. If a Key Management Server is used, there is some
communication between the Key Management Server and the Protection
Center appliance as Windows is activated.
Chapter 11
Getting help with Protection
Center issues
This chapter includes the following topics:
Resource Description
Protection Center Web page The Protection Center page contains high-level information about
Protection Center and links to documentation and other resources.
The Protection Center page is located on the Symantec Web site at the
following URL:
http://go.symantec.com/protection-center
Protection Center Release Notes The Protection Center release notes provide the latest information on issues
and workarounds. Protection Center release notes are continuously updated
as Symantec Support and other product experts address new issues and
provide solutions.
The release notes are a good resource to check if you need information on
a specific feature or a specific task. If a Protection Center feature does not
work as expected or as outlined in the user documentation, the release
notes might contain an up-to-date description.
You can access the release notes from the Protection Center page on the
Symantec Web site. The Protection Center page is located at the following
URL:
http://go.symantec.com/protection-center
SymWISE SymWISE is Symantec's knowledgebase where you can search for very
specific information. Unlike the user documentation, the knowledgebase
contains articles that are responses to very specific questions and issues.
The knowledgebase is a good resource if you have an issue and suspect that
other users might have had the same issue or know the answer. The
knowledgebase is also a good resource if you need help with a situation
that is too specific to be covered in the documentation.
http://www.symantec.com/business/theme.jsp?themeid=support-knowledgebase
System Logs report The System Logs report details the activities within Protection Center.
This information can help you diagnose a problem that has occurred. This
report is accessed through the Protection Center Reports tab.
The System Logs report is a good resource for obtaining details of the
events that have happened within your system. Information in the logs
can help you diagnose your issue.
Getting help with Protection Center issues 111
Getting help from Symantec Support
Resource Description
SymConnect forums The SymConnect forums let you search for answers and ask questions.
Product experts and other users that might have experienced and resolved
similar problems monitor and contribute to these forums.
http://www.symantec.com/connect/
Symantec Support The Symantec support team has extensive experience with Protection
Center and can help you with any issues that you might have. As part of
working with Symantec Support, you might need to prepare and send a
diagnostics file to help Symantec Support diagnose your issue.
Symantec Support is a good resource if you cannot solve your issue in any
other way and you need to talk directly to someone with extensive product
knowledge.
Step 1 Ensure that verbose Protection Center message logging needs to collect as much information
logging is configured. as possible to help diagnose the problem. As soon as you become aware
of a problem with Protection Center, you should configure verbose
logging.
Table 11-2 Process for getting help from Symantec Support (continued)
Step 2 Contact Symantec support Contact Symantec Support to start the diagnostics process.
and request assistance.
Symantec Support asks you to collect the Protection Center diagnostics
information. The support team provides a unique customer support
case ID to identify this particular support issue.
Step 3 Create the appropriate In Protection Center, open the Symantec Support diagnostics page. This
support case. page lets you create a support case and configure it to send an encrypted
diagnostics file to Symantec Support.
You need to specify the appropriate details: your customer support ID,
the configuration file to use, and the diagnostics file transfer details.
Step 4 (Optional) Rerun the If necessary, you can modify the support case settings and repeat the
diagnostics collection diagnostics collection process. Some issues might require you to collect
process. diagnostics data multiple times to resolve the issue.
Step 5 Send the diagnostics You can download the diagnostics results file from Protection Center
results file to Symantec and save it on your local drive. You can then attach the diagnostics
Support. results file to an email and send it to Symantec Support. You can also
transfer the file using FTP.
When you need to collect the Protection Center diagnostics information, Symantec
Support provides the information that you need to create the appropriate customer
Getting help with Protection Center issues 113
Symantec Support diagnostics options
support case. This information includes the customer support case ID, the
appropriate configuration file, and the FTP file transfer information.
See “Getting help from Symantec Support” on page 111.
Option Description
Create a New Support Lets you create a new customer support case. You need to specify the appropriate details
Case in the Start a New Support Case dialog box.
Rerun Diagnostics Lets you modify the support case settings and repeat the diagnostics collection process.
Some issues might require you to collect diagnostics data multiple times to resolve the
issue.
Save Diagnostics File Lets you download the diagnostics results file from Protection Center and save it on your
local drive.
Send Diagnostics to Lets you send diagnostics results to Symantec Support manually. If you do not specify the
Support FTP transfer details in the support case, the diagnostics results file is not transferred to
Symantec Support. When the diagnostics data is collected, the diagnostics results file is
stored on Protection Center. This option lets you transfer the diagnostics results to Symantec
Support later.
Item Description
Customer Support Specifies the customer support ID number that uniquely identifies the support case.
Case ID Symantec Support allocates the appropriate support case ID.
114 Getting help with Protection Center issues
Gathering Protection Center diagnostics data
Item Description
File transfer details Shows the FTP transfer details that are configured in the support case.
The following information is displayed:
If the automatic file transfer is disabled in the support case, this item is not displayed.
Diagnostic Collection Shows the results of the last diagnostics collection process.
Results The following information is displayed:
■ Date run - the date and time that the diagnostics results were collected.
■ Status - indicates whether the diagnostics collection was successful. This value can be
Complete or Complete with Errors.
■ FTP Status - indicates whether the diagnostics results file was transferred to Symantec
Support successfully.
■ Errors - indicates any errors that occurred during the diagnostics collection process.
Note: Protection Center does not support FTP proxy servers. If your environment
uses a proxy server, you need to save the diagnostics results file and send it to
Symantec Support manually.
Item Description
Customer Support Specifies the customer support ID number that uniquely identifies the support case.
Information
Symantec Support allocates you the appropriate ID when you make a support request.
Configuration File Details the configuration file to use for collecting diagnostics data from Protection Center.
The options are as follows:
Item Description
Diagnostics File Specifies whether the diagnostics results are sent directly from Protection Center to
Transfer Settings Symantec Support or saved so that you can send the results file manually.
Protection Center does not support FTP proxy servers. If your environment uses a proxy
server, you need to save the diagnostics results file and send it to Symantec Support
manually.
The options are as follows:
■ Symantec FTP server URL - the Symantec Support FTP server address.
■ FTP directory - the path where the uploaded diagnostics results file is stored.
■ User name - the user name of the account that you use to upload to the Symantec Support
FTP site.
■ Password - the password of the account that you use to upload to the Symantec Support
FTP site.
■ Port - the port that the FTP site uses. The default is port 21.
FTP has variable ports, which may cause problems if your organization has firewalls in
place. Port 21 is used for control, but any port over 1024 can be used for data transfer.
Note: The ability to specify the file name is true for Internet Explorer only.
If your browser is Mozilla Firefox, you do not have the option to specify the
file name or location. The file is saved in the default location with the default
name. You can then rename the file manually and move it to the appropriate
location.
If your browser is Internet Explorer 9.0, the browser settings must be
configured to allow the file to be saved to your local disk. To configure these
settings, open the Internet Options dialog box. On the Advanced tab, under
Security, ensure that the Do not save encrypted pages to disk setting is
unchecked.
5 When the diagnostics results file has finished downloading, close the
confirmation dialog box.
3 In the Continue Support Case dialog box, under Diagnostics File Transfer
Settings, specify the appropriate FTP transfer settings.
See “Support case settings” on page 115.
4 Click OK.
The diagnostics results are transferred from Protection Center to Symantec
Support. The Diagnostics Collection Results details are updated accordingly.
See “Symantec Support diagnostics options” on page 112.
120 Getting help with Protection Center issues
Sending a diagnostics file to Symantec Support
Section 3
Security Management
The following table describes the process for performing Protection Center security
management tasks.
Step 1 Log in to Protection When you log in to Protection Center, you are in the Protection Center
Center. view. This view provides access to all of the Protection Center functionality.
Step 2 View the dashboard. The dashboard lets you quickly see the current status of your security.
Step 3 Use reports. Reports are based on data from supported products and help you determine
the status of your network and endpoint environment.
Step 4 Use business analytics. The Protection Center business analytics feature provides
multi-dimensional analysis and robust graphical reporting to help you
analyze your data.
Step 5 Use workflows. Protection Center provides workflows to simplify your security
management and help you maintain a secure environment. When you
select an action in a report, Protection Center starts the corresponding
workflow on the appropriate endpoint.
Step 6 Work with notifications. Notifications are the messages that keep you informed of significant events
that occur in Protection Center and integrated products. Protection Center
generates a notification for each important event or activity that occurs
in Protection Center or is detected in an integrated product.
Step 7 Manage products. Protection Center lets you manage your security products through the
Protection Center interface.
Chart Description
Protection Overview Displays the summary information for two types of threats: malware and intrusions.
The summary information for each type of threat includes the following: a trend line of
activity over the previous 24 hours, a count value, and the percentage change since the
previous 24-hour period.
A click on the Malware trend line or other Malware data drills down to the Malware
Summary report.
A click on the Intrusions trend line or other Intrusions data drills down to the IDS
Signature Summary report.
Product Server Status Displays the overall connectivity status for all the product servers. The status reflects
the state of the data feed connections.
The host status values are as follows:
■ Good
The total number of product servers that are connected and have no agent problems
or data feed problems. A stopped product on a connected server is a data feed problem.
■ Warning
A server has an out-of-date Symantec Management Agent, an out-of-date plug-in, or
there is a data feed problem. The product is stopped or there is a problem with the
user ID being used for data feed access.
■ Error
Communication with a previously integrated product has failed.
■ Not Enabled
A product server that is available for integration but is not yet enabled.
126 Introduction to Protection Center security management
About the Protection Center dashboard
Chart Description
Product Integration Displays information about the level of security coverage that Protection Center provides
Status in your environment. It tells you how many supported products you have currently
integrated, and how many more are available but are not enabled.
System Status Displays the status of the critical components of the Protection Center appliance. This
panel gives information on Protection Center system uptime, CPU usage, memory usage,
and disk usage.
Newsfeed Displays a list of all notifications being tracked in Protection Center. Notifications can
be warnings, events, or informational messages. Notifications can relate to security
products, the Protection Center infrastructure, or the Global Intelligence Network.
You can sort the list by priority or by date. Each notification item in the newsfeed includes
a notification severity icon, timestamp, title, and detailed description.
Threatcon Status Displays the current ThreatCon status and lets you access security notification information
and up-to-date virus definitions.
You can click on the following items to access more information:
■ ThreatCon Status indicator: Opens the Threat Explorer page that provides
comprehensive and up-to-date information on the latest threats, risks, and
vulnerabilities.
http://www.symantec.com/business/security_response/threatexplorer/
■ Security Alerts: Opens the Security Response page.
http://www.symantec.com/business/security_response/
■ Definitions: Opens the Virus Definitions & Security Updates page.
http://www.symantec.com/business/security_response/definitions.jsp
Global Intelligence Displays a subset of the information that is available on the DeepSight Early Warning
Network Services. DeepSight Early Warning Services is a Symantec service that monitors security
events on a global basis and delivers early warning notifications about attacks.
Top Corporate Threats Displays a list of the top five malicious software threats that organizations currently
face.
Introduction to Protection Center security management 127
Accessing the management interface of a supported product
■ About reports
■ About charts
■ Viewing a report
About reports
Protection Center provides reports to keep your organization informed about
security issues and help you respond quickly to security events. The data in the
reports is supplied by the integrated products in your environment as well as by
Protection Center.
See “Viewing a report” on page 132.
130 Using Protection Center reports
About charts
The specific report data that you can view is based on your Protection user account
permissions. Your account must have access to an integrated product to view data
from that product.
Report data is organized into charts so that the data is easy to read and analyze.
For example, a pie chart makes it easy to identify the various categories of malware
that were blocked. Based on this information, you can quickly understand whether
any aspects of your security might be vulnerable. Some charts also let you take
action in response to a reported event.
With each report, you can also apply filters so that you only see the information
that you consider relevant to your situation. If you plan to access the same set of
filtered data again, you can save the report and its filters under a new name. Then,
when you need to access this specific set of data, you can open the saved report.
See “About charts” on page 130.
See “About report actions” on page 131.
See “About report filters” on page 131.
See “Creating a saved report” on page 134.
To ensure that the appropriate personnel have the security information they need,
you can schedule when and to whom to distribute a saved report. The report
recipients can then receive a link to the report, or receive an HTML file of report
results. The HTML file lets the recipient view the report results without having
to log in to Protection Center.
See “Configuring the distribution of a saved report” on page 136.
A product that sends data to Protection Center might also supply its own unique
reports. For example, if you have integrated Mail Security with Protection Center,
Mail Security-specific reports become available.
About charts
A chart is a component of a report that uses a single mechanism for displaying
data in a way that is organized and easy to analyze. The most common display
formats that charts use are pie chart, bar chart, area chart, line graph, and table.
See “About reports” on page 129.
Each report includes one or more charts. With some charts, you can drill down
to get more detailed information about the data. Some charts let you perform
specific actions related to the chart data. These actions simplify the process of
resolving issues.
See “About report actions” on page 131.
Using Protection Center reports 131
About report actions
■ For each filter, the parameter value is matched with the data value, which
either is enumerated or uses unconstrained text.
Report filters support partial word searches, but they do not support any wildcard
characters. The wildcard characters ? and * are treated as normal characters rather
than wildcards. Report filters are not case-sensitive.
The filters that you have added to a report are shown in the report header, on the
left side. On the right side of the report header you can access the predefined time
132 Using Protection Center reports
Viewing a report
range filters. These filters let you view the data that was collected in the previous
day, previous week, previous month, or previous three months. The custom filter
lets you specify the start date and end date of the time range that you want to
view.
See “Viewing a report” on page 132.
The filters that you apply to a report are cleared when you navigate away from
the report. If you want to preserve a particular filter configuration on a report,
you can create a saved report using the Save as option. The next time you access
the saved report, the filters that you specified are applied automatically. In
addition, you can save new and modified filter settings in a saved report using
the Save option at the top of the report page.
See “Creating a saved report” on page 134.
Viewing a report
You can view a Protection Center report. You can refine the results of a report by
using filters to hide some data, leaving only the report results that you want to
view. You can sort the data by a particular column. When you refresh a report,
the filters and data sorting settings are preserved.
See “About reports” on page 129.
See “About report filters” on page 131.
If no data is available in the report, Protection Center displays the appropriate
message. There might be no data available because there are no integrated products
that supply the appropriate data. Alternatively, the products might be integrated
but your user account is not mapped to a product that provides the data for the
report. Protection Center also displays a list of the supported products that can
enable the report.
To view a report
1 In Protection Center, in the navigation area, click Reports.
2 In the left pane, select the appropriate list of reports:
To view the list of saved reports Click the Saved Reports icon.
3 In the list of the reports, click the report you want to view.
Using Protection Center reports 133
Applying filters to a report
can remove any filters that you no longer require. However, you cannot remove
the required filters from detailed reports.
To add a filter to a report
1 In Protection Center, in the navigation area, click Reports.
2 In the list of reports, click the report you want to view.
3 In the report header area, click Add Filter.
4 In the drop-down list, select the appropriate filter parameter and then do one
of the following:
To select one of the enumerated values Click the value that you want to use.
Note that some filters might not let you specify custom filters.
To edit a filter
1 In the report header, click the filter that you want to edit.
2 In the drop-down list, do one of the following:
■ Click the value that you want to use.
■ Click Custom Filter, then type the appropriate value, and then click Apply
filter.
Note that some filters might not let you specify custom filters.
To remove a filter
◆ In the report header, in the filter that you want to remove, click the Delete
(x) symbol.
You cannot remove any required filters from a report. A required filter
contains no Delete symbol.
access the saved report, its filters and distribution settings are already applied;
you do not need to specify them again. Instead, you can quickly view the saved
report and, in turn, take action based on the report data.
See “Configuring the distribution of a saved report” on page 136.
See “Viewing a report” on page 132.
See “About report actions” on page 131.
You can use a saved report to generate additional customized reports. For example,
you can modify a saved report and then save it under a different name.
You can also delete a saved report.
See “Deleting a saved report” on page 135.
The saved reports that you create are available to all Protection Center users.
However, when a user views the report, the report results include only the data
to which the user has access.
To create a saved report
1 In Protection Center, in the navigation area, click Reports.
2 In the left pane, select the appropriate list of reports:
To view the list of saved reports Click the Saved Reports icon.
3 In the list of the reports, click the report you want to view.
4 In the report header, configure the filters that you want to apply to the report.
See “Applying filters to a report” on page 133.
5 At the top of the report page, click Save as.
6 In the Save a copy of <Report Name> as dialog box, in the Report Name box,
enter the name of the new saved report, and then click Save.
7 In the Edit Schedule dialog box, specify the appropriate report distribution
options.
See “Report distribution settings” on page 137.
8 Click Save.
9 Click Close.
Item Description
Owner Specifies the Protection Center user account that saved the report.
This setting applies to saved reports only. It is displayed for your information and you cannot
modify it.
Distribution Specifies the schedule for generating the report and the email addresses of the recipients.
This setting applies to saved reports only. You cannot schedule a predefined report for
distribution.
Protection Center generates the report at the scheduled times and includes the data that is
available at the time. The data that is included in the report depends on the product access
permissions of the user who last saved the report. Protection Center sends the report to the
specified list of email addresses as an HTML file attachment, or as a link to the report.
Item Description
Daily Distributes reports every day or the specified interval (a number of days) at the specified time.
Weekly Distributes reports each week at the specified time on the specified day of the week.
Monthly Distributes reports each month at the specified date and at the specified time.
You can set a starting date and an ending date for all distribution frequency settings.
Item Description
Recipients Specifies the email addresses to which Protection Center sends the report results. An email
message is sent each time Protection Center generates the report on the specified schedule.
If you specify multiple email addresses, you need to separate each address with a comma or a
semicolon.
Email format Specifies whether the report results are sent directly to recipients in HTML format, or if a link
to the actual report is sent. Note that some reports do not support HTML format. For example,
the Notifications report results can only be emailed as a link.
If the report results are sent as an attached HTML document, the results are scoped according
to the user who last saved the report.
If the email contains a link to the report, each recipient must log in to Protection Center to see
the report results. The report results are scoped according to the user account that is used to
log in to Protection Center.
Email subject Specifies the subject line of the email message that contains the report results.
Email message Specifies the accompanying email message that is sent with the report.
Chapter 14
Working with notifications
This chapter includes the following topics:
■ About notifications
About notifications
Notifications keep you informed of the significant events that occur in Protection
Center and integrated products. Protection Center generates a notification for
each important event or activity that occurs in Protection Center or is detected
in an integrated product. Each notification includes details about itself: its severity,
state, description, the time that it was created, and the product to which it relates.
See “Viewing and managing notifications” on page 140.
The Protection Center dashboard contains a newsfeed that displays the most
important or the most recent notifications. These notifications alert you to issues
that you need to take action on. For example, you might need to add a new product,
research the latest security threats, or make changes based on a security event.
See “About the Protection Center dashboard” on page 125.
The notification severity indicates the urgency of a notification: critical, warning,
or informational. The Notification Summary bar in the Protection Center footer
area indicates the number of unresolved notifications of each state. If there are
no unresolved notifications of a particular severity, the corresponding icon is
hidden. Each notification severity icon blinks each time that the number of
notifications of that severity changes. You can click on a notification severity icon
to open the Notifications report and display summary details of all the
notifications of that severity.
Notifications are grouped into categories that identify the type of data that they
contain, such as Infrastructure, Global Intelligence Network, Security, and
140 Working with notifications
Viewing and managing notifications
General Information. The category helps you sort notifications so that you can
more easily find the notifications in which you are interested.
■ Critical
■ Warning
■ Informational
2 (Optional) In the Notifications report header, set the Alert Severity filter
that you want to apply to the report.
See “Applying filters to a report” on page 133.
To change the state of a notification
1 In the Notifications report, find the notification that you want to modify.
2 Do one of the following:
■ About workflows
■ Starting a workflow
■ Workflow details
■ Task details
About workflows
Protection Center provides workflows to simplify your security management and
help you maintain a secure environment. A workflow is a series of tasks that are
linked together in a predefined order to accomplish an objective. Some workflows
are run automatically while others require a user action to start.
The tasks in a workflow are the individual steps that must be performed to
complete the workflow. Most of the tasks in a workflow are run automatically
without user intervention. Some tasks do require user interaction, in which case
the task is added to the Workflow Status report. From the report, you can perform
144 Working with workflows and tasks
Using Protection Center workflows
the necessary actions to complete the task. To help you track your tasks, the
notification summary area in the Protection Center footer displays a clipboard
icon that indicates the number of tasks that you have. You can click on the icon
to open the Workflow Status report to view and work on those tasks.
Tasks can be performed serially or in parallel, depending on the workflow process.
At some points in the workflow process it might be necessary for all previous
tasks to be complete before the workflow can continue.
All workflows are included with Protection Center; integrated products do not
add them. Some workflows rely on certain products and are not available unless
those products are integrated with Protection Center. For example, the Move
Endpoint, Quarantine Endpoint, Update Virus Definitions And Scan Endpoint,
and Update Virus Definitions On Endpoint workflows require Symantec Endpoint
Protection to be integrated.
See “Using Protection Center workflows” on page 144.
See “Workflows available in Protection Center” on page 150.
See “Configuring administration settings for a workflow” on page 145.
See “Starting a workflow” on page 146.
See “Monitoring your workflows and tasks” on page 147.
Step 1 Configure the workflow Every workflow includes at least one configurable setting. Before you can
administration settings. use a workflow, you need to configure its administration settings to suit
the requirements of your organization.
Step 2 Start workflows. When you select an action in a report, Protection Center starts the
corresponding workflow on the appropriate endpoint. For most workflows
you need to specify the relevant action settings, such as assigning the
workflow tasks to the appropriate Protection Center users.
Step 3 View the workflow The Workflow Status report shows details of all of the workflows that
status. were started within a specified date range. You can monitor the status of
the workflows that you started.
Step 4 Respond to your The Workflow Status report lets you view the tasks that need to be
assigned tasks. performed. You can take the appropriate action to complete the tasks that
are assigned to you.
Step 5 Troubleshoot workflow If a workflow fails, an email message containing details of the failure is
failures. sent to the appropriate workflow owner.
Note: Your Protection Center user account requires the Workflow permission to
configure administration settings for a workflow.
Starting a workflow
When you select an action in a report, Protection Center starts the corresponding
workflow on the appropriate endpoint. For most workflows you need to specify
the relevant action settings, such as assigning the workflow tasks to the
appropriate Protection Center users.
See “About workflows” on page 143.
Workflows are available from the Actions menu in the relevant Protection Center
reports.
To start a workflow, you must have the appropriate permissions on the products
that perform the workflow tasks. If you do not have the necessary product
permissions, the workflow fails with a "No user was associated with Product
Server" error.
See “Workflows available in Protection Center” on page 150.
To start a workflow
1 In Protection Center, in the navigation area, click Reports.
2 In the left pane, in the Reports list, click the appropriate report.
3 In the report, in the appropriate chart, select the endpoint on which you want
to take action.
4 In the top right corner, click Actions, and then click the workflow that you
want to start.
5 In the Settings Configuration dialog box, specify the relevant action settings.
6 Click Submit.
7 When the confirmation message appears, click Close.
Working with workflows and tasks 147
Monitoring your workflows and tasks
To view the tasks that need On the Notification Summary area at the bottom left,
to be performed click the Task (clipboard) icon.
2 (Optional) In the Workflow Status report header, specify the time period for
the workflows and tasks that you want to view.
You can choose one of the predefined time periods or set a custom time period.
3 View the workflow details and the task details.
See “Workflow details” on page 148.
See “Task details” on page 148.
4 (Optional) Refresh the report to ensure that the latest details are displayed.
The workflow status information can take a few minutes to update.
148 Working with workflows and tasks
Workflow details
Workflow details
The Workflow Status chart displays details of each of the workflows that you
started and lets you monitor the status of each workflow.
See “Monitoring your workflows and tasks” on page 147.
The following table describes the information that is shown in the Workflow
Status chart for each workflow.
Item Description
This ID lets you match the workflow to any of its tasks that are displayed in the My Tasks
chart.
Status Specifies the status of the workflow. The status values are specific to each workflow.
Generally, the status values are In Process, In Progress, Completed, and Failed.
Each individual workflow uses its own criteria to determine how complete it is.
Task details
The My Tasks chart displays details of the tasks that need to be performed and
lets you take the appropriate action on those that are assigned to you.
See “Monitoring your workflows and tasks” on page 147.
The following table describes the information that is shown in the My Tasks chart
for each task.
Item Description
Process ID Specifies the process ID for the parent workflow. This ID lets you
match the task to the corresponding workflow in the Workflow
Status chart.
Working with workflows and tasks 149
Responding to a task assignment
Item Description
Name Specifies the name of the workflow process that is associated with
the task.
Date Assigned Specifies the date on which the task was assigned to a user.
Date Due Specifies the date on which the task is due for completion.
Actions Lets you access the actions that are available for the task.
2 In the Workflow Status report, in the My Tasks chart, click the task that you
want to complete.
3 Click Actions, and then click Respond.
4 In the Action for Respond dialog box, perform the actions that are necessary
to complete the task.
The actions that you need to perform depend on the task to which you respond.
See “Workflows available in Protection Center” on page 150.
150 Working with workflows and tasks
Workflows available in Protection Center
5 (Optional) If you want to close the task without performing any actions, click
Close Task/Complete Process.
You need to close a task if the task actions have already been performed
outside the Protection Center environment.
For example, if an endpoint is moved out of a quarantine group within
Symantec Endpoint Protection, the corresponding Handle Unquarantined
Machine task might remain open in Protection Center. You need to close the
task without taking any further action.
6 Click Close.
Quarantine Endpoint Symantec Moves the selected endpoint to a specific quarantine group
Endpoint in Symantec Endpoint Protection Manager. The workflow
Protection also assigns the corresponding unquarantine task to a
specified user.
Update Virus Definitions And Symantec Updates the virus definitions on the selected endpoint and
Scan Endpoint Endpoint then performs a virus scan on that endpoint.
Protection
This workflow is available in the Specific Malware report.
The action name is Update definitions and scan.
Update Virus Definitions On Symantec Updates the virus definitions on the selected endpoint.
Endpoint Endpoint
This workflow is available in the Specific Malware report.
Protection
The action name is Update definitions.
issue on the endpoint. When the issue is resolved, the user can respond to the
task and move the endpoint back to the original group. When the endpoint is
successfully moved, the task is closed and marked as completed.
This workflow is available only if Symantec Endpoint Protection is integrated
with Protection Center.
See “Configuring administration settings for a workflow” on page 145.
Warning: If the endpoint is already in the selected quarantine group when the
workflow starts, the unquarantine task is not created. An appropriate notification
is displayed in the Notifications report.
The user that is assigned to the unquarantine task must have permission in
Symantec Endpoint Protection to move a client. Otherwise, the unquarantine step
within the workflow fails with a permission error.
Setting Description
Is Using Task Alert Emails Specifies that the workflow sends alert emails to the task owner.
Hours To Wait For Assignee Specifies the time that the workflow waits for the assigned task owner to take the
To Work Task appropriate action.
The task fails if the specified waiting time is exceeded. The Workflow Status report
is updated to show the task status as Failed. Protection Center also sends a notification
to the Newsfeed in the Protection Center dashboard.
Workflow Owner Email Specifies the email address of the Protection Center workflow administrator. If the
workflow fails, Protection Center sends details of the failure to the workflow
administrator.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
Setting Description
Group Selection Specifies the quarantine group to which to add the endpoint.
Assign to User Specifies the Protection Center user to whom the Handle Unquarantined Machines
task is assigned.
The user that is assigned to the Handle Unquarantined Machines task must have
permission in Symantec Endpoint Protection to move a client.
The Action for Respond dialog box appears when you respond to a Handle
Unquarantined Machines task. This dialog box lets you confirm that you want
to remove the specified endpoint from quarantine and close the task.
See “Responding to a task assignment” on page 149.
The following table describes the settings that you can make for a Handle
Unquarantined Machines task.
Setting Description
Quarantined Machines Displays the endpoint that is quarantined and lets you specify that you want to
unquarantine it.
Remove from Quarantine Specifies that the selected endpoint is removed from the quarantine group and is
placed back in its original group.
Close Task / Complete Specifies that the task is complete and closed.
Process
If a quarantined endpoint is moved out of the quarantine group within Symantec
Endpoint Protection, the corresponding task might remain open in Protection Center.
You need to close the Handle Unquarantined Machine task without taking any
further action.
Setting Description
Hours To Wait For Specifies the time that the workflow waits for Symantec Endpoint Protection Manager
Command To Finish to confirm that the action has completed.
The workflow fails if the specified waiting time is exceeded. The Workflow Status
report is updated to show the workflow status as Failed. Protection Center also sends
a notification to the Newsfeed in the Protection Center dashboard.
This failure indicates that the command has not completed within the specified time.
However, the command might still be running on the Symantec Endpoint Protection
Manager server. You should check the status of the targeted endpoints before taking
any further action.
Workflow Owner Email Specifies the email address of the Protection Center workflow administrator. If the
workflow fails, Protection Center sends details of the failure to the workflow
administrator.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
Setting Description
Workflow Owner Email Specifies the email address of the Protection Center workflow administrator. If the
workflow fails, Protection Center sends details of the failure to the workflow
administrator.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
The Move Endpoint workflow is available in the Specific Malware report, through
the Move to a different SEP group action.
The Action for Move to a different SEP group dialog box appears when you start
the Move Endpoint workflow. This dialog box lets you specify the group to which
the endpoint is moved.
See “Starting a workflow” on page 146.
Setting Description
Group Selection Specifies the quarantine group to which the endpoint is moved.
Setting Description
Hours To Wait For Specifies the time that the workflow waits for Symantec Endpoint Protection Manager
Command To Finish to confirm that the action has completed.
The workflow fails if the specified waiting time is exceeded. The Workflow Status
report is updated to show the workflow status as Failed. Protection Center also sends
a notification to the Newsfeed in the Protection Center dashboard.
This failure indicates that the command has not completed within the specified time.
However, the command might still be running on the Symantec Endpoint Protection
Manager server. You should check the status of the targeted endpoints before taking
any further action.
Workflow Owner Email Specifies the email address of the Protection Center workflow administrator. If the
workflow fails, Protection Center sends details of the failure to the workflow
administrator.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
The Update Virus Definitions And Scan Endpoint workflow is available in the
Specific Malware report, through the Update definitions and scan action.
The Action for Update definitions and scan dialog box appears when you start
the Update Virus Definitions And Scan Endpoint workflow. This dialog box lets
you specify the type of virus scan to perform on the endpoint.
See “Starting a workflow” on page 146.
Setting Description
Scan Type Specifies the type of virus scan to perform on the endpoint:
■ Quick Scan
Scans only the most commonly infected areas.
■ Full Scan
Scans the entire computer.
NationalThreatLevelMonitor workflow
The NationalThreatLevelMonitor workflow monitors the NationalThreatLevel
data feed. When the threat level changes, the workflow sends an email alert to
Working with workflows and tasks 157
Workflows available in Protection Center
Setting Description
Alert To Email Address Specifies the email address to which to send NationalThreatLevel alerts.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
ZeroDayVulnerabilityMonitor workflow
The ZeroDayVulnerabilityMonitor workflow monitors the ZeroDayVulnerability
data feed. When a new infection is detected, the workflow sends an email alert to
the specified administrator. It runs in the background and no user action is
required.
This workflow is included with Protection Center.
See “Configuring administration settings for a workflow” on page 145.
Setting Description
Alert To Email Address Specifies the email address to which to send ZeroDayVulnerability alerts.
To enable this workflow to function correctly, you must configure the mail server
that Protection Center uses to send email messages.
A backup (continued)
action scheduling automatic 71
Move to a different SEP group, description 154 specifying settings 71
Move to a different SEP group, settings 155 Backup Exec System Recovery. See backup
Quarantine using SEP, description 152
Quarantine using SEP, settings 153 C
Update definitions and scan, description 155 chart
Update definitions and scan, settings 156 about 130
Update definitions, description 153 types used in reports 130
Update definitions, settings 154 community statistics
Active Directory about settings 82
authentication settings 56 configuring settings 82
Base DN, specifying 49 control panel
creating Protection Center user account from 51 about 102
server settings, specifying 47 accessing 103
user account authentication 46 activating Windows operating system from 106
user search filter, specifying 49 changing SPC_Admin password from 104
administrator SPC_Admin account 103–104
about 15 specifying network settings from 105
about administrator tasks 23 specifying Windows Update server location 106
accessing Protection Center as 16 updating Protection Center software from 103
changing user account password 19
initial setup options 18
initial setup tasks 18
D
role definition 23 dashboard
shutting down Protection Center 28 about 125
assets purging corporate threats chart 126
assets retention period setting 89 Global Intelligence Network status chart 126
newsfeed chart 126
product integration status chart 126
B product server status chart 125
backup protection overview chart 125
about 69 system status chart 126
about settings 72 ThreatCon status chart 126
backup file location 73 data
backup file password protection 73 backing up in Protection Center 69
backup schedule settings 74 chart 130
full 69 restoring from backups 74
image 69 running immediate backup 72
incremental 69 scheduling automatic backups 71
restoring from 74 data purging
running on demand 72 about settings 87
160 Index
W
Web interface security certificate
backing up 93
certificate signing request, creating 95
exporting 93
importing 97
managing 91
self-signed certificate, creating 99
settings 92
workflow
about 143
available in Protection Center, list of 150
configuring action settings 146
configuring administration settings 145
details 148
Move Endpoint 150
Move Endpoint, description 154
Move Endpoint, settings 155
My Tasks chart 148
NationalThreatLevel 151
NationalThreatLevelMonitor, description 157
NationalThreatLevelMonitor, settings 157
process for using 144
Quarantine Endpoint 150
Quarantine Endpoint, description 152
Quarantine Endpoint, responding to task
assignment 153
Quarantine Endpoint, settings 152
starting in Protection Center 146
status, monitoring 147
Update Virus Definitions And Scan
Endpoint 151
Update Virus Definitions And Scan Endpoint,
description 155
Update Virus Definitions And Scan Endpoint,
settings 156
Update Virus Definitions On Endpoint 151