Endpoint Protection

Our business has the Endpoint Protection Management Console running on a Windows 2003 server. We also have the Endpoint Protection Client on all our workstations. That's working just fine.

I have not been able to find any documentation regarding putting the endpoint protection client on our other servers, however. We have a Small Business Server 2003 server, a Windows 2000 server, and a couple other 2K3 servers. Is there any reason at all why we should not install the endpoint protection client onto a server just as if it were a workstation? We're running Dell Poweredge servers, if that makes a difference.

What about the server that's running the Endpoint Management Console? Is it protected because of the console, or does it need to run the client as well in order to be protected?

Thanks in advance for your replies!

Yes, by all means install a SEP client on the servers.  The SEPM doesn't provide any protection (a la SAV), so you'll need to deploy a client there as well.
The only considerations should be:

- Do not install Proactive Threat Protection (PTP) as it does not work on server or 64 bit OS's
- Use Network Threat Protection (NTP) on servers only after testing to ensure application and network traffic aren't affected more than what is tolerable.

What about the server that's running the Endpoint Management Console? Is it protected because of the console, or does it need to run the client as well in order to be protected?

SEPM is just a mangemet console it will not provide protection.
On SEPM you need SEP also

Title: 'Best Practices documents for Symantec Endpoint Protection 11.0 on Microsoft Small Business Server 2003'
Document ID: 2008040314131948
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008040314131948?Open&seg=ent

Title: 'Best Practices for Installing Symantec Endpoint Protection on Windows Servers'
Document ID: 2009021811070448
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009021811070448?Open&seg=ent

PTP does work, but it only does Commercial Application List (CAL) scanning.  It will not do the heuristic-based scanning.  That's why it will be green, but will still say Off.

But I concur.  The SEPM will NOT provide protection of any kind, and you will want a SEP client on there.

sandra

The console provides no protection, it's just a window to the management server.
The management provides no protection, it simply passes information and interfaces with the SQL database.

So, if you have the SEPM (MANAGEMENT) piece installed on a server, it also needs SEP to protect the OS since management is just that, just what the name implies - it's management, it's not "protection".
The console just lets you deal with management, and really isn't "installed" pre se.
The "console" runs from any computer via browser or JAVA.
I install the full package. No reason to not, or to have different installs since the PTP won't run on a server anyway.
I know, they claim "don't install it since it won't work", well, then why not install it since it won't even work or run? Saves having multiple install pacakages!
I install the whole works, and whatever works, works, PTP detects when it's on a server and simply won't run.

What's interesting is that Symantec has forced SEP users to enable NTP in order to get Risk Tracer functions. I was told in a seperate thread that I should see little to know performance hit turning on NTP on my servers.

But it does run; it just does not have TruScan heuristic scanning available.  I have heard some people (and even some of our own documents) say it's 'not compatible', but it would be more accurate to say 'not fully functional'.  :)

Title: 'Proactive Threat Protection status shows "OFF" in the client interface'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008052215014748?Open&seg=ent

"On Windows server operating systems and Windows XP 64-bit operating systems, Proactive Threat Protection only supports Commercial Application List scanning or "CAL".  This is why the status shows as "OFF" in the client interface."

sandra