Symantec™ Endpoint Protection forMicrosoft® Windows Embedded Standard2009 (WES) and Windows® XP Embedded(XPe) User GuideHP thin clients
3 Agent basicsThis chapter includes the following topics:●Opening the agent on page 4●Navigating the main window on page 4●Using the menus and the too
Using the menus and the toolbarThe top of the screen displays a standard menu and toolbar. The toolbar icons can be used to quicklyaccess logs, view t
Hide WindowsServicesToggles the display of Windows ServicesHide Broadcast Traffic Toggles the display of broadcast trafficViewing traffic historyYou c
There are a number of services running at any given time. Since they are often crucial to the operationof your endpoint, you may want to allow them. Y
About the notification area iconRED The agent has blocked traffic.GREEN Traffic flows uninterrupted by the agent.GRAY No traffic flows in that directi
Menu command Description Server Control mode Client Control modeAbout Opens the About dialog box,providing information on yourversion of the agentX XE
Testing your endpointYou can test the vulnerability of your system to outside threats by scanning your system. Assessingyour vulnerability to an attac
4 Responding to messages andwarningsThis chapter includes the following topics:●About message types on page 11●Responding to application messages on p
Internet Explorer (IEXPLORE.EXE) is trying to connect to www.symantec.com using remote port 80 (HTTP - World Wide Web). Do you want to allow this prog
Responding to Trojan horse warningsIf the agent detects a known Trojan horse on your endpoint, it blocks the Trojan horse from accessingyour system an
© Copyright 2008–2009 Hewlett-PackardDevelopment Company, L.P.Microsoft and Windows are U.S. registeredtrademarks of Microsoft Corporation.Internet Ex
Responding to blocked traffic messagesSecurity messages display a message box when applications are blocked:Blocked application message An application
5 Monitoring and loggingThis chapter includes the following topics:●About logs on page 15●Viewing logs on page 19●Back tracing logged events on page 2
About the Security logThe Security log records potentially threatening activity that is directed towards your endpoint, such asport scanning, virus at
About the Traffic logWhenever your endpoint makes a connection through the network, this transaction is recorded in theTraffic log. The Traffic log in
Domain User’s domain nameLocation The Location (Normal or Block All) that was in effect at the timeof the attackOccurrences Number of packets each pie
About the System logThe System log records all operational changes, such as the starting and stopping of services, detectionof network applications, s
Back tracing logged eventsBack tracing enables you to pinpoint the source of data from a logged event. Back tracing shows theexact steps, or hops, tha
Exporting logsYou can save and export the contents of the logs to different locations. You may want to export logs tosave space or to perform a securi
Stopping an active responseIf the agent detects an attack, it triggers an active response. The active response automatically blocksthe IP address of a
6 Command Line ManagementThis chapter includes the following topics:●The command-line interface for the client service●Typing a parameter if the agent
About this bookThe software described in this book is furnished under a license agreement and may be used only inaccordance with the terms of the agre
Parameter Descriptionsmc -exportadvrule Exports the agent's firewall rules to a .sar file.Agent rules are only exported from the agent when in Se
To type a parameter if the agent is password-protected, perform the following steps:1. On the agent computer, on the taskbar, click Start > Run.2.
IndexAactive response, stopping 15agentabout 2basics 4commands 23features 2opening 4password-protected 24application messages 11application messages,c
disabling protection 9enabling passwordprotection 9policies 2viewing policy 7Security log, about 16shortcut menu 8software requirements 1stopping acti
iv About this book
Table of contents1 System requirementsHardware requirements ...
Responding to permission status messages ... 145 Monitoring and lo
1 System requirementsThis chapter includes the following topics:●Hardware requirements on page 1●Software requirements on page 1Hardware requirementsT
2 Introducing the agentThis chapter includes the following topics:●About the Symantec Endpoint Protection for WES and XPe on page 2●About security pol
Key features of the agentThe agent can be used in the following networking environments:●Directly connected to the local area network or wireless netw
Comments to this Manuals