Symantec EndPoint Protection How-To

SEP Summary:
Symantec Endpoint Protection is the next generation of antivirus from Symantec.
-Integrated antivirus, antispyware, firewall, intrussion prevention, device and application control.
-single agent managed by a single console
-Network Access Control ready
-Lowers operating costs and reduces security risks.

Key Features:

  • Seamlessly integrates essential technologies such as antivirus, antispyware, firewall, intrusion prevention, device and application control.
  • Requires only a single agent that is managed by a single management console.
  • Provides unmatched endpoint protection from the market leader in endpoint security.
  • Enables instant NAC upgrade without additional software deployment for each endpoint.

Key Benefits:

  • Stops malware such as viruses, worms, Trojans, spyware, adware, bots, zero-day threats and rootkits.
  • Prevents security outbreaks thus reducing administrative overhead.
  • Lowers total cost of ownership for endpoint security.

More, read here and here.

Download trial version here.

Look at on page, find ‘All Trialware’ Section, click ‘Security’ > then click ‘Endpoint Protection’.

Downloads are available in multiple languages, and include the following:

  • Symantec Endpoint Protection 11.0 Trial (Client and Management Console). A fully functioning trial version of the Endpoint Protection Client and Management Console. Trial version will expire on September 30th, 2008.
  • The Symantec Endpoint Protection User Guide
  • Read Me file. Important information on the Endpoint Protection software and details about the newest maintenance release (MR2).

How to Install Symantec Endpoint Protection Manager:


  • Windows 2000 Server with Service Pack 3, Windows XP, or Windows Server 2003
  • Internet Information Services (IIS) version 5.0 or later, with World Wide Web services enabled
  • Internet Explorer 6.0 or later
  • Java Runtime Environment 5.0, update 13 or above recommended
  • Hardware:
Component 32-bit 64-bit
Processor 900 Mhz Intel Pentium III 1 Ghz on x64 only with the following processors:- Intel Xeon with Intel EM64T support-Intel Pentium IV with EM64T support-AMD 64 Opteron-AMD 64 Athlon

Note: Itanium is not supported. The management components are 32-bit applications.

Memory 1 GiB RAM Minimum (2-4 GiB Recommended) 1 GiB RAM Minimum (2-4 GiB Recommended)
Hard Disk 4 Gib for server, plus Additional 4 Gib for database 4 Gib for server, plus Additional 4 Gib for database
Display Super VGA (1024×768 ) or higher resolution Super VGA (1024×768 ) or higher resolution
Database The Symantec Endpoint Manager includes an embedded database. You may also chose to use one of the following version of MS-SQL database:- MS-SQL server 2000 with service pack 3 or later- MS-SQL server 2005 The Symantec Endpoint Manager includes an embedded database. You may also chose to use one of the following version of MS-SQL database:- MS-SQL server 2000 with service pack 3 or laterMS-SQL server 2005

Installation Process:

a. Insert the installation CD and start the installation.

b. In the installation panel, click Install Symantec Endpoint Protection manager:

c. In the Welcome panel, click Next.

d. In the License Agreement panel, check I accept the terms in the license agreement, and then click Next.

e. In the Destination Folder panel, accept or change the installation directory.

f. Do one of the following:

– To configure the Symantec Endpoint Protection Manager IIS Web as the only Web server on this computer, check Create a custom Web site, and then click Next.

– To let the Symantec Endpoint Protection Manager IIS Web server run with other Web servers on this computer, check Use the default Web site, and then click Next.

g. In the Ready to Install panel, click Install.

h. When the installation finishes and the Install Wizard Complete panel appears, click Finish. Wait for the Management Server Configuration Wizard panel to appear, which can take up to 15 additional seconds.

How to Install Endpoint Protection Client:


  • Windows 2000 Professional with Service Pack 3, Windows XP, Windows Server 2003, or Windows Vista
  • Internet Explorer 6.0 or later
  • Hardware :
Component 32-bit 64-bit
Processor 400 Mhz Intel Pentium III 1 Ghz on x64 only with the following processors:- Intel Xeon with Intel EM64T support-Intel Pentium IV with EM64T support-AMD 64 Opteron-AMD 64 Athlon

Note: Itanium is not supported. The management components are 32-bit applications.

Memory 256 MiB of RAM 256 MiB of RAM
Hard Disk 600 MiB 700 MiB
Display Super VGA (1024×768 ) or higher resolution Super VGA (1024×768 ) or higher resolution
Database The Symantec Endpoint Manager includes an embedded database. You may also chose to use one of the following version of MS-SQL database:- MS-SQL server 2000 with service pack 3 or later- MS-SQL server 2005 The Symantec Endpoint Manager includes an embedded database. You may also chose to use one of the following version of MS-SQL database:- MS-SQL server 2000 with service pack 3 or laterMS-SQL server 2005

a. Endpoint Protection Client (Unmanaged/Standalone)

  1. Insert the installation CD and start the installation.
  2. In the installation panel, click Install Symantec Endpoint Protection:
  3. In the Welcome panel, click Next.
  4. In the License Agreement panel, check I accept the terms in the license agreement, and then click Next.
  5. Select setup type: TYPICAL or CUSTOM, typical for default. click Next
  6. In the Ready to Install panel, click Install.
  7. Here the Symantec Endpoint Client screen shoot:

b. Endpoint Protection Client (Managed)

  1. Start>>All Program>>Symantec Endpoint Protection Manager>>Migration And Deployment Wizard
  2. Click “Next” then select “Deploy the Client”
  3. follow the on-screen instructions.

Another method:

  1. From Endpoint Manager Console, click “Client” icon then click ‘Find Unmanaged Computers”.
  2. Insert the client ip address range, user/passwd, domain/workgroup then click “Search Now”.
  3. you will see the client with ‘Deployment Status’ NO, select the client then click”Start Installation” button.
  4. Wait for client installation till finish.
  5. more detail, see the picture below. click to resize.

How To configure Endpoint Protection Manager:

A. Exporting/Create Client Installation Package:

When you export client software packages, you create client installation files for deployment. When you export packages, you must browse to a directory to contain the exported packages. Read more on Admin Guide, page 101:

B. Install and configure Symantec Live Update Administrator:

– Double-click ‘LUA21ESD.EXE’ from SEP disc2 (TOOLS\LIVEUPDATE Folder)

1. launch Symantec LiveUpdate Administrator, login with your username and password

2. Click ‘Configure’

3. click ‘Add New Products’

4. Select ‘Symantec Endpoint Protection’>’Symantec Endpoint Protection v11.0 English’

5. Configure ‘Source Server’

6. configure ‘Distribution Center’

-By default, SEP create 2 Distribution server, for Production and Testing. click ‘Add’ button to create a new Distribution Center

7. Add ‘Symantec Endpoint Protection v11 English’ Product to ‘Distribution Center’ coverage

-Click your distribution Center>Edit

Scroll down, then on ‘Product List’ >>click ‘Add’ >> select ‘Symantec Endpoint Protection 11 english’

8. Edit the ‘Preference’

9. Configure ‘Download and Distribute’, add Download schedule

10. Click ‘Run Now’ if you want to run the LiveUpdate now.

11. After fininshing the Update Process, run the ‘Manual Distribution request’ or you can create ‘Distribution Schedule’.

12. Last Step, Configure Symantec EndPoint Manager Live Update Policy .

C. Configure Device Policy (Exp. Block All USB device, CD/DVD Drives, Bluetooth)

(Exclude Human Interface Device: USB mouse, Joysticks, Gamepads)

-Click “Client”, select the User Group, click “Policies”, then right-click “Application and Device Control Policy” then select ‘Edit Policy’

-Click ‘Device Control’ tab

-in ‘Blocked Device’ click ‘Add’ button. select the device you want to block (USB, CD/DVD Drivers & Bluetooth Radios)

-in ‘Device Excluded from Blocking’ add/select ‘Human Interface Device (Mice, Joysticks, game pad and system control’;

D. Configure Security Policy (Firewall Rule)


Symantec Endpoint Protection 11 Manual and Administration Guide:

Install Guide:

Client Guide:

Admin Guide:

LiveUpdate Admin Guide:

All comments are welcome; but Before post any question, please go to SEP Forums here:


MR3 Release Notes

Migrating to Symantec Endpoint Protection 11.0 MR3:

Downloading the Symantec Endpoint Protection 11.0.3001 MR3 Maintenance Release:


176 responses to “Symantec EndPoint Protection How-To

  1. problems uninstalling s.e.p unmanaged client MR2 ,vista home 32 !!
    help please!!
    used all methods cleanwipe, don’t work !!
    uninstall manually ,don’t work !!
    windows security center always “saying” symantec is enabled etc etc ….
    best regards

  2. @bindo
    “How to manually uninstall Symantec Endpoint Protection client from Windows Vista 32-bit”, go to here:
    and also here:

    If you still got a problem, try to disable the SEP services:
    #uncheck the SEP services, like:
    -symantec endpoint protection
    -symantec management client
    -symantec network access control
    -symantec bla bla bla….etc

    restart PC, then re-run uninstall again..
    Good Luck.

    • I am trying to uninstall endpoint Protection from my 32 bit XP machine. I am at the point that I have no internet access, and the program will not uninstall. I have tried Clean Wipe to no evail. VERY FRUSTRATED and getting ready to reload my operationg system discs that came with my machine when i ordered it.


  3. thanx aziz !!
    the third try was almost the good one ,but …sorry there is a but!
    after logging in as administrator,disabling symantec security techs ,symantec managemnt client live up date ……etc ,restarting ,uninstalling ok symantec was gone ,but after restarting symantec was back in security center …..
    so another trick ? please !!

  4. Unfortunately, I don’t hv any Vista Box to try right now, but I think, you need to remove manually all SEP files from “C:\WINDOWS\system32\” and also from Registry. Reboot to Safe Mode, then Follow the instruction here:

    If you need the Third-party software for cleaning up, try to install ‘TuneUp Utilites 2008’, then run menu ‘TuneUp 1 Click maintenance’ or ‘tuneUp Registry Cleaner’..

  5. Hi Aziz, thank you for this blog!! I have a question please, I can connect to the console manager despite i entered admin as user and the password i’ve given during installation!!what can i do to resolv this problem please!?

  6. @sofien
    You can use ‘resetpass.bat’ file, it will reset the password for the Symantec Endpoint Protection Manager admin account.
    1. open Windows Services, then stop ‘Symantec Endpoint Protection manager’
    2. Go to:
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools
    then, double-click the Resetpass.bat.
    3. start again the ‘Symantec Endpoint Protection manager’ service.
    4.Launch Symantec Endpoint Protection Manager Console
    user: admin
    password: admin

  7. i have a problem my sep.after i upgrade sep 11 to sep 11 mr2 mp1 the symantec console user admin can load a long time in to console. could u help me for my problems

  8. The Vista clients i have do not appear in the SEP console is there a way to force this or have I missed anything while making the SEP policies.

    Thank you

    btw: excellent blog Aziz, lots of great info.


  9. hey Aziz,
    actually am having problem when installing network threat protection, its prevent me from pinging or share (copy) files over network.
    right now am solving it by installing antivirus and antspam only for clients.
    your help will be appreciated.

  10. @TKADY
    I think there might be something wrong with your Firewall Rules. The firewall is installed with default rules that are classified as Allow, Deny, Block and Log, or Log only. The Deny rules include blocking IPv6, IPv6 over IPv4, local file sharing, and Remote Administration..

    • hi
      i have Migration problem in symantec End point protection 11.0.5 i have disable scheduled scans, modify Quarantine purge options, delete histories, disable LiveUpdate, disable roaming but still give the error message that Failed to contact or import the data from
      if u have any Idea please guide me
      thanks in advance

  11. Hi Aziz, I have upgraded our company’s Symantec Client Security to Symantec Endpoint Protection 11.0. It was a nightmare. First it ‘disconnected’ our domain controller from the network share so when other computers connected to the network will have connectivity problem (these are the client computers that have not been upgraded). Then, it will not let us import the policy file (xml policy files that we exported from the legacy Symantec Client Security). So, we could not import our firewall policy setting. Can you please help us? Thanks so much.

  12. Hi Aziz,
    I have a question, can clients updated manually from internet if this machine outside from the office/ not connected to Server EndPoint Console?

  13. if your SEP client is unmanaged, you can perform the update by using LiveUpdate. Just simply click the ‘LiveUpdate’ button and it will check for updates from Symantec server.

  14. Hi Aziz

    I have install server of symantec Endpoint and also i install in 400pc of client and i also given the password to remove but know problem is that user can easily remove it. you know how they remove it they r going in control panal then add or remove and symantec and when its asked for the password just go to task manager and stop the service of msiexec.exe after that it can easily remove. so i want to know the mathod of user cannot uninstall the symantec end point.. plz if you know the method then help me.

    Thanking you

  15. @Azhar,
    As far as I know, the only protection to uninstall SEP is only by password. if users are administrators on their machines, and they want to uninstall SEP, they will be prompted to input the password. I dont know if the password protection can be easily bypassed like that. let me try and check it first..

    Update, October 13, 2008:
    Azhar, you right. the uninstall password protection can be bypassed by killing the “MSIEXEC.EXE”. on uninstall process, on Task Manager, you will find two MSIEXEC.EXE, just ‘End Task’ msiexec.exe that run by Administrator.. It seem like a SEP bug, so I don’t hv any suggestion to solve this problem right now. but you can try to disable/remove/hide the ‘Symantec Endpoint Protection’ from the Add/Remove program list.

    Open Regedit, goto:

    Add the ‘NoRemove’ and ‘NoModify’ REG_DWORD, the set the value data to ‘1’
    go to here for detail:

  16. i got symantec end point protection 11.0 with MR3.

    need to resolve some issues.

    1)why it is recommended not to have network threat protection enabled on servers.

    2)how IPS work with anti virus, if a single pc generates broadcast to others, is it possible to stop/ block the attack from its source or where it is generated.

  17. @Sawan
    1. Network Threat Protection is a client firewall, your server must be accessible and to serve users, right?. so why you need to install a Client Firewall on a server?. if you enable it on server, usually it will block some of your services.. exp. DHCP services, folder sharing, etc.

    2. there are a lot of configuration on firewall rule. I think SEP can doing this well. I never try it on my lab, try configure & apply it on your client..

  18. I’ve got a couple of problems:
    1. When I search for unmanaged clients, and select which to update, they don’t become managed. This is for clients though that have EP already, but DEPLOYMENT STATUS is a no. It changes to SUCCESSFUL, but never becomes managed. If I remove EP then push, it works.
    2. I used to be able to install the previous EP over the older version and it worked fine. 3001 doesn’t do that. It installs, does not wipe out the previous config and never connects to the server. This is when I run the SETUP.exe package I built.
    3. Are there any MSIEXEC commands for any of this? Install remove, etc

    I have a couple more questions, but this is enough for now.
    Thanks, Jake

  19. hello
    while trying to install the symantec endpoint 11.0 and then making the deploy it works but the problem is that i can;t run the live update from the server so the client can automaticly beeing updated with a schedule time if there is a specific configuration for it please let me know

  20. @Jake
    1. if you want to change your SEP Client from “Unmanaged” to become “Managed” by your SEP Manager, you have to uninstall it first from your client, then run again ‘Migration and Deployment Wizard’ from SEP Manager, thats the recommendation from Symantec.

    2. If you want to migrate your client to SEP 11.0.3001 MR3, I think you should check this link:

    3. to completely remove, use SEP ClientWipe Removal Tool..

    you need to install Symantec Live Update Administrator, download the Updates, then run the ‘Manual Distribution request’. read the ‘LifeUpdate Administrator Guide’ for detail step. here the link:

  21. Hi, We have Installed Symantec endpoint 11 server and client successfully. When we try to search the client from symantec server we are unable to see the client details. Plz can you help us sort this prb ?

  22. Hi, I have a problem with a few clients with MR3.
    Everytime i log in to the server on which SEP is installed I get an error: Symantec USer Session, a neccesary file could not be loaded: ccProd 1002,1

    A few clients have problems with updating it seems.
    They get the following error:

    SEP has requested new definitions from the management server. This problem will disappear after the server responds and the update is complete.

    And when they open SEP on their computer Proactive Threat Protection is disabled and stating: protection defenitions are too old for proactive threat protection. Click fix to update protection defenitions.

    When they click fix everything turns to “green” so to speak.
    But after a few minutes it turns read again and they will have to click fix again.

    The srange thing is, both the server and all clients have the latest versions of everyting.

    Any idea on how to solve this?


  23. hi aziz…cool blog…
    i installed the sep on a stand alone machine running windows xp 64 bit. it has taken the update as well. i didnt install the sepm since the machine was not part of the network where the remaining clients were deployed. then the green dot on the shield is not visible…why??? how do i solve the issue???
    thanx in advance.

  24. when i have installed only the symantec end point protection, do i have to register it if i installed in a stand alone machine as an unmanaged client??
    if so how?

  25. I’ve install SEP month ago. Its running quit well. But the problem is, the latest update didn’t change…since 1 month ago, its only change twice.I update it everyday..why don’t the date change everyday also…HELP….

  26. I installed SEP Manager and clients nsuccessully ver 11.0.1000.1375 and is running very well now.

    I downloaded the 11.0 MR3 and tried upgrading my Manager but it keeps running back at the point where it says “stopping services”.
    I used the upgrade guide from symantec ( did what was mentioned on it but still it fails, ie installation rolls back.

    Obviously there is another things that needs to be disable or checked as well.

    Please I beg someone to help me sort this issue out.

    thanks, plis help!!!

  27. Hi Aziz,
    Is there any procedure to change domain name on Symantec Endpoint Protection manager,also will it effect my client machines .
    If possible please tell me procedure also.

    Thanks in Advance

  28. @Alam
    Try to disable Firewall Setting on all your client..

    did you install Norton Ghost on that client? try to uninstall it.
    about the update problem, make sure you hv installed the ‘Symantec Live Update Administrator’ and its configured correctly.

    If you install SEP client, after finished; all you need to do is just click the “LiveUpdate”button. the you will get the ‘green’ checkmark symbol.
    please note that the green dot on SEP Try Icon is only for SEP Client (managed).

    Strange?? as far as I’m concern, SEP will not block the Windows Services..

    @Amila Chiranjeewa
    you are welcome..

    let me find out about this issue..

    let me find out about this issue..

    @Dharmendra Singh
    If you want to change the SEP Manager Domain Name and also the IP address, yes this will affect to client.
    the client is always check the Manager status periodically either in Push Mode or Pull Mode. By default when you install the SEP Manager it will creates a default management server list that contains the IP address of the manager and it’s name.
    so, you need to add/reconfigure the Management Server again. from SEP Manager Console click POLICIES>Policy Components>Management Server List.
    then you must assign it to your client group or location.

    For detail info, read the Administration Guide, page 377.

  29. I want to know one thing about enabling the USB back to normal.

    But the Live Update feature is not available. The administrator has disabled it. So I want to know that can I enable my USB drive back to normal through registry? By making any registry entry enable or with filling some value can help it out?

    Please advice, whether I can enable my USB through registry as its currently disabled by Administrator. Live Update feature is also disabled.

    I use Symantec End Point 11.0

    Thanks in advance!

    • Oct12Tim Hebert – aka “Green_mountain_cruiser” Seth:Best of luck with this adventure. It was great mneeitg you at the Ramblin’ Pig in Lincoln, NH this summer. Let me know when you’ll be in Vermont and let’s have a cup of coffee.Tim

  30. I have installed sep 11.0 usb blocker in my system. Now I wants to enable USB drive for data backup purpose. but when I insert pendrive in usb port it showing message usb service stop successfully. I wants to edit this option without uninstalling SEP. thanx.

  31. I would distribute mr3 updated client not by management server.
    How I can do that?
    I see I can specify an URL address: does I need an IIS server on? Could be useful the local liveupdate server?
    Thanks a lot.

  32. after installing live update administrator and web page liveupdate administrator …..but i cannt access that page and appear error page
    ” HTTP Status 404 – /lua/ “.
    type Status report
    message /lua/
    description The requested resource (/lua/) is not available.

    can u help me ???

  33. Hi Aziz,

    how to hide the “disable Symantec EndPoint Protection” from the user side, when the user right click on the tray icon I want to hide this disable Symantec EndPoint Protection” .

    Any idea


  34. Hi,

    i have a Symantec endpoint protection on my clients computer and one domain controller(win2k3 EE) and a win2k3 SE with sep manager installed. I have 2 questions, first: what version i can install in my dc? second: how create a password before sep uninstalling?


  35. Hi Aziz,

    I have updated my SEP to MR4 and I would like to remove all other installation packages. How do I do it? Also how do I empty the summary detection or the old logs? The SEP Manager still counts those infected files that was 1 year old and has been deleted.

    Thank you for your help.


  36. I need to integrate NTP to NAC and need to registry of NTP.

    can you help me?


    • Разработка сайтов по всему миру
      Наша команда занимается созданием сайтов любого уровня сложности, от сайта визитки до сложных порталов. Сайты под ключ, От дизайна до комплексного seo продвижения.

      Создать сайт визитку
      Создание сайта визитки – отличное решение для начала бизнеса. Возможности такого сайта выходят далеко за общепринятые контактные данные и сведения о компании.

      Создан магазие интернетина
      Интернет магазин позволит получать прибыль круглосуточно и без проблем с поиском или арендой помещений. Благодаря нашей поддержке и вниманию к деталям, наш клиент получит функциональную торговую площадку в сети.

      Создание корпоративного сайта
      Корпоративный сайт станет эффективным способом распространения информации о предприятии, его истории, направлении деятельности, достижениях и предложениях на рынке.

      Разработка дизайна сайта
      Разработка дизайна сайта – это не просто создание «красивой картинки», это целый комплекс профессиональных действий, начиная от определения целевой аудитории и заканчивая сложными техническими моментами.

      Дизайн для форума IPB
      Если Вы заинтересованы в престижности и посещаемости форума, то стоит обратиться за разработкой уникального дизайна к специалистам.

      Техподдержка сайта
      Техническая поддержка сайтов осуществляется нами при возникновении любых вопросов и проблем с работой ресурса.

      Разработка мобильных приложений
      Мы разработаем для Вас мобильный интерфейс с уникальным дизайном и учетом всех современных требований.

      Продвижение сайтов
      Комплекс работ по оптимизации и раскрутка сайта, поиска оптимальных методов его продвижения в поисковых системах для выхода в топ10.

      О компании
      Мы предлагаем комплексное предоставление услуг от помощи в выборе доменного имени до наполнения сайта, продвижении и поддержки. Индивидуальный подход, нестандартные решения и эффективные инструменты для Вашего бизнеса.

  37. We have SEP MR3 on SBS 2008 and the downloads are easting up our bandwidth what is the best way to setup SEP with managed clients and the minimum downloads. We schedule it for one a week for definitions and one a mount for full SEP update

  38. I have an issue about unmanaged clients. Enabling tamper protection in these clients disables disabling of the (i)antivirus and (ii)proactive threat protection by any user who is not the administrator. However any non-administrator can still disable the network access protection as this is still allowed.

    How to fix this issue?

  39. Can anyone help em obtain any information or guidance on configuring Network Threat Protection forr Symantec Endpoint Protection and any free training courses for this. I would appreciate the help. Also if anyone has any samples configurations to let me get an idea how to configure

  40. dear aziz
    i have buy sep11 and i have too many questios about it.
    1.i cannot deploy the install packages to the client,if i search for the unmanaged computer the server see the computer.but if i start installation it says the way im using win2003 server std as my server and xp2 professional on clients. i have to install also the ep on my server or just the manager console.
    i guess thats it for now.

    thank you and more power to your blog

  41. danny

    April 16, 2009 at 1:38 am

    dear aziz
    i have buy sep11 and i have too many questios about it.
    1.i cannot deploy the install packages to the client,if i search for the unmanaged computer the server see the computer.but if i start installation it says the way im using win2003 server std as my server and xp2 professional on clients. i have to install also the ep on my server or just the manager console.
    i guess thats it for now.


    Question1: This trouble that you have normally is because the user trying to install sep doesn1t have enough permission on domain. Try with a user with admin privilegies.

    Question2: Like you a had many trouble with instalation on my dc, but finnaly i did…xd. This bring us back the first question the damn adminitrator permissions. If you have access to “administrator account” try to install via “search unmanaged client” or try this: i’ve installed first the manager on dc, then i installed the sep client but via cd,as unmanaged client and then copy the “symlink.xml”, located in installation folder of sep manager…

    lucky dude..

  42. dear aziz.

    thank you for the support…but i do it the same way you did.i run from the cd in the client and install it.i the installation keeps rolling back and say it was interrupted before it is finished.

    is it possible to copy the client intallation package and then install it to the clients manually?


    • I hope Aziz don’t be angry by trying to help you….hehe

      Did you have “administrator” account? The domain administrator? This is the only way i could install sep client on my DC, other users even with all permissions possible, never install nothing and the status on sep man saying “successfull”. But by cd method it installed.

      When the sep manager is installed by default it creates 2 install packages 32 and 64bits, if i remenber it right they are created on “programs files\ symantec… ” or you could manually create a custom install package with your preferred settings. Here the link from symantec:


  43. dear aziz

    by the sir we are using only work group in our office…i managed to install it on our server but the main problem is to deploy the client package.i try to use the administrator acount of all the work station and nothing happens.

    i hope you can help with this

    thank you

    • It’s me again…hehehe

      The computers have same administrator password? Im not sure… but in theory with this user the deployment is to be “allowed”.

      Or you just copy the setup.exe from your sep man e install it on your computers.

  44. Aziz…Is it okay to run 2 SEPM Server consoles side by side on one network in case one goes down as we don’t want to rely on updates from internet for virus definitions etc,as it will most likely crash our network

  45. dear aziz

    thank you so much for the nice tutorials.i already configure the server and all the client computers in our company..i follow all the instruction you have written here.i just want to share something to all who is with this blog.

    if you cannot deploy the client package to the computers even you have configure thier firewall and remove the simple file sharing.try to format first on of the computer of your clients.and try to deploy it to this client.before i thought it was with the configuration i make but after i decide to format my server without connecting to any client to the network.then i update the difinition and everything in my sep i found out that a virus called conficker and downadup is blocking any antivirus installation in my computers.even the sites of any anti virus is blocked.i dont know how they can do it but its true with my experience.

    once again!!!!AZIZ

    thank you very much and more power to your blog!!!!
    you’re the man dude!!!!

    • When you told about firewall, i remenber something that cause fails in deployment of sep clients…the windows xp firewall…hehe, you need to disable to work the deploy correctly…or copy from server the setup.exe and execute it.
      There’s another tips that are helpfull, like set password for remove of sep client, silent default the user could just click cancel and stop install of sep, with silent install enable that thing doesn’t happen…XD…

      And about conficker and downdup are the same..according symantec “”

      if you have all your computers updated conficker is not even a threath….

  46. dear aziz
    i have installed SEP 11 and successfully deploy the client. but in SEP manage console theris no client detect, when i try to deploy again the client that successfully deployed before appears as unknown computers. i checked on client there is SEP client installed.

    Can u help me to solve this pro blem

    Thaks alot

    • Ujang,
      If you configure SEP Manager, the better way to install SEP client is from your SEP Manager.
      From Endpoint Manager Console, click “Client” icon then click ‘Find Unmanaged Computers”. please follow the step by step on my tutorial above.

      and, as Bruno said above, please don’t forget to disable the Windows firewall on all your client first, because sometime it will make client installation failed. you can enable it again after finish the installation process.

  47. hi to all

    i have one big question,,,i have a sep 11.04 10 user and i install it already with our of now we have 5 clients using question is,,, is it possible to install it again into onther server..?because we have branch that need antivirus for its it possible?

    pls anyone who can help me with this…


    • danny

      i mean install the sep manager or sep client? if is sep client i believe there’s no problem in doing it, because your server still be managed by your sep manager at your office, presuming both locations use the same link. If you want to install sep man on a second server and both running side-to-side, i don’t have any ideia if its possible or how it works, but you can let the second server as sep man that can manage the branch clients…

      i’ll take a look and asap i return with the anwer…;)

  48. bruno

    thanks bro…just tell me if you check it out..and please can you tell if it is possible to manage clients by internet.i mean i can will deploy the clients trough internet.or if possible tell if this ten user works as ten server or 10 users,including server and clients.


    • Danny,

      I’ve found this on Symantec site, its about client deployment over VPN connections:

      “While such a method of deployment is feasible, it is not recommended due to the risk of packet loss, which can result in an incorrect installation. The recommended method is to download the SETUP.EXE program directly to the computer and then proceed with the installation locally.”
      The second part i don’t understand. Can you explain again…;)

      link where i get this info



  49. Dear Aziz,

    It would be great if you could help me in configuring policies on SEP11 MR4 for preventing users with Admin rights from disabling Symantec Endpoint Protection by right-clicking on the client system tray icon and selecting “Disable Symantec Endpoint Protection”

    • You can do this by selecting Clients tab, select desired group, then in right panel select policies and under “Location Independent Policies and Settings” select “General Settings” and there is an option to set a password to disable service

      sure, there still exist an option to disable the menu and even the tray icon, but i forgot where that is due. if i remember, I’ll leave a message here

  50. My pc has sep. Its disabling my pen drive. How to overcome this problem…Is anything to be done in regedit?

  51. Hi Aziz,
    I have a thing to ask here in this forum :
    In Symantec endpoint protection status bar we have options available on the right side of screen. We want to grey down that options button, As user can disable antivirus & antispyware disable pro-active threat protection and network threat protection etc …..

    Plz can you help us sort out this prb.
    Thanks & best regards,

  52. Hi Julkifli,
    Here is the solution to unlock the usb flash :

    Go to HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Services -> USBSTOR then on right side double on start button then change the value to 3.
    by default it should be 3.

  53. Dear Aziz,

    I am working for a big company who has remote branches.
    We are using SEP v 11.0.
    The branches get update from center but this takes much bandwidth.
    I want the update to be at the branches. I tried to install LUA server at branches but the update is still from the center. What is my problem? Do I install enpoint manager at each branch?
    Please help me in this regard.


    • Lugi,
      if you need all your client to get an update from your LUA server at branch, you need to configure “Live Update Client Policies” on your SEP manager also.

      to reduce bandwidth, better for you to install SEP manager and LUA at each branch office.

  54. Hi,

    I removed all norton products using cleanwipe. Now my USB drive is visible in the explorer. But when I try to access it, it gives an error that says “F:\ is not accessible. Access is Denied.”

    Please help to resolve this issue.


  55. hello frnd, can any one help me for intalling SEP 11.0.3 n i have to config for all clients PC, i have doubts in creating Embedded database, Could anyone can assist me pls, its ma id….

    Thanks & Regards

    Senthil Kumar.n N

    • Dude,

      Have you tried to read the “how to” at top of page? There’s a pdf with come with the install of Symantec Endpoint cd, it not hard to install…if you haven’t try find at symantec’s site.


  56. OK…this has been very helpful but I’m wondering if anyone knows exactly which processes (.exe) need to be STOPPED in order to uninstall the Symatec Endpoint program. I screwed up and somehow got Kapersky and Symantec running at the exact same time. Even though I turned symantec OFF (or so I thought) it keeps popping up with these virus notifications, which i discovered are NOT actually viruses but it’s just reading Kapersky processes as viruses. I can’t get through the uninstall process for symatec unless I can stop it from running. When I go to the task manager, my head is spinning — how the heck can I tell which processes are related to Symantec? HELP!!

    • Michelle,

      You can try NoNav at this link:
      MD5: D9915499FB9882A5906561E5EADCE881

      I have a question to you.. You’re using SEP at your company? If you are you’ll need a password if sep was configured to use it, if note just unninstall at add/remove programs….

      Good lucky

      ps: this nonav tool is used to remove many version of symantec AV’s…answer YES in all questions after finishing the process your computer should reboot after…

    • And stop the process of sep, i dont believe that really works…because sep was designed to be pratically unstoppable….hauhauahua…even if you cut the head off it still workinhg…XD

  57. I have many groups in my console like cd.usb disabled. suddenly a nightmare happened. my clients got uninstalled but the shield of symantec is there in the tray but when I open the shield ,it says “No symantec protection technologies are installed” . I was shocked… but only two groups were not changed. I saw in the log of a client it says teefer driver failed to install. A week back I migrated sepm from mr3 to mr4 mp2. Please help me

    • Siraj,

      You should try reinstallantion sep on your clients, because this could be result of a bad install…almost the times i’ve seen this thing was bad install….


      • Bruno but it worked fine for a week, suddenly how it all happened..might be some else issue is doing this..coz when i create a new group and move to the clients to that group then its working fine. if u r really intersted then u can take up the challenge… num: 9940680167.

  58. Hi,

    A quick question regarding SEPM & LUA – I have found a symantec article that sugest running both SEPM & LUA on the same server can result in poor performance (which I am currently seeing).

    After a bit of reading I am confused as to whether or not I even need to run LUA at all? Does LUA provided the latest definition updates for SEPM to distribute to the clients? Or can SEPM get the updates and distribute them without LUA?

    Any advice welcome!


    • Luke,

      Answer your question or part of it ;), the SEPM retrieve and distribute to the clients the software definitions. The LUA I don’t tried it, I only used SEPM, i don’t know what benefits it have over SEPM in retrieve and distribute definitions.
      Try out find more articles at symantec site about LUA.


    • Luke,
      Symantec LUA or LiveUpdate Administrator is application that allow you to manage SEP updates on your internal server. by using SEP LUA, you can download updates then publish the update to distribution server, so your SEP Manager and all of your client can get the updates from your LUA server instead of downloading it from Symantec.

      SEP Manager can also download / retrieve the updates then distribute to clients. but, it will more efficient bandwidth and resource if you separate this job for LUA server. and also, if you have another SEP Manager (lets say, you install SEP manager at branch office), you need to download the updates directly to Symantec also.

      I think, if you have alot of clients (above hundred) its better if you install both SEP Manager and LUA, and install it on different server.

  59. HI,

    I need some one to help to change the background of cisco ip phone in call manager RLS 7.0


    Best Regards

  60. I need Some help and Advice here..

    Did we can Use Endpoint Protection 11 to manage Client for Symantec Coporate Edidtion 10..

    We have buy Endpoint Protection 11. for new pc a the same time we have lot of old pc cannot support symantec 11.. so there have any way to we configure or setup the Endpoint Protection 11 manage symantec 10 client ??????

    • Jamal,
      actually, you can migrate Symantec legacy antivirus, but unfortunately I dont hv any experience with corporate edition. as far as I know, the migration that are supported only for Symantec antivirus client and server v9.x or later and symantec client security (client & server) version 2.x or later.

      another software, like client firewall, reporting server and norton antivirus/security; you need to uninstall it first the install SEP client.

  61. My USB drive is diasable by SEP, if I try to disable the process/service it ask for a SEP password, how do i get the usb enabled?

  62. Dear sir,

    Recently, i have problem with symantec Endpoint protection. While i want to update client from server , but it appears the message ” the command has been issued” . Could you please help to solve the problem.


  63. mas,
    mau tanya dong…kalo email supportnya apa yah!
    kebetulan kena virus nih, baru suspect sih…kalo bisa yg lokal ajah supportnya!

  64. Flash Drive / Thum Drive / USB Drive is a popular name called today. The features in data storage. Line a small squeeze mine. Can take in anywhere. If on any problems associated with Flash Drive / Thum Drive / USB Drive as Flash Drive does not detect most of which will not solve this problem. Now I have to suggestion to you.

  65. hi every one,,
    i just having problem with my sep management console,,,i cannot log on to it..and one thing more,,,i cannot see any more the green dot on the sep clients..that means they are not connected to the management console…is there a way to reset the password.and can any one tell what is the solution to this problem..

    thanks and more power


    • Find the resetpass.bat in installation’s folder of SEPM

      To use Resetpass.bat:

      1. Open Windows Explorer on the computer where you run Symantec Endpoint Protection Manager.
      2. Change directory to the :\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools folder.
      3. Double-click the Resetpass.bat executable file. The password is reset to the default password.
      4. Be sure to change the password immediately.

      I picked from symantec forum…

  66. Hi, I’ve installed SEP 11.0 MR4 on Win XP, but on SEPM while creating the client installation package to be deployed, I’m getting error code:4 saying failed to create the installation package but when I check on the client (a test) where to deploy the package, it was deployed though as self-managed, but the definitions were not updated.
    Any help regarding this issue please.

    • You already tried to reinstall SEPManager?? Are all the pre reqs Ok? Check those things and if doesn’t work it could be your install cd or some incompability file system on your server…

    • If a not wrong there options to block/allow traffic in ports on clients, take a look at firewall policies and include the port range to block traffic…

    • I just looked at symantec forum’s and found this link


      Like i said in the another post there’s rules to be applied and block many kind of apps included your torrent…XD

  67. Hi Aziz, Our SEPM is not updating virus defination after 31st Dec 2009. Is there any settings I must do in the liveupdate ?

    Hoping for quick support.

    Best Regards,


  68. hi Aziz,

    i installed SEP 11 in server/Client environment, the prob i am facing is that my Server downloaded latest Definition from Symantec site but in monitoring it always showing last definition date.

    How can i update the date of definitions downloaded.

    thanks and regards
    Imran Khan

  69. Mr. Imran,

    This is from Symantec Server and they are working on a solution and will update customers when a solution is available.

    According to Symantec : An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.

    Meraj (

  70. Mr. Imran,

    This is from Symantec Server and they are working on a solution and will update customers when a solution is available.

    According to Symantec : An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) server whereby all types of SEP definition content [AV/AS, IPS] with a date greater than December 31, 2009 11:59pm are considered to be “out of date”.

    For further details click on following url :

    Meraj (

  71. we have sepm 11 and it can only be update through jdb file.

    but when we push jdb in it its not completed and give an error..
    c\pr\sy\sepm\…..\virscan8.bat not found.

    we have remove and install live updates too.

  72. Hi Aziz,
    I downloaded trial version of SEP. Now I am supposed to get licensed versin one. But they told me that I have to clean uninstall all before I can install original (full )version. I have installed SEPM and SEP client to more than 40 computers. So is there anyway that I can uninstall client silently using SEPM?

    Thanks in advance.

  73. I’m using “Symantec Endpoint protection version 11.0.5002”
    When I search for unmanaged clients,and select which to update,and update ,
    Note : before I select Admin > Client Install Package >Export Client Install Package >Add clients automatically to selected group ,
    but Deployed client did not in the “View client” list
    please help me

  74. My Client are appearing in Default group rather than in there respective groups althoug all communications are successful.
    Please help me

  75. dear sir,

    my network administrator do a blunder mistake he apply device policy with block local area network adapter thats why all users network adapter is disabled.

    we revert that policy by van coz network is disabled and server can not comunicate users.

    what to do …


  76. Nice Blog. I downloaded SEP full version (from Rapidshare), will it update automatically and how may clients can i install . It dosent seem to ask for any password or key or registeration ??

    (Symantec corporate 10.xx was like free, download and install)


  77. Hi Friends,

    In our SEP manager I m unable to see monitor logs … can anyone please assist.

    Thanks in advance

  78. Pingback: Software technology tips and tricks time saving: how to disable / Block USB Devices (thumb / flash / external/)

  79. As salam ale kum,

    Dear Aziz,

    Thanks for nice blog.
    My PC (XP)was a part of domain having SEP installed and managed from server.
    I physically removed my PC from network and know it is standalone. SEP client still exists and works fine with existing local accounts. However everytime I logon to newly created(after disconnecting from domain) local account windows fails to configure SEP for this account and it goes in loop and I cannot work with this new local account.

    Kindly advise how to stop this loop.

    best regards.

    • Hi Mubeen,

      This loop on sep it only happen to me on previus versions like sep MR1, it happen when i tried to copy admin’s profile to default’s profile.

      With the new releases of sep – MR4 and MR5 this issue was fixed and I never see it again, in both modes stand alone and managed clients.

      If your version is updated you can try find some info at symantec forums…

      Good lucky!

  80. Hy,,

    My problem Symantec Endpoint Protection Manager Console logon … help me how i can change or reset or retrieve the password

    • Hi Shailendra,

      The solution for your problem is here….hehehe
      Another user already asked about reseting admin pass.



      August 5, 2008 at 6:41 am

      You can use ‘resetpass.bat’ file, it will reset the password for the Symantec Endpoint Protection Manager admin account.
      1. open Windows Services, then stop ‘Symantec Endpoint Protection manager’
      2. Go to:
      C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools
      then, double-click the Resetpass.bat.
      3. start again the ‘Symantec Endpoint Protection manager’ service.
      4.Launch Symantec Endpoint Protection Manager Console
      user: admin
      password: admin

  81. hi Aziz

    great info here – thanks.
    i am trying to temporarily disable SEP on a client because it appears to be interfering with installing windows sp3 pack (i get a kernel32.dll error when trying to instal this).
    How do i un-grey the “disable/enable Symantec Endpoint Protection” options on clients? I have tried doing the opposite of the steps that are suggested for greying out this this option but with no success.



  82. Hi Aziz, I want to install Symantec Endpoint protection client on windows 7 64 bit Toshiba Laptop but cannot. Do you have any solution for this.

    Hoping forward to hear from you asap.


    • Meraj,

      It’s been a while since I’ve installed sep on Win 7 64bit, but I remenber that’s necessary install liveupdate first and then install sep client.

      If you have the package (*.EXE) unrar it and look for liveupdate setup and run reboot your note and then install sep.

      Good luck with that…. 😉

  83. Best you should make changes to the post title Symantec EndPoint Protection How-To AZIZ's BLOG to something more specific for your blog post you write. I enjoyed the blog post still.

    • hi
      I m facing a problem that my pc has been installed by symantec end point 11.0 client.

      if network threat protection is enable hot mailis showing as page can not display but other websites i can.

      if network threat protection disabled hot mail also opening

      can any body help me I disabled firewall also even though same problem


  84. if installing SEPM on XP computer, will it be a member of domain or workgroup? plus which user will be used to login, a domain user or a local administrator will work?

    Many thanks.

    • touseef,

      I recommend you install SEPM in a OS server like windows server 2003 or 2008, because win XP only can accept 10 connections per time.
      Now about your network it depends, if your enviroment is a workgroup (No domain controller) you will use a local admin to log on, if is a domain (domain controller present) you use a domain account.

      Got it?

  85. i already have SAV 10 running on Domain Controller (win server 2003) .

    I am afraid things will mess up if i try to upgrade it to SEP 11. What is the best option to do so?

    either uninstall SAV 10. and then reinstall SEP or there is a way i can upgrade directly from SAV 10 to SEP 11?

    I have read a lots of forums on this, and people have problems upgrading from SAV to SEP.

    • Hi,

      I don’t know about issue when upgrading from SAV to SEPM, you should read the documentation about it.

      On client machines the process is easy – you could do the upgrade from SEPM through schedule or doing a scan on your domain and then deploy SEP client. A third option is creating a package with your selected features and then running on each client (more effort… eheheh)

    • Dear Can you pl. share how u install SEP 10 on DC bc I have problem like

      “To contune the installation make sure that the internet information services (IIS) world wide web publishing service is installed and running on the computer that run IIS 7.0 or later the following IIS role services must also be installed , CGI, and IIS 6.0 management compatibility”

      Your early response will be higly appreciable


  86. Dear Aziz,

    Salam Alaikum,

    We’re facing really a big prb in our network which has around 300 pcs.

    The problem we are facing is W32.Downadup virus threat.
    I have downloaded the removal tools from symantec website to kill so called virus downadup but it remains there in user’s machine.

    Kindly give me a permenent solution so we never see again w32.downadup virus.

    Jazzak Allah Khair,


  87. how to install in windows server 2003, this main using symantec ednpoint protection antivirus supported to the client system but in system how to install the sep plz tell me
    the error ‘you asked to vendor’ is displaying

  88. in my organization windows server 2003 pc is used for symantec endpoint protection live updated purpose using but in this system symantec endpoint protection install then one msg display ‘plz contact the vendor person’ plz tell me how to install antivirus in this system

  89. Hello,

    WHat is the procedure to install SEP 11 licensing on server as well as clients. I am installing 1 sep server & i have 200 clients
    kindly pls tell me the way of licensing on it.

  90. How can I install Symantec Endpoint Management Console 11.0 on Windows Server 2008 64bit. I’ve been able to install the antivirus but I can’t install the Management Console. When I start the installation, it tells me it cannot be installed on windows vista. Please try and help me because I have bout the media and the license already.

  91. In the SEP, as per company security policy they have disabled my CDROM, USB port and bluetoth. I have admin rights for my laptop but dont have the SEP password. So is it possible to change the security policy of my laptop or disable SEP without the SEP password???

    • with SEP it would depend on GP setup in windows as well.
      as SEP has LDAP tie in to push and configure global policies on windows machines also , you will notice when you are on network you will not have acccess to certain features on your laptop.

      You cannot disable without password from SEM

  92. Dear Sir ,

    For Window Server Enterprise 2008

    Error occurs

    *To continue the installation make sure that the IIS , W3SVC is installed
    and running on the computer that run IIS 7 or later the following IIS role
    services must also be installed *
    *ASP.NET , CGI , and IIS 6.0 management compatibility *

    Pl guide me accordingly

    Your early response will be highly appreciable

  93. Salam Br. Saif Ul Aziz,
    Thanks for the information.
    Today I updated windows server 2008, then after its restarted when I tried to login to Symantec endpoint protection manager. Its giving message that to check if server is working fine. However I open this website ( read the details here and checked if the windows services for SEPM were working fine. Then I noticed that service was not working. So I started the service for SEPM then everything was working fine.
    Thanks indeed for the information.

  94. hii..
    i wanna ask, how to installed SEPM in VLAN concepts
    because i’ve tried it but when i want to deploy it only reads current groups
    there 5 groups in my VLAN, the only groups detected is the current groups where the server placed.
    how to reads the another groups when to deploy it..
    need help soon

  95. My partner and I stumbled over here from a different web page
    and thought I might check things out. I like what I see so now i
    am following you. Look forward to looking over your web page yet again.

  96. I just couldn’t depart your web site prior to suggesting
    that I really enjoyed the usual info a person supply for your
    visitors? Is gonna be again continuously to check out
    new posts

  97. Please let me know if you’re looking for a article author for your weblog.

    You have some really great posts and I think I would be a good asset.
    If you ever want to take some of the load off, I’d love to write some content for your blog in exchange for a link back to mine.
    Please shoot me an e-mail if interested. Kudos!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.