Posted on

Symantec is blocking me creating a Client Installation Package

I need a solution

Here is the log:

[AC13-1.3] Block from launching other processes - Caller MD5=9021640543c224ead0152983f446e383 - Target Arguments=""C:\Users\xxxx\AppData\Local\Temp\9\scmhelper_1518711714731.ini" GetDiskSpace "C:\support\SEP 14 Clients\SEP14_Virtual Server""

How do I get past this?

Thanks!

0
Posted on

VDI package and Virtual Image Exception Tool

I need a solution

I could still use a little help wrapping my head around how to install SEP14 on our Citrix environment.

I have about 45 virtual servers that are configured as VDA-agents.  Do I need to run the Virtual Image Exception Tool on each of these servers, and then instal the SEP VDI package on those servers?

Thank you.

0
Posted on

VDI package and Virtual Image Exception Tool

I need a solution

I could still use a little help wrapping my head around how to install SEP14 on our Citrix environment.

I have about 45 virtual servers that are configured as VDA-agents.  Do I need to run the Virtual Image Exception Tool on each of these servers, and then instal the SEP VDI package on those servers?

Thank you.

0
Posted on

Best practice for groups/policies

I need a solution

With so many different servers playing so many different roles (SQL, Exchange, DC, Web, File, Print, etc), how do recommend breaking out groups?

For example - on one end of the spectrum, I could have one group called "Physical Servers" and drop all of my physical servers in that group (SQL, Exchange, DC, Web, etc, etc).  From a policy standpoint (I'm mostly concerned about EXCEPTIONS for this example) I'd have ALL of my necessary exceptions for ALL of these server roles in ONE policy called "Physical Server Exceptions Policy".  This is obviously the EASIER route, but not very secure.

On the other end of the spectrum, I could break out my "Physical Servers" group into MANY different subgroups and have a different set of policies per every server role.  This route seems unnecessarily granular and complex.

Is there a happy medium?

Any thoughts on this matter?

Thank you!

0
Posted on

Best practice for groups/policies

I need a solution

With so many different servers playing so many different roles (SQL, Exchange, DC, Web, File, Print, etc), how do recommend breaking out groups?

For example - on one end of the spectrum, I could have one group called "Physical Servers" and drop all of my physical servers in that group (SQL, Exchange, DC, Web, etc, etc).  From a policy standpoint (I'm mostly concerned about EXCEPTIONS for this example) I'd have ALL of my necessary exceptions for ALL of these server roles in ONE policy called "Physical Server Exceptions Policy".  This is obviously the EASIER route, but not very secure.

On the other end of the spectrum, I could break out my "Physical Servers" group into MANY different subgroups and have a different set of policies per every server role.  This route seems unnecessarily granular and complex.

Is there a happy medium?

Any thoughts on this matter?

Thank you!

0
Posted on

What is VDI

I need a solution

I need a little clarification about what constitutes a "VDI".  I have a Vitrtual Citrix environment that contains 40 XenApp VDA-Agents.  Would I create a VDI install package for those servers, and then treat my other Citrix servers (Xenapp Controllers, Xenapp Storefron Servers, License/SQL/File Servers, etc) as a just a standard VM client?

Thank you.

0
Posted on

Scan Exception for SEP14

I need a solution

Hello.  I'm in a new role, and it's my primary duty to transition my company from a Trend Micro AV product to SEP14.  The current scan exceptions are currently set for our Trend Micro clients.  Are these considered best practice for SEP14 as well?

Desktops and Laptops


C:\Program Files (x86)\ Citrix, Google, Microsoft Office, Microsoft SQL Server, Mozilla Firefox, ScanSoft, Neevia.com
C:\pagefile.sys  
C:\windows\system32\ spoolsv.exe
d:\pagefile.sys  

Citrix Servers


C:\Program Files (x86)\ CA, Citrix, Google, MIP, Microsoft Office, Microsoft SQL Server, Mozilla Firefox, Neevia.com
C:\Program Files\ Citrix, Citrix\1, Common Files\Citrix, Citrix\Independent Management Architecture
C:\Windows\ Microsoft.NET\Framework\v2.0.50727\Temportary ASP.NET Files\citrix_pnagent, SoftwareDistribution\DataStore
C:\Windows\ system32\WBEM\Logs, System32\IIS
D:\  
D:\pagefile.sys  
C:\Windows\System32\ drivers\CVhdBusP6.sys, drivers\CVhdMp.sys, drivers\CfsDep2.sys, drivers\bnistack6.sys
C:\Windows\System32\ csrss.exe, smss.exe, spoolsv.exe, userinit.exe, winlogon.exe, 
D:\pagefile.sys  

Standard Servers


C:\Program Files (x86)\ CA, Citrix, Google, MIP, Microsoft Office, Microsoft SQL Server, Mozilla Firefox, Neevia.com
D:\MIP Share  
D:\Program Files (x86)\ Microsoft SQL Server
D:\Program Files\ Microsoft SQL Server
c:\pagefile.sys  
d:\pagefile.sys  
0
Posted on

Microsoft Recommended Exceptions for anti-virus

I need a solution

I'm currently reading up on recommended anti-virus exceptions for Exchange Servers.  It turns out, there are a SLEW of them:

https://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx#Directory

Is SEP14 smart enough to exclude these as-is, or will I need to go through and enter each one of these exclusions into my policies?

Thank you.

0
Posted on

Install Client Feature Set vs Client Policies

I need a solution

Let's say I create 2 groups: One is named "Server-Full-Protection" and the other is named "Server-Basic Protection"

My next step is installing a "Full Protection" client on one server and putting it in the "Server-Full Protection" group.  Then, I install a "Basic Protection" client on another server and put it in the "Server-Basic Protection" group.

My first question is:  Will the policy settings in those groups change to reflect what is installed on the servers via the client? (i.e. - which protection technologies are checked in the policies)

My second question: If I decide to switch these servers to opposite groups, will those protection technologies automatically enable/disable?

Thank you for your help.

0