How to increase the sensitivity of Proactive Threat Protection in Symantec Endpoint Protection 11.x

book

Article ID: 178113

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You are dealing with a virus outbreak and need to increase the sensitivity of the Proactive Threat Protection component of Symantec Endpoint Protection.

 

Resolution

The Proactive Threat Protection component of Symantec Endpoint Protection can be used to help prevent the spread of threats to protected machines. To make manual adjustments to the sensitivity of Proactive Threat Protection:

1. Log in to the Symantec Endpoint Protection Manager.
2. Click the Policies tab on the right side.
3. Under the View Policies section, click Antivirus and Antispyware.
4. In the Tasks section, click the Add an Antivirus and Antispyware policy.
5. The Antivirus and Antispyware policy window will open, in the Overview window you can specify a policy name, for example 'Outbreak Policy', and give a description for the policy.
6. Select TruScan Proactive Threat Scans on the right side.
7. In the Scan Details tab of the TruScan Proactive Threat Scans window, uncheck the box 'Use defaults defined by Symantec.
8. At the 'When a trojan or worm is detected within the sensitivity threshold:' pull down menu, select 'Terminate'.
9. Adjust the slider bar for 'Sensitivity' to your desired threshold.

Note: The higher the sensitivity is set, the higher the possibility for a false positive. To determine what sensitivity level you need to mitigate false detections, you should test the policy with the action for 'When a trojan or worm is detected within...' to 'Log Only' and then deploy the policy to a test client and verify the sensitivity meets your needs.

10. Click the OK button in the Antivirus and Antispyware window.
11. You will be prompted to assign the policy. Click the 'No' button.

You can then make a custom client group for a test client, apply the policy to that clients group and use the process outlined in steps 6-9 above to edit the sensitivity.

To assign the policy to a group:

1. Right click on the Outbreak policy and select 'Assign'.
2. Select the group(s) you wish to assign the policy to.
3. Click the Assign button at the bottom of the Assign Antivirus and AntiSpyware Policy window.
4. Confirm the policy assignment by clicking the 'Yes' button.



References
Pages 449-512 of the Administrator's Guide for Symantec Endpoint Protection and Symantec Network Access Control have further detail on TruScan configurations.