TDR and Symantec. Integration Guide

Similar documents
TDR and Microsoft Security Essentials. Integration Guide

TDR and Windows Defender. Integration Guide

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

Mitel Cloud VOIP. Integration Guide

Threat Detection and Response. Deployment Guide

SecureW2 and Wi-Fi Cloud. Integration Guide

TDR and Symantec. Integration Guide

TDR and Avast Business Antivirus. Integration Guide

Fireware. AP Deployment Guide. WatchGuard APs Gateway Wireless Controller Fireware OS v12.1

TDR and Sophos Software. Integration Guide

TDR and Kaspersky. Integration Guide

TDR and Panda Fusion. Integration Guide

TDR and ESET Endpoint. Integration Guide

TDR and McAfee. Integration Guide

TDR & Bitdefender. Integration Guide

TDR and Malwarebytes. Integration Guide

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

TDR and Trend Micro. Integration Guide

Configuration Example

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

WatchGuard XTMv Setup Guide

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Configuration Example

SOLO NETWORK. UTM-Enabled Network Protection. Unlocking the Promise of

Threat Detection and Response Release Notes Introduction

Securing Your Airspace with WatchGuard s Wireless Intrusion Prevention (WIPS)

OUR SECURITY, DELIVERED YOUR WAY

Quick Start Guide WatchGuard Technologies, Inc.

WatchGuard Technologies

NetIQ Secure Configuration Manager Installation Guide. October 2016

Quick Start Guide. WatchGuard XCS Platform Appliance Models: 170, 370, 570, 770, and 770R. Guide de démarrage rapide Kurzanleitung Guida introduttiva

Skybox Product Tour. Installation and Starting Your Product Tour Tour Login Credentials: User Name: skyboxview Password: skyboxview

Endpoint Security for DeltaV Systems

NTP Software File Auditor for Windows Edition

Symantec Industrial Control System Protection (ICSP) Support for DeltaV Systems

Integration Guide. AlienVault Unified Security Management (USM)

User Guide. We protect more people from more online threats than anyone in the world.

AP120 INDOOR ACCESS POINT

Symantec Endpoint Protection

OUR SECURITY DELIVERED YOUR WAY

Revised: 22 November Integration Guide

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Independent DeltaV Domain Controller

Altiris Client Management Suite 7.1 from Symantec User Guide

Key Features. DATA SHEET

Evaluation Program for Symantec Mail Security Appliances

TECHNOLOGY PARTNER. WatchGuardONE Technology Partner Program Guide. Partner. Promote. Solve.

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

LifeSize Gatekeeper Installation Guide

McAfee MVISION Endpoint 1811 Installation Guide

Copyright 2018 Lepide Software Private Limited. All rights reserved.

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Growth Leadership, Unified Threat Management (UTM) Global, 2010

WatchGuard System Manager Fireware Configuration Guide. WatchGuard Fireware Pro v8.1

Exclaimer Signature Manager 2.0 Release Notes

Daniel MeterLink Software v1.40

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes

Avigilon Control Center Virtual Matrix User Guide. Version 5.4.2

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENSv2 for cloud and on-premises deployments

Implementing and Supporting Windows Intune

This document provides instructions for the following products.


Odin. SMB Cloud InsightsTM GLOBAL

Symantec Network Access Control Starter Edition

Cisco Jabber IM for iphone Frequently Asked Questions

AMS Machinery Manager

Exclaimer Auto Responder 1.0 Release Notes

NTP Software File Reporter Data Collection Agent for Windows

Endpoint Security Policies Reference

Access Rights Manager

Manual. DriveLock Setup. Quick Start Guide

Symantec Network Access Control Starter Edition

Cisco Jabber for Android 10.5 Quick Start Guide

Configuring Symantec Protection Engine for Network Attached Storage for Hitachi Unified and NAS Platforms

Syncplicity Panorama with Isilon Storage. Technote

McAfee MVISION Endpoint 1808 Installation Guide

Symantec Network Access Control Starter Edition

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

FIREWALL BEST PRACTICES TO BLOCK

McAfee Network Security Platform 9.1

Exclaimer Outlook Photos 1.0 Release Notes

Symantec Client Security. Integrated protection for network and remote clients.

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Integration Guide PRTG

Avigilon Control Center Virtual Matrix User Guide

Installation and User Guide Worksoft Certify Content Merge

Configuring Symantec AntiVirus for BlueArc Storage System

Enhancing VMware Horizon View with F5 Solutions

Centrify Infrastructure Services

Exclaimer Mail Disclaimers 1.0 Release Notes

Exclaimer Mail Disclaimers 1.0 Release Notes

Installation Guide. Copyright 2011 Bitdefender

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Elixir Repertoire supports any Java SE version 6.x Runtime Environment (JRE) or later compliant platforms such as the following:


Transcription:

TDR and Symantec Integration Guide

i WatchGuard Technologies, Inc.

TDR and Symantec Deployment Overview Threat Detection and Response (TDR) is a collection of advanced malware defense tools that correlate threat indicators from Fireboxes and Host Sensors to enable real-time, automated response to stop known, unknown, and evasive threats. As part of the TDR solution, you install TDR Host Sensors to provide endpoint protection. In some cases, the TDR Host Sensor might have conflicts with the antivirus software installed on your endpoints. To resolve this issue, you can configure exclusions in the antivirus software and in TDR. This document includes information about the integration of a TDR Host Sensor with a host that runs Symantec. It does not describe the procedure to set up Threat Detection and Response. For information about how to set up your TDR account, how to enable TDR on a Firebox, and how to install a Host Sensor, see Quick Start Set Up Threat Detection and Response. Integration Summary To avoid conflicts between the TDR Host Sensor and Symantec, add these exclusions: Exclusions in TDR for Symantec For Windows: o C:\Program Files (x86)\watchguard\threat Detection and Response\ Exclusions in Symantec for the TDR Host Sensor For Windows: o 64-bit Windows C:\Program Files (x86)\watchguard\threat Detection and Response\ o 32-bit Windows C:\Program Files\WatchGuard\Threat Detection and Response\ Exclusions in TDR for Symantec For Mac: o /Library/Application Support/Symantec/ o /private/var/folders/zz/zyxvpxvq6csfxvn_ n0000000000000/c/pkinstallsandboxmanager/*.activesandbox/root/applications/syman tec Solutions/ Exclusions in Symantec for the TDR Host Sensor For Mac: o /Applications /WatchGuard If the Host Sensor and Symantec detect and respond to a threat at the same time, this can cause high utilization of system resources such as CPU, memory, and disk I/O. TDR and Symantec Integration Guide 1

Configuration Details To complete the tested deployment, you must have: An active Threat Detection and Response subscription with Host Sensor licenses. Windows 7, 8 or Windows 10. Firebox with Fireware v12.0 or higher. TDR Host Sensor 5.2.1.8015. Symantec Endpoint Protection 14.0.2415.0.200, for both Windows and Mac. The Windows test environment for this deployment included: Windows 7 8, 10 Enterprise 64-bit Operating System Memory (RAM) 8 GB Processor 4 CPU Cores The Mac test environment for this deployment included: macos 10.13 Memory (RAM) 8 GB Processor Intel core i5 2 WatchGuard Technologies, Inc.

Configure Exclusions in TDR In your TDR account, add the exclusions to manually identify paths for files and processes that you do not want Host Sensors to monitor. Before you deploy a Host Sensor on computers that have Symantec installed, add exclusions for the Symantec file paths as TDR Exclusions in your TDR account. To exclude Symantec directories, add exclusions with these paths in your TDR account. Folders specified in an exclusion must end with a backslash. Exclusions for Windows: C:\ProgramData\Symantec\ C:\Program Files (x86)\symantec\symantec Endpoint Protection\ C:\Program Files (x86)\symantec\symantec Endpoint Protection Manager\ Exclusions for Mac: /Library/Application Support/Symantec/ /private/var/folders/zz/zyxvpxvq6csfxvn_ n0000000000000/c/pkinstallsandboxmanager/*.activesandbox/root/applications/symantec Solutions/ To add an exclusion in TDR: 1. Log in to your TDR account or managed account as a user with Operator privileges. 2. Select Configuration > Exclusion. 3. Click Add Exclusion. The Add Exclusion dialog box appears. 4. In the Path text box, type the path to exclude. 5. Click Save. Repeat these steps to add each exclusion. TDR and Symantec Integration Guide 3

Configure Exclusions in Symantec In Symantec add exclusions to identify the paths for files and locations to exclude. To prevent conflicts between the Host Sensor and Symantec, we recommend you add exclusions in Symantec for the paths used by the TDR Host Sensor. To exclude TDR Host Sensor files on 64-bit Windows add an exclusion for: C:\Program Files (x86)\watchguard\threat Detection and Response\ To add an exclusion in Symantec For Windows: 1. Open Symantec Endpoint Protection. 2. Click Change Settings. 3. Click Configure Settings in Exceptions. 4. Click Add - Security Risk Exceptions-Folder to add the exclusions. To exclude TDR Host Sensor files on macos add an exclusion for: /Applications /WatchGuard To add an exclusion in Symantec For Mac: 1. Click Finder > Applications > Symantec Solutions > Symantec Endpoint Protection. 2. Click Settings. 3. Click Configure under Scan Zone Settings. 4. Enable Don't Scan. 5. Click Add to add the exclusions. For information about the integration testing methodology, see TDR Testing Methodology. 4 WatchGuard Technologies, Inc.

About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product. Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Guide revised: 1/18/2018 Copyright, Trademark, and Patent Information Copyright 1998 2018 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names mentioned herein, if any, are the property of their respective owners. Complete copyright, trademark, patent, and licensing information can be found in the Copyright and Licensing Guide, available online at http://www.watchguard.com/wgrd-help/documentation/overview. About WatchGuard WatchGuard Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company s mission is to make enterprisegrade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Address 505 Fifth Avenue South Suite 500 Seattle, WA 98104 Support www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.521.3575 Sales U.S. and Canada +1.800.734.9905 All Other Countries +1.206.613.0895 TDR and Symantec Integration Guide 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback