UCSF home page UCSF home About UCSF Search UCSF UCSF Medical Center

Security Incident

Report Problem
Lost/Stolen Device

VPN

Login to vpn@ucsf
VPN Help

image of phone Help

blank Login to help@ucsf
blank email us
blank Call (415) 514-4100,
blank Option 2




Advanced Search
Recent Changes

Symantec Endpoint Protection (SEP)

Symantec Endpoint Protection (SEP) is designed to detect, remove, and prevent the spread of viruses, spyware, and other security risks.  The SEP client combines various client security technologies under a single application to help protect your computer without sacrificing performance.  It provides your Windows computers with anti-virus (AV), anti-spyware, intrusion prevention (IPS), proactive threat scanning, and personal firewall capabilities.  SEP scans local hard disks, monitors file access, and monitors network traffic to detect potential threats and blocks any necessary access until the threat has been resolved.  In addition, the UCSF SEP client will automatically keep both the client software and security definitions (AV and IPS) updated for the most complete protection.

System Requirements

Hardware Requirements:

  • RAM:
    • 256MB minimum (1GB Recommended) for Windows XP
    • 1GB minimum (2-4GB Recommended) for Windows Vista, Windows 7, Windows Server 2003, and Windows 2008, Mac OS X
  • Hard Drive: 600MB (32-bit) / 700MB (64-bit)
  • Processor: 
    • Windows: 1GHz PentiumIII or above (Note: Itanium is NOT supported)
    • MacOS X: Intel Only

Supported Operating Systems:

32-bit Systems:

  • Windows 7 (all x86 versions)
  • Windows Vista (all x86 versions)
  • Windows XP (Service Pack 2 and above)
  • Windows Server 2003 (Standard, Enterprise, Datacenter, Storage, Web, and Small Business Server Editions)
  • Windows Server 2008 (Standard, Enterprise, Datacenter, and Web Server Editions) (R2 and all Service Packs supported)
  • Mac OS 10.4 - MacOS 10.6+

64-bit Systems:

  • Windows 7 (all x64 versions)
  • Windows Vista (all x64 versions and Service Packs)
  • Windows Server 2003 (Standard, Enterprise, Datacenter, Storage, and Small Business Server Editions)
  • Windows Server 2008 (Standard, Enterprise, and Web Server Editions) (R2 and all Service Packs supported)
  • Windows Essential Business Server 2008 (Standard and Premium Editions) (R2 and all Service Packs supported)
  • Windows Small Business Server 2008 (Standard and Premium Editions) (R2 and all Service Packs supported)
  • MacOS 10.6+

Installation:

Windows Installation:

  1. Download the latest UCSF SEP Client installer from the Software Download Site
    • there are two Windows clients: a 32-bit client (SEP11.0.6300-UCSF-x86.exe) and a 64-bit client (SEP11.0.6300-UCSF-x64.exe)
    • certain departments have custom installers, please check with your CSC for more information
  2. Double-click the file to begin the installation process
    • You must have administrator privileges to install the SEP client. If you are running a 64-bit client and receive a 'setup.exe could not run' error, right-click on the file and click on 'Run as administrator...'

  3. If you have SophosAV, Webroot Spysweeper, and/or Sygate Personal Firewall currently installed, you will be prompted to uninstall each one separately.  Click on the 'Yes' button for all of these windows.
    sep-uninstallothers
  4. After the installer has verified that the previous UCSF Security Client applications are no longer installed, a Symantec Endpoint Protection dialog box should appear and begin the installation
    sep-install
  5. During the installation process, LiveUpdate may launch and search for any available updates
    sep-liveupdateexpress
  6. Once the installation is complete, you will be prompted to restart your computer
    sep-install-restart
  7. After your computer reboots, the installation should be complete and the Symantec Endpoint Protection icon with a green dot will appear in the taskbar on the bottom right of your screen.

Mac OS X Installation:

  1. Download the latest UCSF SEP Client installer from the Software Download Site
    • there is one MacOS X client: SEP11.0.6300-UCSF-MacIntel.zip
    • certain departments have custom installers, please check with your CSC for more information
  2. Double-click the file to unarchive the installer, then double-click the file SEP11.0.6300-UCSF_MacOSX-Intel.mpkg
    • By default Mac OS X will download the zip file and automatically unarchive the file and run the mpkg installer.

  3. the "Install Symantec Endpoint Protection" window should appear and you will be prompted to determine if the software can be installed, click 'Continue'
    sepmac-install-1
  4. in the "Introduction" screen, click 'Continue'
  5. in the "Read Me" screen, click 'Continue'
  6. in the "License" screen, click 'Continue'
  7. a dialogue window will appear asking of you agree to the software license agreement, click 'Agree'
    sepmac-install-5
  8. in the "Destination Select" screen, choose your system drive and click 'Continue'
  9. in the "Installation Type" screen, click 'Install'
  10. you will be prompted to enter in an Administrator account name and password, type in your Administrator credentials and password, click 'Ok'
  11. a dialogue window will appear informing you to close all applications before proceeding, click 'Continue Installation'
  12. the "Installation" screen will let you know the progress of the installation
    • If you had Sophos Anti-virus 7.x installed, the Sophos shield on your menu bar may disappear.  This is normal; the UCSF SEP for Mac installer will automatically un-install Sophos Anti-virus to prevent system conflicts.

  13. Once the installation is complete, you should get a green check telling you the installation was successful, click 'Logout'
    sepmac-install-10
  14. After you log back in, you should now see SEP's circular black and yellow icon on your menu bar
    sepmac-install-done
    Click to enlarge

Updating Security Definitions (Anti-virus and IPS)

Campus Clients

Windows clients connected to the campus network will automatically receive updates to security definitions on a regular basis from the campus SEP servers.  

Mac client will receive updates to security definitions via LiveUpdate on a nightly basis.

Off-Campus Clients

Off-campus clients are scheduled to receive updates via LiveUpdate on a weekly basis every Sunday at 8pm for Windows, and nightly at 9pm for MacOS X. 

If you are off-campus (a non-UCSF network) you can run LiveUpdate manually.  In Windows, double-click on the SEP icon in your taskbar at the lower-right corner of your screen, then clicking on 'LiveUpdate' button in the Symantec Endpoint Protection window.  In Mac OS X, click on the SEP icon on your menu bar,  select 'LiveUpdate', then click on 'Update Everything'.

To modify the LiveUpdate schedule:

  1. double-click on the SEP icon in your taskbar at the lower-right corner of your screen to bring up the 'Symantec Endpoint Protection' program
  2. click on the 'Change Settings' button on the left hand side
  3. next to 'Client Management', click on the 'Configure Settings' button
  4. click on the 'Scheduled Updates' tab at the top of the 'Client Management Settings' window
  5. modify the 'Frequency' and 'When' fields to your preference
    • Choosing the 'Frequency' to 'Continuously' may cause system performance issues.  We highly recommend against choosing this option. 

    • On average, Symantec releases mini-updates four times a day.  Choosing an update schedule anywhere from 12 hours to once a week is acceptable.  The longer the frequency time, the larger the update which requires a longer time to download and more system resources during the update.

  6. click the 'OK' button for the new schedule to take into effect

Manually updating clients off-line

If you are infected with a new virus that is not being detected properly and have taken your computer off-line (not connected to the internet) to prevent propagating the virus on your network, you can still update your virus definitions manually. 

You will need another computer that is connected to the internet and a removable media device such as a thumbdrive or cd-r. 

To manually update your definitions off-line:

  1. Go to a different machine that is free of viruses and connected to the internet
  2. Using the clean machine, go to Symantec's Download Virus Definitions page
  3. Under 'Download Definitions by Product', click on 'Select Product'
    • for Windows, choose 'Symantec Endpoint Protection'
    • for Macs, choose 'Symantec Endpoint Protection for Macintosh '
  4. Download the appropriate file for your platform onto your removable media
    • For 32-bit Windows Clients, choose the file under the section 'Symantec Endpoint Protection Client Installation on Windows platforms (32-bit)'
    • For 64-bit Windows Clients, choose the file under the section 'Symantec Endpoint Protection Client Installation on Windows platforms (64-bit)'
    • For MacOS X (both 32 and 64 bit), download the file beginning with "NavM_Intel_Installer"
  5. Take your removable media and load it onto the computer you wish to update
  6. On the computer you wish to update, double-click on the file you downloaded
  7. You will be prompted to update your virus definitions.  Click the 'Yes' button. 
  8. You will be notified after the update is complete.  Click the 'Ok' button to complete the process.

Running Scans

By default, the UCSF SEP Client has Proactive Threat Protection enabled and is scheduled to run a full System scan weekly to help protect your computer.  Both of these features happen in the background and require no interaction unless a threat is found.  If you suspect that your computer might have a virus or worm, we recommend running a manual scan to try to fix the issue.  If your computer is often connected to networks that are prone to attacks, you may also want to schedule scans more regularly.

Running a Manual Scan

  1. open the 'Symantec Endpoint Protection' window by double-clicking on the SEP icon in your taskbar at the bottom-right corner of your screen
  2. on the left side of the window, click on 'Scan for threats'
  3. click on the type of scan you want to run:
    • 'Run Active Scan': will run a scan on commonly infected areas such as the Windows System folders and Temporary Internet Files folders.
    • 'Run Full Scan': will run a scan on your entire computer, except for Network Drives
  4. the scan will run and give you a report of anything it finds
    • the scan will tell you which filenames contained risks, what type of risk the file contains, and the action it took or recommends taking
  5. After the scan has completed and all actions taken, click on the 'Close' button to close the window

Running a Custom Scan

  1. open the 'Symantec Endpoint Protection' window by double-clicking on the SEP icon in your taskbar at the bottom-right corner of your screen
  2. on the left side of the window, click on 'Scan for threats'
  3. click on the 'Create a New Scan' link in the middle of the window
  4. choose 'Custom Scan' then click on the button 'Next'
  5. set your options for the scan, then click on the button 'Next'
  6. choose 'On demand', then click on the button 'Next'
  7. type in a name for the scan and a description for the type of scan you are creating
  8. click on the button 'Finish', the main SEP window should now list your scan under the 'Scan Name'
  9. right-click on the scan your just created, and click 'Scan Now'the scan will run and give you a report of anything it finds
    • the scan will tell you which filenames contained risks, what type of risk the file contains, and the action it took or recommends taking
  10. After the scan has completed and all actions taken, click on the 'Close' button to close the window

Schedule a Custom Scan

  1. open the 'Symantec Endpoint Protection' window by double-clicking on the SEP icon in your taskbar at the bottom-right corner of your screen
  2. on the left side of the window, click on 'Scan for threats'
  3. click on the 'Create a New Scan' link in the middle of the window
  4. choose the type of scan you wish to schedule then click on the button 'Next'
  5. set your options for the scan, then click on the button 'Next'
  6. choose 'At specified times', then click on the button 'Next'
  7. verify there is a check next to the 'Enable' checkbox 
  8. choose your 'Scan Schedule', then click on the button 'Next'
  9. type in a name for the scan and a description for the type of scan you are creating
  10. click on the button 'Finish', the main SEP window should now list your scan under the 'Scan Name'

Scanning a Specific File or Folder

  1. right-click on the file or folder you want to scan
  2. in the context menu that appears, click on 'Scan for viruses...'
  3. the scan will run and give you a report of anything it finds
    • the scan will tell you which filenames contained risks, what type of risk the file contains, and the action it took or recommends taking
  4. After the scan has completed and all actions taken, click on the 'Close' button to close the window

Getting Help

Please check our SEP FAQ page for answers to frequently asked questions and solutions to common issues.  Also, the SEP Client Guide from Symantec can be downloaded here (application/pdf, 1.7 MB, info).

For additional help, please contact the ITS Customer Service Desk by sending email to customersupport@ucsf.edu or calling us at (415) 514-4100.

Please tell us what you think of our website