• Describe how the Endpoint Protection Manager (SEPM) communicates with clients and make appropriate changes as necessary.
• Design and create Endpoint Protection group structures to meet the needs of your organization.
• Respond to threats using SEPM monitoring and reporting.
• Analyze the content delivery system (LiveUpdate).
• Configure Group Update Providers.
• Create location aware updates.
• Secure endpoints against network and file-based threats
• Enforce an adaptive security posture

• Creating Administrator Accounts
• Managing Administrator Accounts
• Configuring Directory Server Authentication for an Administrator Account

• Analyzing Client-to-SEPM Communication
• Restoring Communication Between Clients and SEPM
• Verifying Clients are Online with the SEPM

• Describing the Interaction Between Sites, Domains, and Groups
• Managing Groups, Locations, and Shared Policies
• Importing Active Directory Organizational Units (OUs)
• Controlling Access to Client User Interface Settings

• Introducing the Clients View
• Monitoring SEP Clients Using the Clients View
• Responding to Incidents Using the Clients View

• Monitoring Critical Log Data Using the Summary page
• Identifying New Incidents Using the Logs Page
• Monitoring Actions Sent to Clients Using the Command Status View
• Configuring Notifications

• Monitoring Critical Data Using the Reports Page
• Identifying New Incidents Using Quick Reports and Filters
• Configuring Scheduled Reports

• Describing the LiveUpdate Ecosystem
• Configuring LiveUpdate
• Troubleshooting LiveUpdate
• Examining the Need for an Internal LiveUpdate Administrator Server
• Configuring an Internal LiveUpdate Administrator Server

• Describing Content Updates
• Configuring LiveUpdate on the SEPM
• Monitoring a LiveUpdate Session
• Managing Content on the SEPM
• Monitoring Content Distribution for Clients

• Introducing Group Update Providers
• Adding Group Update Providers
• Adding Multiple Group Update Providers and Configuring Explicit Group Update Providers
• Identifying and Monitoring Group Update Providers

• Downloading Certified SEPM Definitions from Symantec Security Response
• Downloading Certified Windows Client Definitions from Symantec Security Response
• Downloading Rapid Release Definitions from Symantec Security Response
• Downloading Certified and Rapid Release Definitions from Symantec Security Response for Mac and Linux Clients
• Locating Statically Named Definitions

• Preventing Network Attacks
• Examining Firewall Policy Elements
• Creating Custom Firewall Rules
• Enforcing a Corporate Security Policy with Firewall Rules
• Configuring Advanced Firewall Features

• Introducing Intrusion Prevention Technologies
• Configuring the Intrusion Prevention Policy
• Managing Custom Signatures
• Monitoring Intrusion Prevention Events

• Memory Exploit Mitigation
• Configuring the Memory Exploit Mitigation Policy
• Preventing Defense Evasion

• Virus and Spyware Protection
• File Reputation
• Insight Lookup
• Emulator and Machine Learning Engine
• Download Insight
• Auto-Protect Scans
• SONAR
• Administrator-defined Scans

• Platform and Virus and Spyware Protection Policy Overview
• Tailoring scans to meet an environment’s needs
• Ensuring real-time protection for clients
• Detecting and remediating risks in downloaded files
• Identifying zero-day and unknown threats
• Preventing email from downloading malware
• Configuring advanced options
• Monitoring virus and spyware activity

• Introducing Device Control
• Windows Device Control Concepts
• Mac Device Control Concepts
• Configuring Device Control
• Monitoring Device Control Events

• Describing System Lockdown
• Creating and Managing the File Fingerprint List
• System Lockdown use cases

• Creating Locations
• Adding Policies to Locations
• Monitoring Location Awareness

• Describing Security Exceptions
• Describing Automatic Exclusions
• Managing Exceptions
• Monitoring Security Exceptions

Supplemental Modules – Supplemental modules are not taught as part of the four-day course. The material is provided in the Appendices section of the Student Guide for students interested in the content.

• Navigating the Linux Client
• Configuring Virus and Spyware Settings for Linux Clients
• Monitoring Linux Clients
• SEP for Linux Logs

• Touring SEP for Mac Client
• Securing Mac Clients
• Monitoring Mac Clients
• SEP Logs on Mac Clients

• Introducing Host Integrity
• Host Integrity Concepts
• Configuring Host Integrity
• Troubleshooting Host Integrity
• Monitoring Host Integrity

• Application Control Overview
• Application Control Concepts
• Configuring Application Control
• Monitor Application Control Events

This course assumes that students have a basic understanding of advanced computer terminology, including TCP/IP networking and Internet terms, and an administrator-level knowledge of Microsoft Windows operating systems.