it.ucsf.edu

SEP for Mac: FAQ

Cyndi Galvan's picture

Updating Security Definitions (AV and IPS)

UCSF SEP for Mac clients receive updates to security definitions via LiveUpdate every 8 hours.  Typically Symantec updates the SEP for Mac security definitions on a nightly basis.

Manually updating clients off-line (not connected to the Internet)

If you are infected with a new virus that is not being detected properly and have taken your computer off-line (not connected to the Internet) to prevent propagating the virus on your network, you can still update your virus definitions manually.

Note: You will need another computer that is connected to the Internet and a removable media device such as a thumbdrive or cd-r.

To manually update your definitions off-line:

  1. Go to a different machine that is free of viruses and connected to the Internet
  2. Using the clean machine, go to Symantec's Download Virus Definitions page
  3. Under 'Virus Definitions & Security Updates', click on 'Select Product' and choose "Symantec Endpoint Protection for Macintosh"
  4. Under the 'File-Based Protection' section, click on "Definitions" next to 'Download'
  5. Clicking "Definitions" will display the window below for Intel or PowerPC. The file can be copied onto your removable media
  • For Intel-based Macs, choose the default tab in the screen shot below
  1. Take your removable media and load it onto the computer you wish to update
  2. On the computer you wish to update, double-click on the file you downloaded
  3. You will be prompted to update your virus definitions.  Click the 'Yes' button.
  4. You will be notified after the update is complete.  Click the 'Ok' button to complete the process.

 

Upgrading to the latest version

What is the latest version for SEP for Mac?

The latest version that has been verified for the UCSF environment can always be found at:
https://software.ucsf.edu/content/endpoint-protection

Note: Older versions of OS X may require an older version of SEP as well.

 

 

How do I upgrade to the latest version of SEP?

Just download and install the latest version by following the SEP for Mac: Install Guide

 

 

 

How do I find out what version of SEP is installed?

 

  • Launch the Symantec Endpoint Protection applications
  • ( Applications > Symantec Solutions > Symantec Endpoint Protection.app )
  • Click on the 'Symantec Endpoint Protection' menu (in the upper right corner of your screen)
  • Click on 'About Symantec Endpoint Protection'

Uninstalling

How do I uninstall SEP for MAC?

For SEP 14 and later clients please see https://support.symantec.com/en_US/article.HOWTO81114.html for the uninstall procedure.

 

For SEP 12 clients

  1. Open the Finder, select the "Go" pull down menu and select "Go to Folder".
  2. Type in /Library into the text box.  Navigate to "Application Support", "Symantec", folders.
  3. Double-click the file, 'Symantec Endpoint Protection Uninstaller'
  4. Select the checkbox to delete Symantec Endpoint Protection and click the "Uninstall" button, confirm the uninstall when prompted.

Note: If the 'SEP for Mac Uninstaller' does not properly remove the application, Symantec provides an unsupported utlity that will remove all Symantec files/folders.  Advanced users can find the tool by visiting Symantec KB Article TECH 103489. It is highly recommended that you backup your system and use with extreme caution.

How do I remove infected files from my TimeMachine Backup?

If you receive a message similar to 'repair failed' when the weekly scans occur, how do I stop them from appearing?  This can happen because the infected file was backed up by TimeMachine and cannot be deleted by SEP.  The screen shots below could be similar to what you are experiencing.  Apple reference document describing the manual file removal process can be found here. https://support.apple.com/kb/PH11241?viewlocale=en_US&locale=en_US

Perform the following steps to remove folders or files from the Mac Time Machine backup.

  1. Hit the Time Machine Icon to enter the starfield view.
  2. Select the folder or file you are interested in removing and then click the gear icon and select "Delete All Backups of "Folder or File".
  3. Run another scan and the virus should now be removed.

 

Other Frequently Asked Questions

Who can use SEP and how much does it cost?

SEP is provided free to the UCSF community and can be used on computers of Faculty, Staff, Student or Affiliate companies working on UCSF business; both University-owned and home (personal) systems.

Can our department use the UCSF license to manage our own clients, including policies, settings, and reporting?

The UCSF SEP service is managed centrally by ITS and licenses are only distributed through this service offering.

ITS does offer SEP group administration through its SEP server cluster to allow groups/departments to manage their own set of clients allowing your department to:

  • centrally manage your clients
  • set policies specific to your group
  • create automated reports
  • without the need to run individual servers

To request SEP group administration, please submit a ticket to the help desk with the contact information for the IT Manager and the MSO or Director of your group/department.

What if my computer is unable to reach the UCSF SEP server; will it still get updates?

All SEP for Mac clients receive updates directly from the Symantec Corporate LiveUpdate server.

What ports do we need to allow in our hardware firewalls so  SEP clients can get updates automatically and correctly communicate with the management servers?

The UCSF SEP client uses standard http and https ports to communicate with the central SEP servers.  If you restrict Port 80 or Port 443 on your network, please contact the ITS Customer Service Desk to receive a list of SEP servers to put in your firewall rules.

I'm already running an anti-virus and host-based firewall program. Can I install SEP for additional protection?

Running multiple anti-virus and firewall programs will degrade your system's performance and may cause a number of issues.  We highly recommend removing other anti-virus, anti-spyware, and anti-malware before installing SEP for Mac.

 

Does SEP for Mac have a firewall component?

No.  Although SEP for Mac contains network intrusion prevention technology (IPS), IT Security still highly recommends using the built-in MacOS X firewall for added security. 

To enable the built-in Firewall on MacOS 10.10+, go the Apple Menu -> Preferences -> Security&Privacy -> Firewall.  If it shows "Firewall: Off", click on the 'Start' button to activate the Firewall.  For the first couple of days, you will receive prompts asking which applications should be allowed to communicate on the network.  This may also happen anytime you update or install new applications.

I have a PowerPC Mac and Symantec says SEP should support it.  But the software download page say Intel only, where do I get the installer?

SEP for Mac does not support PowerPC Macs.   Apple has not released a PowerPC based computer since 2006 and the past two major revisions of the OS no longer supports the platform.

A full matrix of OSX to SEP version compatibility can be found in the Symantec KB Article TECH131045


If you are running a business critical application that requires the use of a PowerPC Mac running MacOS 10.4, please open a request ticket through the Customer Support Help Desk with a business justification and IT Security will provide you options to move forward.

 

Does SEP for Mac work on MacOS X Server?

Although Symantec does not officially support OS X Server, there are only minor differences between the desktop version of OS X and OS X Server; SEP for Mac will function and scan for threats as expected.

Additional guidelines on best practices for using SEP for OS X Server can be found at Symantec KB Article TECH132046

 

How do I exclude a specific folder or file from being scanned?

Open Symantec Endpoint Protection from either the icon located next to the clock or by going through finder, applications, Symantec solutions.  Click the settings button "click scan zone settings" which will require the system password.

Enter the path for the folder or files under the Don't scan section.

 

How do I remove quarantined files from SEP for Mac?

Launch Symantec Endpoint Protection by selecting the shield icon, choosing "Symantec Endpoint Protection" and then choose "Open Symantec Endpoint Protection".  The program can also be accessed from the finder by going to Applications, Symantec Solutions, Symantec Endpoint Protection application and double clicking.

 

Once the program is fully launched selecting the "Tools" pull down menu and then selecting "Quarantine" will bring up the window displaying all quarantined files.  This is where files can be repaired, deleted, or restored if they are known to be safe files improperly flagged as malware.  

Where do I find more information on SEP for Mac?

Please visit Symantec KB Article TECH134203 for more advanced information.