Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
Created: 08 Sep 2009 Updated: 08 Mar 2012 | 54 comments
Vikram Kumar-SAV to SEP
Share
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Language Translations
+60
SYM ANTEC EM PLOYEE ACCREDITED
Like
Share
60 Votes
Tweet
Here are a few registry tweaks and information about Symantec Endpoint Protection.
1. To check the Version of currently installed SEP client
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
ProductVersion
Value will be something like 11.0.4014.26
2. Client is communicating with SEPM or is OFFLINE
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
PolicyMode 1 means communicating 0- means offline.
3. Which Group the client is pointing to
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Preferredgroup
4. Policy Serial Number on Client
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
SerialNumber
Value will be something like 2DD9-09/09/2009 00:05:14 125
5. To know the Hardware ID for the Client
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
HardwareID
6. What is the version of Virus Defintion the client is currently using .
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
DEFWATCH_10
The value will be some like C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090907.050
7. To know what IPS Signature SEP is using
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-cndcipsdefs
cndcIps
The value will be like: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\CNDCIP~1\20090826.002
8. To check if Network Threat Protection is installed and is Turned ON.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
1 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
smc_engine_status 0 means turned OFF 1- turned ON.
9. Exclusion Centralized Exceptions
32 bit
i. Security Risk Exceptions
User Defined Exceptions
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions
\ClientRiskExceptions
Lock 0- means the client can create Centralized Exceptions for Known Security Risks 1 means this optioned is
locked by the administrator in SEPM.
And Under the ClientRiskExceptions\1234567890 (normally a 10 digit numerical folder ) you will find the Known
Security Risk exceptions created by the users.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions
\AdminRiskExceptions
Under the AdminRiskExceptions\1234567890 (normally a 10 digit numerical folder ) you will find the Known
Security Risk exceptions created by the Admin from SEPM.
ii. Proactive Threat Protection Exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\HeuristicScanning
\FileHash
\Client\ 0728bd2bb1774b9728f60d33bc1f95172374e950(The long hexadecimal numbers point to the filehash for
the excluded file ) For the exclusions created by the user
\Admin\ 0728bd2bb1774b9728f60d33bc1f95172374e950 - (The long hexadecimal numbers point to the filehash
for the excluded file ) - For exclusions made by Admin from SEPM.
Same with Directory , Files and Folder Exclusions
iii. Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines
\Directory
\Admin and \Client
iv. Files
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines
\FileName
\Admin and \Client
v.Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines
\Extensions\
\Admin and \Client
vi. Symantec also excludes it own Embedded Database from Scanning
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Symantec
2 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Embedded Database\FileExceptions
Out.log, Sem5.log and Sem5.db are excluded.
vii. To Verify Exchange Server exclusions on 32 Bit System
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Exchange Server
\FileExceptions and \NoScanDir
On 64 Bit system
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions
\FileExceptions and \NoScanDir
10. Now say you have remote laptops you exported a Default client install package and sent them.
Now you want to change them to Unmanaged.
You replaced sylink.xml for Unmanaged SEP Cd1\SEP\Sylink.xml
Still clients are not able to do the liveupdate and the default admin defined Scan runs.
Here is the default Admin Defined Scanand if you have created few more scans for this users it will also be listed in
the same location but with a different name.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans
\5df13630-79f7-4c70-002b-16b8952f5533 ( name can be any hexadecimal name )
So you can delete this and then you can create your own scan.
Liveupdate button is greyed out even after replacing sylink.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate
AllowManualLiveUpdate 0- means liveupdate button will be greyed out. 1-means it will be available to click.
In the same place you can enable product updates by changing the value of
EnableProductUpdates to 1
For Scheduling and Enabling automatic liveupdates.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate\Schedule
Change the value of
Enabled to 1 for Automatic updates.
11. Handling Quarantine
Sometimes due to infection the size of the quarantine folder grows huge.
It is not accessible via the GUI.So to know where and to change settings for Quarantine for the client
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Quarantine
Important keys
QuarantinePurgeBySizeEnabled set it to 1 To enable Sizing of quarantine folder then
QuarantinePurgeBySizeDirLimit Default value is 50 ( Megabytes) either leave it at 50 or reduce it as much you
want.
You can also lower the age of purging Quarantine items from default 30 days to any number of days you want
3 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
QuarantinePurgeAgeLimit 30 days by default.
12. How to disable Application and Device Control via registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant
Change the Value of Start to 4 . 1 means enabled.
13. Check this discussion on Creating Scan via registry
https://www-secure.symantec.com/connect/forums/way-create-scan-registry (https://www-secure.symantec.com
/connect/forums/way-create-scan-registry)
14. For Logging options via registry
How to debug the Symantec Endpoint Protection 11.x client
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090611252048 (http://service1.symantec.com
/SUPPORT/ent-security.nsf/docid/2007090611252048)
15. GUP information via registry
Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040113243148 (http://service1.symantec.com
/SUPPORT/ent-security.nsf/docid/2008040113243148)
16. Enable debugging of Auto Location switching (ALS) and this Reg key
HKLM\SOFTWARE\S ymantec\Symantec Endpoint Protection\SMC\Trident\AutoLocationDump
Article Filed Under:
Security, Endpoint Protection (AntiVirus) - 11.x, Endpoint Protection (AntiVirus), Agents, Basics, Tip/How to
Login or register to post comments
4 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
Comments
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
54 Comments Jump to latest comment
09 Sep 2009 : Link
jeffwichman
Great article.... lots of useful information.
thanks
Actions
+1
09 Sep 2009 : Link
Sandeep Cheema
Good auditing info.
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting...
"Hey! I found a virus! Look at me! I'm soooo goooood!"
Actions
+1
09 Sep 2009 : Link
Satyam Pujari
It's really a good article to assist sym customer to understand the product's internal working better.All regs
in one place...nice effort !
Inviting good karma to CPU...beep
Actions
Symantec World
PARTNER
+1
09 Sep 2009 : Link
Good and Knowledgeable.
Regards, M.R
Actions
shp
+3
10 Sep 2009 : Link
Thanks yaar...
I was looking for this.. You got my vote.....
Thanks once again....
Regards,
Srinivas H.P.
HCL Infosystems Ltd
5 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Actions
+2
10 Sep 2009 : Link
Maximilian
Very good!
I could use some more of this good stuff :)
Thanks!!!
Actions
AravindKM
TRUSTED ADVISOR
10 Sep 2009 : Link
Useful article. Thank you
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Actions
Symantec World
PARTNER
+1
11 Sep 2009 : Link
All have to vote this article....
Regards, M.R
Actions
Int3rn3t
+1
17 Sep 2009 : Link
very useful article.
Actions
[email protected]
18 Sep 2009 : Link
Nice article dude..
Best of Luck
Actions
Aniket Amdekar
6 de 17
22 Sep 2009 : Link
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Here is one mroe:
To enable/disable Scan Process Dialogue for Custom Scans:
HKLM\Software\Symantec\Symantec Endpoint Protection\AV\LocalScans\Default CustomScan Option
On the right pane check for the DWORD "DisplayStatusDialog" the value must be 1, if not change it to 1.
The same is applicable to most of scans present at the location:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans
Best,
Aniket
Actions
+4
23 Sep 2009 : Link
mssym
Vikram Kumar-SAV to SEP
It seems to me that you cover the keys based on computer mode observation. If it is User mode or fix
mode. The following two keys are
2. Client is communicating with SEPM or is OFFLINE
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
PolicyMode 1 means communicating 0- means offline.
PolicyMode 1 -- means "Computer Mode", 0 -- means User mode.
3. Which Group the client is pointing to
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Preferredgroup
In a User Mode configuration, This is defautl group, but not necessarily the group client point to, in User
Mode, the SerialNumber key in the same registry locaiton is the group that client point to.
Actions
Vikram Kumar-SAV to SEP
SYM ANTEC EM PLOYEE ACCREDITED
+6
24 Sep 2009 : Link
File System Auto-Protect
HKEY_LOCAL_MACHINESOFTWARESymantecSymantec
EndpointProtectionAVStoragesFilesystemRealTimeScan
OnOff : 1- means enabled 0 - means disabled
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Actions
7 de 17
+8
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
11 Nov 2010 : Link
Jamit
I have found this setting is not always true. I had a case today where the SEPM Logs and Client
console flagged File System Auto-Protect was not running. I checked
HKEY_LOCAL_MACHINESOFTWARESymantecSymantec
EndpointProtectionAVStoragesFilesystemRealTimeScan OnOff on the workstation and it was set to 1
(enabled) however File System Auto-Protecwas not.
To resolve I had to repair the client. If someone can advise why I saw the above behaviour it would be
appreciated?
Thanks
Jamit
Actions
05 Oct 2009 : Link
manish-SecPol
this helped me.nice article.
Actions
Ghent
17 Oct 2009 : Link
SYM ANTEC EM PLOYEE ACCREDITED
Hi, in RU5 the HardwareID was moved out of the registry and onto the disk. It's now located at
%ProgramFiles%\Common Files\Symantec Shared\HWID\sephwid.xml
+2
Actions
22 Oct 2009 : Link
justin-new2SEP
Very useful article..i was looking for these info.
Actions
Kedar Mohile
SYM ANTEC EM PLOYEE
03 Nov 2009 : Link
Nice article
Kedar Mohile http://kedarmohile.blogspot.com
(http://kedarmohile.blogspot.com)
Actions
wosteen
8 de 17
+1
12 Nov 2009 : Link
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
It looks like this one is (at least partially) incorrect:
6. What is the version of Virus Defintion the client is currently using .
On my machine, running Windows 7 64-bit and SEP 11.0.5002.333, there is no registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
The only other machine I have quick access to had SAVCE 10.1.6.6000 on it before I upgraded it, and the
SharedDefs key *is* there.
Any idea where I could find the information?
Thanks,
Wayne
Actions
Vikram Kumar-SAV to SEP
SYM ANTEC EM PLOYEE ACCREDITED
17 Nov 2009 : Link
I have just tested that on WIn XP 32 bit reg keys for 32 and 64 are little bit different.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Actions
+3
19 Nov 2009 : Link
Maximilian
Great stuff!
Anyone know if these still apply after MR5 release?
Actions
Vikram Kumar-SAV to SEP
SYM ANTEC EM PLOYEE ACCREDITED
01 Dec 2009 : Link
All of this applies to MR5.
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Actions
Maximilian
9 de 17
+4
02 Dec 2009 : Link
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Great!
Any new reg keys for MR5?
Actions
02 Dec 2009 : Link
Frank019
very nice article, thank you for making this one
Actions
15 Dec 2009 : Link
GWA
Excellent article.
Actions
02 Mar 2010 : Link
jayancharles
HI vikram Great ya i know ur in other field but u doing well....I think u get from google any nice..............
by
Jayan charles
Actions
Vikram Kumar-SAV to SEP
+1
02 Mar 2010 : Link
SYM ANTEC EM PLOYEE ACCREDITED
I am either in football field or SEP field..no other field..
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Actions
+1
16 Mar 2010 : Link
Wally
Great article - especially the EnableProductUpdates tweak - will save me a lot of time!!!
Actions
10 de 17
+1
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
24 Mar 2010 : Link
JRV
If you can't think of any other reasons not to let your users run as admins (and most of us can think of
many!), the fact that SEP stores its config in the registry for all to see is a great one.
If you run as an admin, it is trivial for malware or malicious users to disable SEP.
Actions
BrooksGarrett
09 Apr 2010 : Link
Application and Device Control. Done.
IE: Do not allow any process to modify SEP Registry Keys.
Actions
John Cooperfield
16 Jul 2010 : Link
Very good article.
Actions
postechgeek
16 Jul 2010 : Link
Nice, thanks.
Actions
VSK
22 Aug 2010 : Link
this applies for ru6mp1 too!!!
-VSK
Actions
SymSEP
11 Sep 2010 : Link
One for informative articles of urs that i have book marked
Actions
11 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
Ian_C.
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
13 Feb 2011 : Link
PARTNER
Please can we add this list of Registry keys to the list.
http://www.symantec.com/business/support/index?page=content&id=TECH106042&locale=en_US
(http://www.symantec.com/business/support/index?page=content&id=TECH106042&locale=en_US)
These keys are about caching client content
Caching install files
location of cached files
number of revisions to keep
Please mark the post that best solves your problem as the answer to this thread.
Actions
Ian_C.
+2
17 Feb 2011 : Link
PARTNER
Do the clients know that they are to use a GUP?
You can verify by looking in the registry.
[HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate]
UseMasterClient = 1 This says the client knows to use a GUP
MasterClientHost = "host name of the GUP"
Thanks to blenahan from https://www-secure.symantec.com/connect/forums/propagation-clients-servercapability-sep-wan#comment-5189451 (https://www-secure.symantec.com/connect/forums/propagationclients-server-capability-sep-wan#comment-5189451)
and officially from "Symantec Endpoint Protection 11.0 Group Update Provider (GUP)"
http://www.symantec.com/docs/TECH102541 (http://www.symantec.com/docs/TECH102541) right at the
bottom.
Please mark the post that best solves your problem as the answer to this thread.
Actions
yang_zhang
SYM ANTEC EM PLOYEE ACCREDITED
+2
25 May 2011 : Link
So greate! I will bookmark this!
If a forum post solves your problem, please flag it as a solution. If you like an article, blog post
Actions
12 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Moab.baom
04 Nov 2011 : Link
Great article,
But I'm not just interesting to know the client virus definitions (HKLM\SOFTWARE\Symantec\SharedDefs
\DefWatch\VirusDefs) ,
but the windows definitions on the SEPM console home page:
Latest from symantec
Latest On Manager
Because I want first to monitor this information . I found a very good nagios pluggin, but it displays the
Virus definition of the client installed on the server. The server can be the client of another SEPM, up to
date, and my local server out of date, and I will not know this with this information.
https://www.monitoringexchange.org/inventory/Check-Plugins/Operating-Systems/WindowsNRPE/check_symantec_av (https://www.monitoringexchange.org/inventory/Check-Plugins/OperatingSystems/Windows-NRPE/check_symantec_av)
Me I need to know the entry in registry of the windows definitions displayed on the SEPM console.
Best regards
Actions
Wally
23 Nov 2011 : Link
Vikram - do you know if there is a registry entry on the SEP 11 RU6 or RU7 client for "Disable the
Windows Firewall"?
Actions
LGL
07 Dec 2011 : Link
Is there any update from anyone according to the latest release SEP12.1 RU1 and registry entries, maybe
there is some new useful registry entries to know in that version?
Actions
consoleadmin
13 Dec 2011 : Link
Gr8
Thanks.
Actions
Srikanth_Subra
13 de 17
21 Jan 2012 : Link
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Nice article
Thanks & Regards,
Srikanth.S
"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)
Actions
+1
28 Feb 2012 : Link
HSS
Hi,
I would like to know the the reg key to chagne the Start up Type (from Auto to Manual) of 'Symantec
Endpoint protection'.
Any urgent reply will be appreciated.
Thanks,
Actions
Ian_C.
15 Mar 2012 : Link
PARTNER
What you are trying to do is not advisable. However, if you want to experiment with this, have a look
at this key:
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\SmcService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec AntiVirus
The Auto value determines the start up type.
Please mark the post that best solves your problem as the answer to this thread.
Actions
29 Feb 2012 : Link
NRaj
Good one. Thanks.
Actions
Ian_C.
PARTNER
07 Mar 2012 : Link
Dear Vikram.
Please add the Reg key discussed in https://www-secure.symantec.com/connect/forums/locationawareness-and-vpn-switching#comment-6811491 (https://www-secure.symantec.com/connect/forums
14 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
/location-awareness-and-vpn-switching#comment-6811491) to your article.
They talk about debugging of Auto Location switching (ALS) and this Reg key
KLM\SOFTWARE\S ymantec\Symantec Endpoint Protection\SMC\Trident\AutoLocationD
Thank you in advance.
Please mark the post that best solves your problem as the answer to this thread.
Actions
10 Mar 2012 : Link
SG Raj
Best article ever
Actions
27 Apr 2012 : Link
A Lara
I can find the registry key that gives Antivirus and Antispyware definition date, and the Network Threat
Protection definition date, but I cannot find the registry key that gives the definition date for Proactive
Threat Protection.
Where is this registry key?
Actions
Ian_C.
PARTNER
+1
14 Jun 2012 : Link
Thanks to Mithun for posting in this article (https://www-secure.symantec.com/connect/forums/registrykey-or-log-file-last-full-scan#comment-7270141) how to decode the time stamps for the values of
date and time of last full scan
date and time of last infection
How to decode the TimeOfLastVirus and TimeOfLastScan registry values: KB 99873
(http://www.symantec.com/docs/TECH99873)
Please mark the post that best solves your problem as the answer to this thread.
Actions
tygrus
11 Sep 2012 : Link
Is there a way to use the SyLink.xml from the SEPM to :
15 de 17
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
A) confirm license / serial number; AND
B) use for LiveUpdate's;
.. BUT NOT .. C) managed setting.
I want local control over when it scans, how it scans, when it updates, exceptions etc. I do not have acces
to the SEPM, I do not have access to the full SEP CD's, I do have access to local workstation (OS
Admin). A + B but NOT C.
Windows XP / 7, 32 and some Win7 64.
Actions
rojopipe
PARTNER ACCREDITED
31 Jul 2013 : Link
Hi,
Anyone have an update of this post for SEP 12.1 RU3, the idea is to protect the registry keys necessary
using ADC.
Thank you.
Actions
Bran
TRUSTED ADVISOR CERTIFIED
31 Jul 2013 : Link
Yes, this is one of the default rules you can apply.
http://www.symantec.com/docs/TECH104431 (http://www.symantec.com/docs/TECH104431)
Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins
looking for a solution to the same problem.
Actions
rojopipe
PARTNER ACCREDITED
31 Jul 2013 : Link
Thanks Brian81
I seek to identify registry keys SEP that can protect through policies of ADC in case someone malicious
attempts to erase. Greater protection to tamper protection
Actions
_Damian
16 de 17
23 Apr 2014 : Link
17/06/2015 09:32
�Symantec Endpoint Protection Few Registry Tweaks.. | Symantec Co...
http://www.symantec.com/connect/articles/symantec-endpoint-protecti...
Hi all,
If I change the ADC value on the registry, will this enable the devices that were being blocked by the
policy?
Thanks
Actions
Would you like to reply?
Login or Register to post your comment.
17 de 17
17/06/2015 09:32
