Symantec™ Protection Engine

8.1 Management Pack

Integration Guide
Symantec™ Protection Engine 8.1 Management Pack
Integration Guide
Documentation version:

PN:

Legal Notice
Copyright © 2019 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attribution
to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open
source or free software licenses. The License Agreement accompanying the Software does not alter any
rights or obligations you may have under those open source or free software licenses. Please see the
Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec
product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution,
and decompilation/reverse engineering. No part of this document may be reproduced in any form by any
means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO
CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined
in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer
Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and
Commercial Computer Software Documentation," as applicable, and any successor regulations, whether
delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government
shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

https://www.symantec.com

Printed in the United States of America.

10 9 8 7 6 5 4 3 2 1
Symantec Support
All support services will be delivered in accordance with your support agreement and the
then-current Enterprise Technical Support policy.

Knowledge Base Articles and Symantec Connect

Before you contact Technical Support, you can find free content in our online Knowledge Base,
which includes troubleshooting articles, how-to articles, alerts, and product manuals. In the
search box of the following URL, type the name of your product:
https://support.symantec.com
Access our blogs and online forums to engage with other customers, partners, and Symantec
employees on a wide range of topics at the following URL:
https://www.symantec.com/connect

Technical Support and Enterprise Customer Support

Symantec Support maintains support centers globally 24 hours a day, 7 days a week. Technical
Support’s primary role is to respond to specific queries about product features and functionality.
Enterprise Customer Support assists with non-technical questions, such as license activation,
software version upgrades, product access, and renewals.
For Symantec Support terms, conditions, policies, and other support information, see:
https://entced.symantec.com/default/ent/supportref
To contact Symantec Support, see:
https://support.symantec.com/en_US/contact-support.html
Symantec™ Protection
Engine Management Pack
Integration Guide
This document includes the following topics:

■ About the Symantec Protection Engine Management Pack

■ Software Components

■ Importing the Management Pack

■ Viewing the Symantec Protection Engine Rule

■ Disabling default Rules

About the Symantec Protection Engine Management

Pack
With the Symantec™ Protection Engine Management Pack, you can integrate Symantec
Protection Engine events with System Center Operations Manager (SCOM). Preconfigured
rules are automatically created when you import the management pack. These rules monitor
specific Symantec Protection Engine events in the Windows Event Log.
When a rule is triggered, the Operations Manager Agent collects data about the event and
forwards it to the System Center Operations Manager. System Center Operations Manager
provides you with a central repository that lets you monitor critical events, errors, warnings,
and information occurring on your Symantec Protection Engine servers.
 Symantec™ Protection Engine Management Pack Integration Guide 6
Software Components

For more information about System Center Operations Manager, see the System Center
Operations Manager 2007/2012 SP1 and R2 or System Center Operations Manager 2016
documentation.
For more information about Symantec Protection Engine, see the Symantec Protection Engine
Implementation Guide.

Software Components
The following components must be installed and running on the computer, before you import
the Symantec Protection Engine Management Pack:
■ Any one of the below System Center Operations Manager along with its prerequisites.
■ System Center Operations Manager 2007 SP1 or R2
■ System Center Operations Manager 2012 SP1 or R2
■ System Center Operations manager 2016

■ System Center Operations Manager Agent is installed on a computer where Symantec

Protection Engine generates events in Event Viewer
■ Both System Center Operations Manager and Agent can communicate with each other

Importing the Management Pack

The Symantec Protection Engine Management Pack must be imported on to the computer
that hosts the System Center Operations Manager.
The Operations Manager Agent must be deployed on the servers on which Symantec Protection
Engine is installed. This agent collects events and performance data and forwards the
information to System Center Operations Manager.
For information about deploying the Operations Manager Agent, see the System Center
Operations Manager 2007 SP1 and R2 or System Center Operations Manager 2012 SP1 and
R2 documentation.
To import the management pack
1 On System Center Operations Manager console, in the left pane, click Administration.
2 Under Administration, right-click Management Packs, and then click Import
Management Packs.
3 In the Import Management Packs panel, click Add, and then click Add from disk.
4 In the Select Management Packs to Import panel, click Browse.
 Symantec™ Protection Engine Management Pack Integration Guide 7
Viewing the Symantec Protection Engine Rule

5 Select SSE Management Pack file, and then click Open.

6 In the Import Management Packs panel, click Install.

Viewing the Symantec Protection Engine Rule

You can view the default Symantec Protection Engine rules in the System Center Operations
Manager console.
Each rule contains a knowledge base that provides the following information:
■ Brief description of the rule
■ The event that triggered the rule cause
■ Proposed resolutions to the event issue
To view the Symantec Protection Engine Rule
1 On System Center Operations Manager console, in the left pane, click Authoring.
2 Under Authoring, click Management pack objects.
3 To view the available rules, click Rules.
To view the knowledge base of a Rule
1 On System Center Operations Manager console, in the left pane, click Authoring.
2 Under Authoring, click Management pack objects.
3 Click Rules, and then double-click to open a rule.
4 In the Event Rule Properties dialog box, click the Knowledge Base tab.

Disabling default Rules

The Symantec Protection Engine rules are all enabled by default. You can disable the rules
that you do not want to apply.
To disable default rules
1 In the System Center Operations Manager Console, in the left pane, click Authoring.
2 Click Management Pack Objects and then click Rules.
3 Click the rule that you want to disable.
4 In the right pane, click Disable.
 Index

A rule
administrator console 6 category 7
adware risk 5 type 7
agent 5 rule category 7
rule type 7
rules
C disabling 7
child rule groups 5

S
D software components 6
disabling SQL Agent 6
default rules 7 SQL Server 6
disabling default Rules 7 SSE management pack.akm 6
Symantec Protection Engine
E events 5
event 5 management pack 5
event rule Rule 7
properties 7 Symantec Protection Engine events 5
event rule properties 7 Symantec Protection Engine management pack 5
Symantec Protection Engine rule
I viewing 7
System Center Operations Manager
import status 6
Operations Manager 2007 Agent 5
import type 6
System Center Operations Manager (SCOM) 5
importing
System Center Operations Manager 2007 Agent 6
management pack 6
System Center Operations Manager 2007 SP1 or R2 6
System Center Operations Manager SP1 and R2
K administrator console 6
knowledge base 7
view 7
V
viewing
M Symantec Protection Engine event rule 7
management pack 5
import/export 6
W
importing 6
Windows Event Log 5
management pack.akm 6
Microsoft Operations Manager agent 5–6

R
repository 5