Arrow Electronics, Inc.

Symantec Endpoint Protection 14.x Administration R1

CODE: SYM_000229

LENGTH: 40 Hours (5 days)

PRICE: £3,375.00


The Symantec Endpoint Protection 14.x Administration
R1 course is designed for the network, IT security, and
systems administration professional in a Security
Operations position tasked with the day-to-day operation
of the SEPM on-premise management console and with
configuring optimum security settings for endpoints
protected by Endpoint Protection.


By the completion of this course, you will be able to:

  • Describe how the Endpoint Protection Manager
  • (SEPM) communicates with clients and make
  • appropriate changes as necessary.
  • Design and create Endpoint Protection group
  • structures to meet the needs of your organization.
  • Respond to threats using SEPM monitoring and
  • reporting.
  • Analyze the content delivery system (LiveUpdate).
  • Configure Group Update Providers.
  • Create location aware updates.
  • Secure endpoints against network and file-based
  • threats
  • Control endpoint integrity and compliance
  • Enforce an adaptive security posture


This course assumes that students have a basic
understanding of advanced computer terminology,
including TCP/IP networking and Internet terms, and an
administrator-level knowledge of Microsoft Windows
operating systems.


Module 1: Managing Console Access and Delegating Authority

  • Creating Administrator Accounts
  • Managing Administrator Accounts
  • Configuring Directory Server Authentication for an Administrator Account

Module 2: Managing Client-to-Server Communication

  • Analyzing Client-to-SEPM Communication
  • Restoring Communication Between Clients and SEPM
  • Verifying Clients are Online with the SEPM

Module 3: Managing Client Architecture and Active Directory Integration

  • Describing the Interaction Between Sites, Domains, and Groups
  • Managing Groups, Locations, and Shared Policies
  • Importing Active Directory Organizational Units (OUs)
  • Controlling Access to Client User Interface Settings

Module 4: Managing Clients and Responding to Threats

  • Introducing the Clients View
  • Monitoring SEP Clients Using the Clients View
  • Responding to Incidents Using the Clients View

Module 5: Monitoring the Environment and Responding to Threats

  • Monitoring Critical Log Data Using the Summary page
  • Identifying New Incidents Using the Logs Page
  • Monitoring Actions Sent to Clients Using the Command Status View
  • Configuring Notifications

Module 6: Creating Incident and Health Status Reports

  • Monitoring Critical Data Using the Reports Page
  • Identifying New Incidents Using Quick Reports and Filters
  • Configuring Scheduled Reports

Module 7: Introducing Content Updates Using LiveUpdate

  • Describing the LiveUpdate Ecosystem
  • Configuring LiveUpdate
  • Troubleshooting LiveUpdate
  • Examining the Need for an Internal LiveUpdate Administrator Server
  • Configuring an Internal LiveUpdate Administrator Server

Module 8: Analyzing the SEPM Content Delivery System

  • Describing Content Updates
  • Configuring LiveUpdate on the SEPM
  • Monitoring a LiveUpdate Session
  • Managing Content on the SEPM
  • Monitoring Content Distribution for Clients

Module 9: Managing Group Update Providers

  • Introducing Group Update Providers
  • Adding Group Update Providers
  • Adding Multiple Group Update Providers and Configuring Explicit Group Update Providers
  • Identifying and Monitoring Group Update Providers

Module 10: Manually Downloading Certified and Rapid Release Definitions

  • Downloading Certified SEPM Definitions from Symantec Security Response
  • Downloading Certified Windows Client Definitions from Symantec Security Response
  • Downloading Rapid Release Definitions from Symantec Security Response
  • Downloading Certified and Rapid Release
  • Definitions from Symantec Security Response for Mac and Linux Clients
  • Locating Statically Named Definitions

Module 11: Protecting Against Network Attacks and Enforcing Corporate Policies using the Firewall Policy

  • Preventing Network Attacks
  • Examining Firewall Policy Elements
  • Creating Custom Firewall Rules
  • Enforcing a Corporate Security Policy with Firewall Rules
  • Configuring Advanced Firewall Features

Module 12: Blocking Network Threats with Intrusion Prevention

  • Introducing Intrusion Prevention Technologies
  • Configuring the Intrusion Prevention Policy
  • Managing Custom Signatures
  • Monitoring Intrusion Prevention Events

Module 13: Protecting Against Memory-Based Attacks

  • Memory Exploit Mitigation
  • Configuring the Memory Exploit Mitigation Policy
  • Preventing Defense Evasion

Module 14: Preventing Attacks with SEP Layered Security

  • Virus and Spyware Protection
  • File Reputation
  • Insight Lookup
  • Emulator and Machine Learning Engine
  • Download Insight
  • Auto-Protect Scans
  • Administrator-defined Scans

Module 15: Securing Windows Clients

  • Platform and Virus and Spyware Protection Policy
  • Overview
  • Tailoring scans to meet an environment’s needs
  • Ensuring real-time protection for clients
  • Detecting and remediating risks in downloaded files
  • Identifying zero-day and unknown threats
  • Preventing email from downloading malware
  • Configuring advanced options
  • Monitoring virus and spyware activity

Module 16: Securing Linux Clients

  • Navigating the Linux Client
  • Configuring Virus and Spyware Settings for Linux Clients 
  • Monitoring Linux Clients
  • SEP for Linux Logs

Module 17: Securing Mac Clients

  • Touring SEP for Mac Client
  • Securing Mac Clients
  • Monitoring Mac Clients
  • SEP Logs on Mac Clients

Module 18: Providing Granular Control with Host Integrity

  • Introducing Host Integrity
  • Host Integrity Concepts
  • Configuring Host Integrity
  • Troubleshooting Host Integrity
  • Monitoring Host Integrity

Module 19: Controlling Application and File Access

  • Application Control Overview
  • Application Control Concepts
  • Configuring Application Control
  • Monitor Application Control Events

Module 20: Restricting Device Access for Windows and Mac Clients

  • Introducing Device Control
  • Windows Device Control Concepts
  • Mac Device Control Concepts
  • Configuring Device Control
  • Monitoring Device Control Events

Module 21: Hardening Clients with System Lockdown

  • Describing System Lockdown 
  • Creating and Managing the File Fingerprint List
  • System Lockdown use cases

Module 22: Customizing Protection Based on User Location

  • Creating Locations
  • Adding Policies to Locations
  • Monitoring Location Awareness

Module 23: Managing Security Exceptions

  •  Describing Security Exceptions
  •  Describing Automatic Exclusions
  •  Managing Exceptions
  •  Monitoring Security Exceptions

Follow on courses

Students interested in Administration of Symantec
endpoints utilizing the cloud management interface
available as part of Symantec Endpoint Security
Complete should take the following course: 

  •  Symantec Endpoint Security Complete
    Administration R1

Test and Certification

250-428: Administration of Symantec Endpoint
Protection 14

Session Dates