Symantec Endpoint Protection Antivirus FAQ

This KB Article References: Symantec Endpoint Protection Antivirus
This Information is Intended for: Instructors, Staff, Students
Created: 08/01/2012 Last Updated: 04/01/2024

Symantec (Norton) Endpoint Protection antivirus software is used by the Stony Brook University community to help guard against malicious viruses taking control of University-owned and personal computers. Stony Brook has a multi-year license to use and distribute the software to members of campus free of charge.

How do I check to see if Symantec Endpoint Protection is already installed on my University-owned computer?

On a Windows computer, check the list of program files to see if Symantec Endpoint Protection is installed. If there is a gold shield in the system tray (next to your clock), then the software has already been installed.

On a Mac, you'll see a gold shield at the top right of your screen near the clock

How do I get Symantec Endpoint Protection?

Symantec Endpoint Protection is installed on University-owned machines by either Customer Engagement & Support or a departmental support technician. If the software is not running on your computer, please call your local technician or create a service ticket to have it installed for you.

Students, faculty, and staff may obtain Symantec Endpoint Protection for their personal computers at no extra charge by downloading the un-managed version from Softweb ( Whenever a new version of Symantec is rolled out, Stony Brook packages the upgrade and makes it available to the campus community via Softweb.

What is the difference between the managed and un-managed versions of Symantec Endpoint Protection?

The managed version of Symantec Endpoint Protection found on Softweb is for University-owned computers, mostly used by employees. It is not for personal computers or mobile devices used to access the WolfieNet wireless network. University-owned computers with the managed version get their virus definitions updated every 4 hours. You know you have the managed version of Symantec AntiVirus if there is a gold shield with a green dot in your system tray.

The un-managed version of Symantec Endpoint Protection is for personal computers and mobile devices. Users with the un-managed version need to run their own scans. If you have a gold shield without a green dot in your system tray, then you know you're running the un-managed version of Symantec.

Installation Instructions

Is Symantec Supported on a Mac?


How do I run an anti-virus scan and how often should I do this?

SB users with the managed version of Symantec Endpoint Protection are automatically set up to have their computers scanned weekly. Users with the un-managed version need to manually scan for threats. To manually run an anti-virus scan, open Symantec Endpoint Protection from Programs (Windows) or Application (Mac) and then click Scan (for Threats).  

There is an option to run one of two scans, either an Active Scan which checks the most-commonly infected areas, or a Full Scan which checks the entire computer. The full scan takes much longer, so more time is needed if you are going to do this. It is best to run an active scan first and if anything turns up, then run a full scan.

Unmanaged versions may set up scheduled scans by clicking on Change Settings (Windows) and Settings (Mac).

What is Symantec LiveUpdate and how do I use it?

LiveUpdate keeps your virus definitions up-to-date. It obtains Symantec program and protection updates for your computer by using your Internet connection. Program updates are usually created to extend the operating system or hardware compatibility, adjust a performance issue, or fix program errors. Symantec releases program updates on an as-needed basis. LiveUpdate locates and obtains files from a website, installs them, and then deletes the remaining files from your computer. Protection updates are the files that keep your Symantec product up-to-date with the latest threat protection technology. By default, LiveUpdate runs automatically at scheduled intervals. Based on your security settings, you can run LiveUpdate manually by going into the Symantec client and clicking on the LiveUpdate link in the sidebar. You might also be able to disable LiveUpdate or change the LiveUpdate schedule.

How will I know if a virus has been detected on my computer and if so, what should I do about it?

If Symantec detects a virus on your computer, you might be alerted with a pop-up message, but not always. Sometimes the threat will automatically be sent to your quarantine. Users with the managed version of Symantec will automatically have their quarantines emptied if a virus shows up there. Un-managed users should periodically check both their logs and their quarantine for threats. To do this, open the Symantec client and select View logs or View quarantine from the sidebar. When you click View Logs on the sidebar, click the "View Logs" button next to Antivirus and Antispyware Protection. Select "Risk Log" for a complete record of threats that have attempted to infiltrate your machine. You can delete any exploits that have been sent to your quarantine by highlighting those found in the quarantine and right-clicking "delete." If there is something in the quarantine, and its status says Left alone, then run a full scan and see if the full scan picks it up and removes it. If the full scan does not remove it, then you can go into "Safe Mode with Networking" by rebooting your machine and hitting F8 as soon as the machine starts back up. Choose "Safe Mode with Networking" when the menu comes up. From there, open the Symantec client and try running the full scan again.

Besides using Symantec Endpoint Protection, what other steps can I take to protect my computer from exploits?

Managed Machines are updated by DoIT.  

Everone else should make sure they are running Windows Updates periodically to take care of exploits and make sure their Windows firewall is turned on since some viruses attempt to turn it off. To turn on your Windows firewall, go to the Start Menu > Control Panel > Windows Firewall and make sure it is turned on.

Can I uninstall Symantec Endpoint Protection if need be?

Yes. Windows users should first try to remove the software from their list of programs by going to Control Panel > Programs and Features (if using Windows 7 or 8) or Control Panel > Add or Remove Programs (if using Windows XP). Symantec EndPoint Protection and LiveUpdate will both need to be removed from the list of programs. If that does not work, use one of the removal tools found on Softweb under University Fixes & Solutions. Mac users can see the Uninstalling Your Norton Product for Mac instructions.

Supported By

Customer Engagement and Support

Related Information

Important Files & Links