Symantec Endpoint Protection FAQ

Audience: Faculty, Staff and Students

This KB Article References: Cyber Security
This Information is Intended for: Faculty, Staff, Students
Last Updated: March 22, 2017

Symantec (Norton) Endpoint Protection software is used by the Stony Brook University community to help guard against malicious viruses taking control of University-owned and personal computers. Stony Brook has a multi-year license to use and distribute the software to members of campus.

How do I check to see if Symantec Endpoint Protection is already installed on my University-owned computer?

On a Windows computer, check the list of program files to see if Symantec Endpoint Protection is installed. If there is a gold shield in the system tray, then the software has already been installed. Mac users can check for it in the Applications folder of their hard drive.

How do I get Symantec Endpoint Protection?

Symantec Endpoint Protection is installed on University-owned machines by either Client Support or a departmental support technician. If the software is not running on your computer, please call your local technician or Client Support to have it installed.

Students, faculty, and staff may obtain Symantec Endpoint Protection for their personal computers at no extra charge by downloading the un-managed version from Softweb (https://softweb.cc.stonybrook.edu). Whenever a new version of Symantec is rolled out, Stony Brook packages the upgrade and makes it available to the campus community via Softweb.

What is the difference between the managed and un-managed versions of Symantec Endpoint Protection?

The managed version of Symantec Endpoint Protection found on Softweb is for University-owned computers, mostly used by employees. It is not for personal computers or mobile devices used to access the WolfieNet wireless network. University-owned computers with the managed version get their virus definitions updated twice a day. You know you have the managed version of Symantec AntiVirus if there is a gold shield with a green dot in your system tray.

The un-managed version of Symantec Endpoint Protection is for personal computers and mobile devices. Users with the un-managed version need to run their own scans. If you have a gold shield without a green dot in your system tray, then you know you're running the un-managed version of Symantec.

Installation Instructions

Is Symantec Supported on a Mac?

Yes. Mac OS X 10.4.x through 10.6 users can download Symantec Endpoint Protection 11.6 mp2 from Softweb. Mac OS X 10.5 and up (Intel only) can download Symantec AntiVirus 12.1. Mac OS X 10.3.x should download Symantec Endpoint Protection 10, while Mac OS X 10.1.5 through 10.3.x should download Symantec AntiVirus 9.0.3. Versions prior to Mac OS 9 are no longer supported by Symantec or by Client Support.

How do I run an anti-virus scan and how often should I do this?

SB users with the managed version of Symantec Endpoint Protection are automatically set up to have their computers scanned weekly. Users with the un-managed version need to manually scan for threats. To run an anti-virus scan, double-click the gold shield or Symantec logo in the system tray. This will open the Status dialog box. On the left side, click on Scan for Threats . There is an option to run one of two scans, either an Active Scan which checks the most-commonly infected areas, or a Full Scan which checks the entire computer. The full scan takes much longer, so more time is needed if you are going to do this. It is best to run an active scan first and if anything turns up, then run a full scan.

What is Symantec LiveUpdate and how do I use it?

LiveUpdate keeps your virus definitions up-to-date. It obtains Symantec program and protection updates for your computer by using your Internet connection. Program updates are usually created to extend the operating system or hardware compatibility, adjust a performance issue, or fix program errors. Symantec releases program updates on an as-needed basis. LiveUpdate locates and obtains files from a website, installs them, and then deletes the remaining files from your computer. Protection updates are the files that keep your Symantec product up-to-date with the latest threat protection technology. By default, LiveUpdate runs automatically at scheduled intervals. Based on your security settings, you can run LiveUpdate manually by going into the Symantec client and clicking on the LiveUpdate link in the sidebar. You might also be able to disable LiveUpdate or change the LiveUpdate schedule.

How will I know if a virus has been detected on my computer and if so, what should I do about it?

If Symantec detects a virus on your computer, you might be alerted with a pop-up message, but not always. Sometimes the threat will automatically be sent to your quarantine. Users with the managed version of Symantec will automatically have their quarantines emptied if a virus shows up there. Un-managed users should periodically check both their logs and their quarantine for threats. To do this, open the Symantec client and select View logs or View quarantine from the sidebar. When you click View Logs on the sidebar, click the "View Logs" button next to Antivirus and Antispyware Protection. Select "Risk Log" for a complete record of threats that have attempted to infiltrate your machine. You can delete any exploits that have been sent to your quarantine by highlighting those found in the quarantine and right-clicking "delete." If there is something in the quarantine, and its status says Left alone, then run a full scan and see if the full scan picks it up and removes it. If the full scan does not remove it, then you can go into "Safe Mode with Networking" by rebooting your machine and hitting F8 as soon as the machine starts back up. Choose "Safe Mode with Networking" when the menu comes up. From there, open the Symantec client and try running the full scan again.

Besides using Symantec Endpoint Protection, what other steps can I take to protect my computer from exploits?

Windows users should make sure they are running Windows Updates periodically to take care of exploits and make sure their Windows firewall is turned on since some viruses attempt to turn it off. To turn on your Windows firewall, go to the Start Menu > Control Panel > Windows Firewall and make sure it is turned on.

Can I uninstall Symantec Endpoint Protection if need be?

Yes. Windows users should first try to remove the software from their list of programs by going to Control Panel > Programs and Features (if using Windows 7 or 8) or Control Panel > Add or Remove Programs (if using Windows XP). Symantec EndPoint Protection and LiveUpdate will both need to be removed from the list of programs. If that does not work, use one of the removal tools found on Softweb under University Fixes & Solutions. Mac users can see the Uninstalling Your Norten Product for Mac instructions.

Additional Information


Files & Links

Getting Help


The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Ticket

Supported By


Customer Engagement and Support