Symantec
™
Endpoint Detection and Response 4.5 Installation Guide for the S550
appliance
Installing the physical appliance
S550 appliance installation workflow
Step Action Description
1 Complete all items in the
pre-installation checklist.
Completing the pre-installation checklist ensures that you have everything you
need to install an appliance. It also ensures that you have completed all the
tasks required before installation begins.
Pre-installation checklist for physical appliances
Physical Appliance Installation Worksheet
2 Install the appliance. Install the hardware in a rack and connect network cables and power cables.
Connecting the cables
Note: The appliance's role (all-in-one, management platform, or network
scanner) and operating mode determine the cable connections and port
mappings.
Note: About operating roles, operating modes, and network connections
Powering on the S550 appliance and verifying the LEDs
Configuring the serial terminal or terminal emulation software
Rack-mounting the appliance
3 Run bootstrap. Open the console and run the bootstrap.
During bootstrap, you are prompted to provide appliance configuration
information. Your Symantec EDR administrator provides you this information on
the Installation checklist.
Running bootstrap to configure the appliance
4 Run the status_check
command.
Run the command status_check to determine if the network connectivity has
been set up properly. The command lists all of the items that are checked and
the status of whether each item is successful or not.
status_check command
5 Run the setup wizard.
Management platform or
all-in-one appliances only.
The Symantec EDR setup wizard guides you through the mandatory
configuration steps of an all-in-one or management platform device. This set
up includes uploading the product license and creating the first administrator
account so that you can log on to the EDR appliance console.
Running the setup wizard
6 Perform the post-
installation tasks and
configurations.
For all configurations
except management
platform.
After you exit the setup wizard, log on to the EDR appliance console. Perform
the recommended tasks to start scanning traffic and collecting incident and
event data.
Completing setup tasks
7 Test the appliance. Run the status_check command again to determine if configuration settings
have been correctly specified.
Symantec has a test webpage, http://testatp.coe.org.uk, that contains a series
of links. When you click on each of the links, you should see a corresponding
incident in the database.
In Inline Block mode, file downloads should be interrupted. You should also test
whether bypass mode works correctly.
Testing Symantec EDR for successful monitoring or blocking
Testing the appliance bypass mode
25
To Next Page
Loading...