I've been told by our RSA Rep that native support Symantec SEP is on the Roadmap for Q3 this year.
enVision support for Symantec Endpoint Protection V11 is currently planned for October 2008.
If any changes occurs we'll sent an update to the community.
Thanks for the question
Symantec SEP is now a supported device in enVision. enVision has released a device source update for this. you may check the RSA website and download the same.
I have already integrated SEP in my environment after doing this update.
Go to Secure Care Online to the enVision section and click on RSA enVision Content Updates under the Latest RSA enVision Downloads section. Here's the link:
I have setup SEP 11 for many of our customers. It appears to find it as 2 devices. One of them shows as Symanted Antivirus and other is unknown. I have followed the implementation guide to exactly as written and it still seems to show 2 devices. Is there a cure for this? Any ideas on how to resolve this.
Have you submitted a support ticket on this yet? If not, I recommend you reach out to Support.
SEP11 is a composite of the Symantec AV and Sygate Firewall/IDS/IPS engine. It is very much possible that the event messages being relayed by SEP to RSA contain different syntax. You may want to take a look at the incoming (raw) data from your SEP Servers/DB to see if you can manually decipher what type of events are not being translated by the UDS. I'm using enVision 3.7 and am not sure how 4.0 works in terms of the Event Viewer, but you should be able to select Unknown from the device type list and grab some sample data. It is my guess that the AV messages are being picked up and the Firewall/IDS/IPS are being flagged as unknown. You may be able to deselect multi-device in the device managed list and remediate the issue by combining all messages into one device type. I'm relatively new to enVision; so, feel free to chime in and correct me if I am mistaken.
Retrieving data ...