A security architect is designing a Symantec Endpoint Security (SES) Complete policy for a group of developers who frequently use unsigned, custom-compiled executables for testing. The CISO has mandated that Application Control must be enabled in blacklist mode for all workstations, but developer productivity should not be impeded. Which policy configuration provides the most secure and efficient solution to meet these conflicting requirements?
A SOC analyst is investigating an incident in the ICDm console that originated from a suspicious PowerShell command. The Endpoint Activity Recorder (EAR) data shows the PowerShell process spawned from `winword.exe`, which was launched by a user opening an email attachment. To understand the full scope of the attack, what is the most effective next step within the EDR console?
A global corporation is deploying SES Complete using a hybrid model. They have an existing on-premises SEPM managing 10,000 clients and need to enroll it with the ICDm cloud console. The security policy requires that all communication between the SEPM and the cloud must pass through a dedicated, explicit proxy server that requires authentication. Which two actions are required to ensure successful enrollment? (Select TWO).
During a security audit, an administrator discovers that the content definitions for a group of isolated servers in a secure network segment are severely outdated. These servers have no internet access. The administrator has access to a Symantec Endpoint Protection Manager (SEPM) with up-to-date content. What is the most efficient method to update the clients in the secure segment?
True or False: When an SES Complete policy's Host Integrity check fails for a client, the client is automatically moved to the Quarantine group, regardless of the firewall policy configuration.
A hospital is using SES Complete to protect workstations that are frequently moved between wards. They are experiencing performance issues with a critical medical imaging application that writes large temporary files to `C:\Temp\ImagingData\`. A previous administrator created a folder exception for this path in the Antivirus and Spyware Protection policy. Despite this, SONAR continues to generate detections on the application's processes when they access this directory. Why are the SONAR detections still occurring?
An administrator is reviewing the `sylink.log` file on a client that is failing to communicate with its SEPM. The log contains repeated entries of `HTTP 407 Proxy Authentication Required`. The client is configured with the correct proxy settings in its communication policy. What is the most likely cause of this error?
A security analyst needs to create a custom EDR query to hunt for evidence of a specific MITRE ATT&CK technique: T1059.001, PowerShell. The goal is to find any PowerShell command that contains the string `IEX (New-Object Net.WebClient).DownloadString`. Which search query syntax should be used in the ICDm console's threat hunting interface?
An administrator wants to prevent users from copying sensitive data to any USB storage devices, but must allow specific, company-issued encrypted USB drives to function normally. They also need to allow HID devices like keyboards and mice. What is the most precise way to configure this in the Device Control policy?
What is the primary function of the `sesinstaller.log` file during the installation of the Symantec Agent on a Windows endpoint?