Symantec Endpoint Protection
Symantec Endpoint Protection is installed on all computers staged by FLLS. Symantec Endpoint has several components including Virus and Spyware Protection to protect staff and public computers from becoming infected or spreading infections to other computers on your library network.
To access Symantec Endpoint, locate the yellow icon in the system tray (shown at right) and double click it. You can also find Symantec Endpoint Protection in your list of installed programs by clicking on the Start button.
Staff computers should update automatically during the week. Opening Symantec will show you the Status screen which will be green when everything is up to date. If it shows orange, use the LiveUpdate button to download the most recent updates.
Public computers may update their definitions while in use, but the update will not be saved if Faronics Deep Freeze is installed and set to frozen. We recommend thawing Deep Freeze once a month and running Symantec updates on the public computers.
If you have Deep Freeze set to do Windows Updates on weekends, it’s possible that Symantec will update at the same time. This is not guaranteed to happen so monitoring your public computers is still advised.
When Deep Freeze is set to frozen, any virus or malware that may be downloaded to a public computer while in use can be cleared by rebooting the computer or turning it off and then back on.
On a monthly basis, FLLS recommends using your anti-virus software to do a complete system scan on your staff computers. Full system scans can be programmed to run automatically or can be run manually at any time.
This will help detect any virus that may have slipped in before a virus definition update was provided by Symantec. Full system scans can take some time depending on the speed of your computer, the version of the anti-virus software and the number of files and programs you have installed. On average, it may take about a half hour to run.
Public computers will need to have full system scan run manually with Deep Freeze set to Thawed. It’s less of a priority to run the scan on public computers as long as Deep Freeze is kept frozen at all times the computer is in use by the public. You may only need to run a full system scan if you are having problems with a public computer or believe a virus or malware has infected it. If there is a concern about a public computer with a virus or malware, the CNS department is available for support.
Microsoft provides security patches, bug fixes, and application updates through Microsoft Update. Microsoft frequently schedules updates to be applied on the second Tuesday of each month, dubbed Patch Tuesday. Updates for Windows 7 and 8.1, Microsoft Office, and other Microsoft products still use Patch Tuesday for their main updates but urgent security updates can be pushed out when they’re ready and don’t always adhere to the schedule. Windows 10 can have updates pushed out more frequently and doesn’t stick to the Patch Tuesday schedule.
Windows 10 has also altered the life cycle for Windows. Previous version of Windows would have monthly updates and patches released and over time, new features would be introduced as Service Packs. Microsoft would then replace the current version with a new version of Windows. With Windows 10, Microsoft has committed to twice a year Feature Updates that introduce new features along with rolling up previously released patches and updates. The 2017 Feature Updates were the Spring and Fall Creators Updates. In April, Microsoft released their “April 2018 Update,” dropping the creators tag. Feature Updates are more intrusive than Service Packs for previous versions of Windows and can require Symantec Endpoint to be updated or uninstalled in order to apply. Faronics Deep Freeze can also cause a Feature Update not to apply or have side effects that cause problems after the update has installed on public computers.
Unlike previous versions of Windows, where a Service Pack could be skipped on public computers, the Windows 10 Feature Updates need to be installed. For example, just prior to the April 2018 Update being released, Windows 10 computers that hadn’t received a Feature Update since the 2016 Anniversary Update started seeing popup windows announcing the end of support for that update on April 10, 2018. The 2017 Creators Updates have end of service dates of October 2018 for the Spring update and April 2019 for the Fall update.
Because Windows 10 requires more frequent updates and twice per year Feature Updates, FLLS recommends using Faronics Deep Freeze to run Microsoft Updates on public computers. Any public computer with Deep Freeze installed can have an Update Task scheduled to run Microsoft Updates during a time when the computers are not in use or when the library is closed. Saturday (or Sunday for libraries with hours on that day) afternoons are convenient for most libraries but the task can be scheduled for any day of the week that works best for a library’s schedule. The update task can be scheduled to run after normal business hours and to turn the computer off after the task has completed.
All of the libraries in the system can take advantage of Deep Freeze for updating public computers. If your library is not already using Deep Freeze to manage Microsoft Updates, contact the CNS department to set it up.
When using Deep Freeze to manage updates on Windows 10 computers, specifically, it will disable some features of Windows Update so that the computers will not try to run updates outside of the scheduled task. A side effect of the Windows Update service being disabled is that Microsoft Update cannot be run manually from a public computer when Deep Freeze is installed with an update task. The update history for the public computer will also not be visible due to the Windows Update service being disabled. If Microsoft Update needs to be run outside of a scheduled task on public computers, the Run Windows Update tool in the Faronics Deep Freeze Console can be used (see Faronics Deep Freeze Console Instructions for additional information).
In order to check the Microsoft Update history, a Windows service needs to be enabled on public computers. If you need to check for update history, contact the CNS department. Unless you receive a message on a public computer that some Microsoft updates were not installed, a sign that updates are applying correctly via a Deep Freeze update task is if the computers are powered off after the task was scheduled to run.
Staff computers, including circulation computers, with Windows 10 installed will receive Microsoft Updates automatically. If you have staff computers with Windows 7 or 8.1, we recommend running Microsoft Updates once a month when doing them manually. Microsoft Update can be scheduled to run automatically in Windows 7 and 8.1. Unlike public computers controlled by Deep Freeze, Windows 7 and 8.1 computers may reboot after a scheduled update, but they don’t power themselves off.
Most updates will install without interrupting your session so scheduling updates during business hours is possible. If any updates require a reboot, you’ll notice when you next shut down the computer, the shut down command may say “Apply updates and Shut down” or “Apply updates and Restart.” Because staff computers do not have Deep Freeze installed, you can manually run Microsoft Updates or browse the update history at any time.