Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

What is Symantec Endpoint Protection?

Symantec Endpoint Protection is the newest Symantec AntiVirus product, combining technologies from previous Symantec products in a new interface:

  • Antivirus and Antispyware: Antivirus and Antispyware scan for viruses and for other security risks, including spyware, adware, and other files that can put a computer or a network at risk.

  • Personal Firewall: The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet, preventing unauthorized users from accessing the computers and networks. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.

  • Intrusion Prevention: The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.

  • Proactive Threat Scanning: Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.

  • Device and Application Control: Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow applications that try to access system resources.

New features

For Symantec AntiVirus Corporate Edition customers, new technology features include:

  • Firewall
  • Intrusion Prevention
  • Proactive Threat Scanning
  • Device and Application Control

For Symantec Client Security customers, new technology features include:

  • Proactive Threat Scanning
  • Device and Application Control

Additional new features for all Symantec AntiVirus customers include:

  • New client software user interface: The client user interface has been redesigned.

  • Kernel-level rootkit protection: Symantec Endpoint Protections expands rootkit protection, to detect and repair kernel-level rootkits. Rootkits are programs that hide from a computer's operating system and can be used for malicious purposes.

  • New management console: The management console has been redesigned and is called the Symantec Endpoint Protection Manager console.

  • Role-based administration: Allows different administrators to access different levels of the management system based on their roles and responsibilities.

  • Group Update Provider: Symantec Endpoint Protection clients can be configured to provide signature and content updates to clients in a group. When clients are configured this way, they are called Group Update Providers. Group Update Providers do not have to be in the group or groups that they update.

  • Location awareness: Symantec Endpoint Protection expands location awareness support to the group level. Each group can be divided into multiple locations, and, when a client is in that location, policies can be applied to that location.

  • Policy Based settings: Policies now control most client settings, and can be applied down to the location level.

  • Domains: Domains let you create additional global groups. This feature is advanced and should be used only if necessary.

  • Failover and load balancing: If you have a large network and need the ability to conserve bandwidth consumption, you can configure additional management servers in a load-balanced configuration. If you have a large network and need the ability to configure redundancy, you can configure additional management servers in a failover configuration.

  • SQL Database support: Symantec Endpoint Protection now stores client information in a database on the management server. Where legacy products stored information in the registry, Symantec Endpoint Protection Manager now stores all information about client computers in a SQL database (either the embedded database or a Microsoft SQL database).

  • Enhanced LiveUpdate: LiveUpdate now supports the downloading and installation of a wide variety of content, including definitions, signatures, white lists to prevent false positives, engines, and product updates.

More on the new features of Symantec Endpoint Protection is available at both Symantec's Endpoint Protection main page and their What's New page.

Further information

This is document awgr in domain all.
Last modified on May 13, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.