What is Symantec Endpoint Protection?
Symantec Endpoint Protection for Macintosh and Windows, available via IUware, combines technologies from previous Symantec products:
Antivirus and antispyware: Antivirus and
antispyware scans detect viruses and other security risks, including
spyware, adware, and other files, that can put a computer or a
network at risk.
Personal firewall: The Symantec Endpoint
Protection firewall provides a barrier between the computer and the
Internet, preventing unauthorized users from accessing the computers
and networks. It detects possible hacker attacks, protects personal
information, and eliminates unwanted sources of network traffic.
Intrusion prevention: The intrusion prevention
system (IPS) is the Symantec Endpoint Protection client's second
layer of defense after the firewall. The intrusion prevention system
is a network-based system. If a known attack is detected, one or
more intrusion prevention technologies can automatically block it.
Proactive threat scanning: Proactive threat
scanning uses heuristics to detect unknown threats. Heuristic
process scanning analyzes the behavior of an application or process
to determine if it exhibits characteristics of threats, such as
Trojan horses, worms, or keyloggers. This type of protection is
sometimes referred to as zero-day protection.
Device and application control: Device-level
control is implemented using rule sets that block or allow access
from devices, such as USB, infrared, FireWire, SCSI, serial ports,
and parallel ports. Application-level control is implemented using
rule sets that block or allow applications that try to access system
Kernel-level rootkit protection: Symantec
Endpoint Protections expands rootkit protection to detect and repair
kernel-level rootkits. Rootkits are programs that hide from a
computer's operating system and can be used for malicious purposes.
Role-based administration: Different
administrators can access different levels of the management system
based on their roles and responsibilities.
Group update provider: Symantec Endpoint
Protection clients can be configured to provide signature and
content updates to clients in a group. When clients are configured
this way, they are called group update providers. Group update
providers do not have to be in the group or groups that they update.
Location awareness: Symantec Endpoint
Protection expands location awareness support to the group
level. Each group can be divided into multiple locations, and when
a client is in that location, policies can be applied to that
Policy-based settings: Policies control most
client settings, and can be applied down to the location level.
Domains: Domains let you create additional
global groups. This feature is advanced and should be used only if
Failover and load balancing: If you have a
large network and need the ability to conserve bandwidth
consumption, you can configure additional management servers in a
load-balanced configuration. If you have a large network and need
the ability to configure redundancy, you can configure additional
management servers in a failover configuration.
SQL database support: Symantec Endpoint
Protection stores client information in a database on the management
server. Where legacy products stored information in the registry,
Symantec Endpoint Protection Manager now stores all information
about client computers in a SQL database (either the embedded
database or a Microsoft SQL database).
- Enhanced LiveUpdate: LiveUpdate now supports the downloading and installation of a wide variety of content, including definitions, signatures, whitelists to prevent false positives, engines, and product updates.
- Symantec Endpoint Protection
- What's New in Symantec Endpoint Protection 12.1
- System requirements for Symantec Endpoint Protection 11.0.2 and Symantec Network Access Control 11.0.2
Last modified on February 19, 2013.