ARCHIVED: What is Symantec Endpoint Protection?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Symantec Endpoint Protection for Macintosh and Windows, available via IUware, combines technologies from previous Symantec products:

  • Antivirus and antispyware: Antivirus and antispyware scans detect viruses and other security risks, including spyware, adware, and other files, that can put a computer or a network at risk.
  • Personal firewall: The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet, preventing unauthorized users from accessing the computers and networks. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
  • Intrusion prevention: The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
  • Proactive threat scanning: Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.
  • Device and application control: Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow applications that try to access system resources.
  • Kernel-level rootkit protection: Symantec Endpoint Protections expands rootkit protection to detect and repair kernel-level rootkits. Rootkits are programs that hide from a computer's operating system and can be used for malicious purposes.
  • Role-based administration: Different administrators can access different levels of the management system based on their roles and responsibilities.
  • Group update provider: Symantec Endpoint Protection clients can be configured to provide signature and content updates to clients in a group. When clients are configured this way, they are called group update providers. Group update providers do not have to be in the group or groups that they update.
  • Location awareness: Symantec Endpoint Protection expands location awareness support to the group level. Each group can be divided into multiple locations, and when a client is in that location, policies can be applied to that location.
  • Policy-based settings: Policies control most client settings, and can be applied down to the location level.
  • Domains: Domains let you create additional global groups. This feature is advanced and should be used only if necessary.
  • Failover and load balancing: If you have a large network and need the ability to conserve bandwidth consumption, you can configure additional management servers in a load-balanced configuration. If you have a large network and need the ability to configure redundancy, you can configure additional management servers in a failover configuration.
  • SQL database support: Symantec Endpoint Protection stores client information in a database on the management server. Where legacy products stored information in the registry, Symantec Endpoint Protection Manager now stores all information about client computers in a SQL database (either the embedded database or a Microsoft SQL database).
  • Enhanced LiveUpdate: LiveUpdate now supports the downloading and installation of a wide variety of content, including definitions, signatures, whitelists to prevent false positives, engines, and product updates.

Further information

This is document awgr in the Knowledge Base.
Last modified on 2018-01-18 15:53:54.