Symantec Endpoint Protection 14.2.5323.2000 | Client | Manager
The growth in targeted attacks and advanced persistent threats require layered protection and intelligent security at the endpoint. Symantec Endpoint Protection brings unrivaled security, blazing performance, and smarter management across both physical and virtual environments.
By leveraging the world’s largest civilian threat intelligence network, Symantec can proactively identify at-risk files and stop zero-day threats without slowing down your performance. Only Symantec Endpoint Protection provides the security you need through a single, high-powered agent, for the fastest, most-effective protection available.
Unrivaled Security — Stops targeted attacks and advanced threats with layered protection at the endpoint
- Network Threat Protection analyzes incoming data streams and proactively blocks threats
- Insight™ reputation analysis separates files at-risk from safe files for faster more accurate detection
- SONAR™ behavioral analysis monitors application behavior in real-time and stops targeted attacks and zero-day threats
- Strong antivirus, antispyware and firewall protection
Blazing Performance — Optimized for strong performance in both physical, virtual environments
- Insight technology only requires scanning of at-risk files, reducing scan time by up to 70%
- Reduced client size with smaller memory footprint for embedded systems or VDI
- Reduced network load with flexibility to control number of network connections and bandwidth
Smarter Management — Singular management console across physical, virtual platforms with granular policy control
- Single high performance agent with single management console for Windows, Mac, Linux, virtual machines and embedded systems
- Support for remote deployment and client management for Windows and Mac
- Granular policy control with system lockdown, application and device control and location awareness
- Layered protection to keep endpoints safe from mass malware, targeted attacks and advanced persistent threats
- Superior threat protection backed by the world’s largest civilian threat intelligence network
- Performance so fast it won’t impact user productivity
- Ease of use with a single client and management console across both physical and virtual platforms
- Flexibility to adjust polices based on users and location
What's New in Version 14.0
- Intelligent Threat Cloud Service for client installation packages (Windows)
- Version 14 includes three new sizes of client installation packages, based on which set of virus definitions they include:
- Standard client: Designed for typical installations where clients have access to the cloud or the clients are version 12.1.6 and earlier. The standard client is 80% to 90% smaller than a dark network client installation package and includes the most recent virus definitions only. After installation, the client accesses the full set of virus definitions from the cloud.
- Embedded client or VDI client: The embedded client replaces the reduced-size client that was introduced in version 12.1.6. The embedded client is smaller than the standard client and also includes the most recent virus definitions only. After installation, the client accesses the full set of virus definitions from the cloud.
- Dark network client: Installs a full set of virus definitions and keeps the definitions locally rather than accessing them from the cloud. Use this client installation package if the client computers are in networks with no access to the cloud.
Generic Exploit Mitigation (Windows)
- Generic Exploit Mitigation prevents common vulnerability attacks in typical software applications. Generic Exploit Mitigation installs with intrusion prevention and includes the following types of protection: Java exploit prevention, heap spray mitigation, and structured exception handling overwrite protection (SEHOP). The protections apply to the specific applications that are listed in the Intrusion Prevention policy. Symantec Endpoint Protection downloads the application list as part of its LiveUpdate content. To see the list of applications, open an Intrusion Prevention policy and then click Generic Exploit Mitigation.
- Enable Suspicious Behavior Detection option (Windows)
- You can enable or disable suspicious behavior detection if SONAR is disabled. Therefore, you can have behavior policy enforcement protection of applications on while SONAR scoring is off.
- Scan files on remote computers option (Windows, Linux)
- You can disable the option for SONAR or Auto-Protect to scan files on computers on other networks. Disabling this option increases performance. However, you should keep this option enabled as SONAR looks for worms such as Sality, which infects network drives. For Auto-Protect scans all files reduces and reduces the client computer's performance, you can enable the Only when files are executed option. To access these options, click Policies > Virus and Spyware Protection policy > SONAR or Auto-Protect.
Virus scan logic moved to Auto-Protect user mode
- Auto-Protect user mode reduces kernel memory usage and provides greater system health. In rare cases of crashes, the computer does not blue screen and is recoverable.
Emulator for packed malware
- For Auto-Protect and virus scans, a new emulator improves scan performance and effectiveness by at least 10 percent. This anti-evasion technique addresses packed malware obfuscation techniques and detects the malware that is hidden inside custom packers.
Advanced Machine Learning (AML) on the endpoint for improved static detections
- This new endpoint-based machine learning engine can detect malware based on static attributes. This technology enables Symantec Endpoint Protection to detect malware in the pre-execution phase, thereby stopping large classes of malware, both known and unknown. The AML engine works with the Symantec real-time cloud-based threat intelligence to provide best-in-class protection with low false positives.
Insight Lookup (Windows)
- You can still enable or disable Insight Lookup for version 14 and legacy 12.1.x clients, but you cannot set the sensitivity level or action settings. Instead, Insight Lookup uses internal settings to optimize the scan because Download Insight detections are now completely handled by real-time protection. The new Enable Insight Lookup option on the Scan Details tab replaces the Insight Lookup tab in version 12.1.x. Open a Virus and Spyware Protection policy > Administrator-Defined Scans, choose either scheduled scans or on-demand scans, and then click Scan Details.
- On standard and embedded/VDI clients, Insight Lookup now allows Auto-Protect, scheduled scans, and manual scans to look up both file reputation information and definitions in the cloud. However, the dark network clients include the full set of definitions and do not use Insight Lookup. You enable Insight Lookup in the Clients > Policies tab > External Communications > Submissions tab.
Scheduled and on-demand scans support the %systemdrive% and %userprofile% variables (Windows)
- These scans let you select specific folders to be scanned rather than scanning all the files on the Windows client computer. The %systemdrive% variable indicates the location where the Windows operating system is installed. The %userprofile% variable corresponds to the user profile folders for the users who are logged on. You can also exclude these folders from being scanned by using an Exceptions policy.
Reports display an application's hash value you can use to block applications
- You can use the hash value instead of an application's name to add to the policies that block applications. The hash value is unique whereas an application name may not be. To find the hash value, look in the Hash Type / Application Hash column in the following reports:
- Risk reports: Infected and At Risk Computers; Download Risk Distributions; SONAR Detection Results; SONAR Threat Distribution; Symantec Endpoint Protection Daily Status Report; and Symantec Endpoint Protection Weekly Status Report
- To view the Risk reports, click Reports > Quick Reports > Risk.
- Home page > Activity Summary link
Client submissions and server data collection
- You can enable Symantec Endpoint Protection to send information about detected threats and your network configuration to Symantec. Symantec uses this information for additional analysis and to improve the security features in the product.
- Version 14 has several new types of client submissions that you can enable. You access these options by clicking Clients > Policies tab > External Communications > Submissions tab > More options.
- The previously existing submission types are automatically submitted with the Send anonymous data to Symantec to receive enhanced threat protection intelligence option. In 12.1.6.x and earlier, this option was labeled Let computers automatically forward selected anonymous security information to Symantec.
- You use the new Send client-identifiable data to Symantec for custom analysis option if you participate in a Symantec-sponsored program to get recommendations specific to your security network.
- For server data collection, the Yes, I would like to help optimize Symantec's endpoint security solutions by submitting anonymous system and usage information to Symantec option is now labeled Send anonymous data to Symantec to receive enhanced threat protection intelligence. You access this option on the Admin > Servers > Edit Site Properties > Data Collection tab.
LiveUpdate downloads new types of content
- Symantec Endpoint Protection Manager downloads additional types of content from LiveUpdate servers:
- Client security patches
- Endpoint Detection and Response: Definitions that the Endpoint Detection and Response (EDR) component uses to detect and investigate suspicious activities and issues on hosts and endpoints.
- Common Network Transport Library and Configuration: Definitions that the entire product uses to achieve network transportation and telemetry.