This article describes the new features in Symantec Endpoint Protection (SEP) 12.1.
Symantec Endpoint Protection 12.1 includes the following improvements that make it easier and more efficient to use...
1) Support for additional operating systems
Symantec Endpoint Protection Manager (SEPM) now supports the following operating systems:
■ VMware Workstation 7.0 or later
■ VMware ESXi v5.x
■ VMware ESXi 4.0.x
■ VMware ESX 4.0.x
■ VMware Server 2.0.1
■ Citrix Xenserver 5.1
Symantec Endpoint Protection Manager now supports the following Web browsers:
■ Internet Explorer 7.0, 8.0, 9.0
■ Firefox 3.6, 4.0
The Symantec Endpoint Protection client now supports the following operating system:
■ Windows Home Server 2008
The Symantec Endpoint Protection Linux client now supports the following operating systems:
■ Novell SLEX 9, SLED 9
■ Novell Open Enterprise Server (OES2-10, OES2-11)
■ Ubuntu 10.x
■ Fedora 13.x
■ Debian 6.x
For more information, please check the System Requirements documentation for Symantec Endpoint Protection 12.1
2) New features for your virtual environment
The new virtualization features include the following:
■ Shared Insight Cache reduces the need to scan files in a virtualized environment that Symantec Endpoint Protection has determined are clean. Shared Insight Cache runs independently of Symantec Endpoint Protection. However, you must configure Symantec Endpoint Protection Manager to specify the location of Shared Insight Cache so that your clients can communicate with it. No special license is required to install or run Shared Insight Cache.
■ Virtual Image Exclusion tool lets you whitelist files from your baseline image on virtual machines instead of continually scanning system files.
■ Hypervisor Detection: Symantec Endpoint Protection Manager now automatically detects which clients are running in a virtual environment, as well as their virtual platform. This feature gives you more information about your clients, helping you when creating policies for virtual machine groups and searching for virtual clients.
■ Symantec Offline Image Scanner can scan offline VMware .vmdk files to ensure that there are no threats in the image.
3) Faster and more flexible management
Symantec Endpoint Protection Manager helps you manage the client computers more easily with the following new features:
■ Centralized licensing lets you purchase, activate, and manage product licenses from the management console.
■ The management console includes a new Welcome screen that provides links to common management tasks.
■ Symantec Endpoint Protection Manager registers with Protection Center (version 2). The new Protection Center lets you centralize data and integrate management of many Symantec security products into a single interface.
■ The Symantec Endpoint Protection Manager logon screen can email a forgotten password to you.
■ The Symantec Endpoint Protection Manager includes an option to let any of the administrators in a site reset their forgotten password.
■ You can configure when and how Symantec Endpoint Protection Manager restarts the client computer, so that the restart does not interfere with the user's activity.
■ The Home page displays the high-level reports that are simpler and easier to read. The Home page also includes a link to notifications about logged events that you have not read.
■ The Monitors page includes a set of preconfigured email notifications that inform you of the most frequently used events. The events include when new client software is available, when a policy changes, license renewal messages, and when the management server locates unprotected computers. The notifications are enabled by default and support BlackBerry, iPhone, and Android.
■ Improved status reporting automatically resets the Still Infected status for a client computer once the computer is no longer infected.
■ You can configure Linux clients to send log events to Symantec Endpoint Protection Manager.
4) Improved installation process
You can install the product faster and easier than before with the following new installation features:
■ You can upgrade to the current version of the product while the legacy clients stay connected and protected.
■ The Symantec Endpoint Protection Manager installation wizard lets you import a saved recovery file that includes client-server connection information. The recovery file will configure the manager to use its backed-up certificates and to automatically restore the communication to existing clients.
■ The management server Web service uses Apache instead of IIS.
■ To reduce network strain, client installation packages may be configured to include the latest definition files.
■ You can configure when and how the management server restarts the client computer after you deploy the client installation package.
■ The new Client Deployment wizard helps you easily locate unprotected computers on which you need to install the protection client. The wizard also provides an email deployment link so that users can download and install the client software locally. The wizard makes client deployment faster, easier and more reliable.
■ You can view an installation status report that shows the progress of computers that are installing the client software.
5) Improved server and client performance
The speed of the management server, management console, database, and clients increased by adding following features:
■ The database performs automatic cleanup tasks to improve the management server-client responsiveness and scalability.
■ Auto-Protect and Insight scans skip the files that scans have already identified as clean.
■ You can schedule scans to run when users do not actively use the client computer. Scans that use Insight are faster and more accurate, reducing scan overhead by up to 70%.
■ LiveUpdate can detect when the client computer is idle and download content updates during times that do not interfere with the user's activity.
6) More effective and better security against malware
You can protect client computers better with the following features:
■ Symantec Endpoint Protection can now detect threats based on a file's characteristics rather than relying solely on virus definitions. This behavioral protection reduces management overhead, as you do not need to add exceptions for false positives.
■ The Virus and Spyware Protection policy detects threats more accurately, reducing false positives and improving scan performance with new SONAR technology. SONAR replaces TruScan to identify malicious behavior of unknown threats using heuristics and reputation data. TruScan only ran at regularly scheduled intervals, SONAR scans in real-time.
■ Auto-Protect provides additional protection with Download Insight, a new feature that examines files that are downloaded through Web browsers, text messaging clients, and other portals. Download Insight uses reputation information from Symantec Insight to make educated decisions about a file's safety.
■ Insight Cache lets scans skip trusted files, improving scan performance.
■ Insight Lookup can detect malicious zero-day executable files that may not be detected by AutoProtect and sends information from the files to Symantec for evaluation. If Symantec determines that the application files are risks, the client computer then handles the files as such. Insight Lookup makes malware detection faster and more accurate.
■ The Firewall policy includes firewall rules to block IPv6-based traffic.
■ The Firewall policy and Application and Device Control policy have additional rules templates to help you create commonly used rules.
■ The Intrusion Prevention policy includes browser intrusion prevention, which uses IPS signatures to detect attacks that are directed at browser vulnerabilities.
■ Application and Device Control supports computers running 64-bit operating systems.
7) Support for Macintosh clients
■ You can now deploy (using the web link and email method) and manage Macintosh clients from the Symantec Endpoint Protection Manager.
■ In Symantec Endpoint Protection Enterprise Edition, you can configure the polices for Macintosh clients based on location and group.
8) Symantec Network Access Control (SNAC) functionality
Symantec Network Access Control was enhanced with the following features:
■ Ability for the clients in an Enforcer group to synchronize their system time constantly by using the Network Time Protocol server.
■ Improvements for updating lists of MAC addresses:
■ In the DHCP Integrated Enforcer, you can import a text file that contains the MAC address exceptions that define trusted hosts.
■ In the LAN Enforcer, you can add, edit, and delete the MAC addresses that the Host Integrity checks ignore by using the following features.
- MACAuthenticationBypass (MAP) bypasses the Host Integrity check for non-802.1x clients or the devices that do not have the Symantec Network Access Control client installed.
- The Ignore SymantecNACClientCheck bypasses the Host Integrity check for 802.1x supplicants that do not have the Symantec Network Access Control client installed.
■ You can add individual MAC addresses or use wildcards to represent vendor MAC strings. You can also import the MAC addresses from a text file.
■ You can add MAC addresses with or without an associated VLAN, which allows multiple VLANs to be supported.
Symantec Endpoint Protection Manager includes the following additional functionality for Symantec Network Access Control:
■ Enforcer management server lists can include management servers from replication partners. Enforcers can connect to any management server at any site partner or replication partner.
■ The Compliance logs for the Symantec Network Access Control client provide additional information about log events and Host Integrity check results. You can now see which requirement caused a Host Integrity check on a client computer to fail.
■ LiveUpdate downloads Host Integrity templates to management servers. Therefore, client computers can get the Host Integrity policies that include updated Host Integrity templates.
■ Enforcer groups support limited administrator accounts and administrator accounts as well as system administrator accounts. For a large company with multiple sites and domains, you probably need multiple administrators, some of whom have more access rights than others.
Symantec Network Access Control includes the following new Enforcer features:
■ 64-bit support for the Integrated Enforcers.
■ Support for the Network Policy Server (NPS) with the Microsoft Windows Server 2008 (Longhorn) implementation of a RADIUS server and proxy. The Enforcer can now authenticate the clients that run Windows Vista or later versions and that use 802.1x authentication.
■ In the DHCP Integrated Enforcer, you can selectively turn on scope-based enforcement for the scopes that you define.
■ The Gateway Enforcer supports both 802.1q trunking and On-Demand Clients at the same time. You can designate a single VLAN on a multiple trunk VLAN to host On-Demand Clients.
■ Support for the guest enforcement mode, which enables the Gateway Enforcer to act as a download server for On-Demand Clients. The Gateway Enforcer downloads On-Demand Clients to guest computers, enabling the clients to communicate to the Enforcer through the guest computers' Web browsers. In the guest enforcement mode, the Gateway Enforcer does not forward inline traffic.
■ The local database size has been increased to 32 MB to accommodate a larger number of MAC addresses.