This version of Symantec Endpoint Protection includes new features in the following areas:
Symantec Endpoint Protection includes the following additional support:
Microsoft Internet Explorer 11
Mozilla Firefox 5.x through 38.0.1
Google Chrome through 42.0.2311.152
For the full list of system requirements, see:
You can now download a full installation file from FileConnect. This single installation file includes Symantec Endpoint Protection Manager, the Windows, Mac, and Linux clients, the supplemental tools, and some of the virtualization tools:
If you download the full installation file, you do not need the following individual files:
For the standalone client installers for Windows, Mac, and Linux, download: Symantec_Endpoint_Protection_12.1.6_All_Clients_language.zip
For the management console and management server, download: Symantec_Endpoint_Protection_12.1.6_SEPM_language.zip
For the virtualization tools, such as Security Virtual Appliance or Shared Insight Cache, download:
For information on all of the installation files, see:
You access FileConnect from the following URL:
Symantec Endpoint Protection includes the following additional support for the clients that run on Windows Embedded devices and in virtual desktop infrastructure (VDI) environments.
A reduced-size client installation package
The Client Deployment wizard includes a reduced-size client installation package for computers with a smaller footprint, such as Windows Embedded devices and virtual environments. The client installation package also determines if the Windows Embedded operating system has the appropriate components installed. If the device does not, a message appears where you can click a link to more information on which components you need.
Reduced-size definitions for Windows clients
You can install a smaller set of virus and spyware definitions, which are 80 percent to 90 percent smaller than the standard-size definitions. After you install the client, you continue to update the older reduced-size definitions with newer reduced-size definitions. For each site, you download the definitions to the management server. You can download reduced-size definitions only, standard-size definitions only, or both at the same time.
The reduced-size content provides slightly less Virus and Spyware Protection than the standard-size content. Symantec recommends that you install and enable all protection technologies to mitigate this small reduction in Virus and Spyware Protection. These protection technologies include the firewall, Download Insight, intrusion prevention, and SONAR. Symantec also recommends that you use system lockdown to ensure the highest level of security.
Support for Windows Embedded write filters
Windows Embedded operating systems use write filters to redirect the changes to an overlay so that changes won't persist after the device is restarted. During installation, the Symantec Endpoint Protection installer detects if write filters are installed or enabled. Symantec Endpoint Protection then notifies you if you need to change a writer filter status to the disabled status to continue the installation. To ensure that the client installation, the virus definitions, and the product running state persist after each restart, Symantec Endpoint Protection adds exclusions to write filters for its file paths and registry keys.
Symantec Endpoint Protection supports the File-Based Write Filter (FBWF) for Windows XP Embedded, Windows 7 Embedded, and Windows 8 Embedded. Symantec Endpoint Protection does not support the Unified Write Filter (UWF) or the Enhanced Write Filter (EWF).
Ability to search for information about Windows Embedded devices
You can search for clients based on their installation type or write filter state. For example, you can find out which clients have the latest reduced-size definitions. To search, click Clients > Clients > Search clients. In the Search Field, select Install type for definitions or Enhanced Write Filter, File Based File Filter, Unified File Filter for the write filter type.
Reports on Windows Embedded devices
You can run reports or view logs on the devices that run the Windows Embedded operating system. You can search on either all versions or specific versions of the operating system. To view logs based on the operating system, in the console, click Monitors > Logs > Computer Status > Advanced Settings > Operating system.
See Viewing logs.
Integration with Symantec Advanced Threat Protection: Endpoint (ATP: Endpoint)
ATP: Endpoint is an on-premises virtual appliance that detects advanced threats on endpoints in your network. ATP: Endpoint delivers actionable data so that you can quickly analyze and respond to the threats. You can select threats to block and add them to the ATP: Endpoint policy. When ATP: Endpoint sends the policy to the Symantec Endpoint Protection Manager, read-only file fingerprints from ATP: Endpoint appear in the system lockdown configuration. You can also configure Symantec Endpoint Protection Manager client groups to use ATP: Endpoint for reputation queries and submissions.
System lockdown enhancements
Collect file fingerprint lists for system lockdown for a group of clients
You can run a new command from the management console to collect file fingerprints for all the applications that a group of client computers run. The best time to use this method is to add file fingerprints to whitelists. Another common use of this command is to create a list of whitelisted applications for a master image for a Windows Embedded device. In the console, click Clients, right-click a group, and click Run a command on the group > Collect File Fingerprint List.
The blacklist mode is automatically enabled in 12.1.6. You do not have to edit the
conf.properties file to enable it.
Bandwidth usage reduction when virus and spyware definitions are downloaded to clients
When too many clients simultaneously request full definition downloads from the management server, Symantec Endpoint Protection helps to prevent network overloads. If the management server downloads full definitions only rather than deltas, you can specify that clients get deltas from a LiveUpdate server instead. You can also block clients from downloading full definitions from the management server. You can also receive an alert if too many clients request full downloads from the management server.
Aggressive scan mode
If Windows client detects a large number of viruses, spyware, or high-risk threats, an aggressive scan mode engages automatically. The scan restarts and uses Insight lookups. You can pause or cancel the scan when it is in aggressive mode. However, you cannot configure the aggressive scan mode in either the Virus and Spyware Protection policy or the client.
Auto-compile for Symantec Endpoint Protection client for Linux
The Symantec Endpoint Protection client installer for Linux can now auto-compile the Auto-Protect kernel module. The installer takes this action when the operating system kernel is not compatible with the precompiled Auto-Protect kernel modules.
Content Distribution Monitor tool
The Content Distribution Monitor tool helps you manage and monitor multiple Group Update Providers (GUPs) in your environment. The tool displays a graphical display of the GUPs' health and content distribution status. The Content Distribution Monitor tool was provided but was unsupported with previous versions. The tool is now supported and included in the Tools/ContentDistributionMonitor folder of the installation file.
Symantec Endpoint Protection 12.1.6 no longer supports an installation on Windows XP Service Pack 2 (32-bit).
Symantec Endpoint Protection 12.1.6 is the last release to support the installation of Symantec Endpoint Protection Manager on any version of Windows XP/Windows Server 2003, or to any 32-bit operating system. This upcoming change does not affect the Symantec Endpoint Protection client.
12.1.5 was the last release to add new features for Symantec Network Access Control. Version 12.1.6 does not have a separate installation file for Symantec Network Access Control. For 12.1.6, you enable the Symantec Network Access Control functionality by using the
snac.xml file that is located in the
SNAC_12.1.6_XML_Multi.zip file on FileConnect. The Symantec Endpoint Protection Manager Help still includes information on the Symantec Network Access Control features.
Symantec Endpoint Protection 12.1.6 does not ship with Small Business Edition, which reached end of life (EOL) in May, 2015. Small Business Edition 12.1 customers can use a tool to migrate to the cloud-based Symantec Endpoint Protection Small Business Edition. For more information, see:
Symantec Endpoint Protection for Windows XP Embedded 5.1 reaches end of life (EOL) in June, 2015. Symantec Endpoint Protection Windows XP Embedded 5.1 customers can migrate to Symantec Endpoint Protection 12.1.6, but must first uninstall Symantec Endpoint Protection Windows XP Embedded 5.1.
Symantec Endpoint Protection Manager no longer supports LiveUpdate Administration Utility 1.x, which reached end of life on January 5, 2015. Also, the LiveUpdate Settings policy no longer includes the option to enable support for LiveUpdate Administration Utility 1.x. If you use this utility in your environment, you should migrate to LiveUpdate Administrator 2.3.x. To get the latest version of LiveUpdate Administrator, see:
Symantec Endpoint Protection 12.1.6 no longer supports Symantec Protection Center version 2.0.
Symantec Endpoint Protection no longer ships with the free Symantec Endpoint Protection Integration Component. The Integration Component combines Symantec Endpoint Protection with other Symantec Management Platform solutions. The Integration Component was in the Tools\SEPIntegrationComponent folder of the installation file.
Symantec Endpoint Protection includes a new Quick Start guide. This guide provides a step-by-step walk-through for installing 100 or fewer managed clients.
Symantec Endpoint Protection includes new documentation for the following tools, which are located in the Tools folder of the installation file:
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.