Suvarna Garge (Editor)

Symantec Endpoint Protection

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
Symantec Corporation

Platform
  
IA-32 and x86-64

License
  
Trialware

Stable release
  
14.0

Type
  
Antivirus and firewall

Operating system
  
Microsoft Windows, Mac OS X and Linux

Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall software for centrally managed corporate environments providing security for both servers and workstations.

Contents

Version history

Symantec AntiVirus Corporate Edition was the initial software from Symantec in this market, its last release before discontinuation was version 10.2 MP1, (10.2.4). Its successor Symantec Endpoint Protection (SEP) software was released September 23, 2007 and labeled version 11. In 2009 a Small Business Edition (SBE) of SEP (version 11) was introduced in addition for seats/nodes <=100 and labeled version 12. In 2011 both software lines were updated to version 12.1. In 2015 SEP SBE 12.1 was discontinued and replaced by SEP SBE version, reflecting changes in licensing (from perpetual to subscription) and shifting focus from on-premises to cloud-managed business. SEP was updated from version 12.1 to version 14.0 October 28, 2016 introducing several improved and new detection features.

Symantec Endpoint Protection, current version history:

  • Version 14.0 RTM (14.0.1904.0000), 28 October 2016 (release to manufacturing, initial SEP 14.0 version)
  • Version 12.1 RU6 MP7 (12.1.7166.6700), 31 January 2017
  • Version 12.1 RU6 MP6 (12.1.7061.6600), 16 September 2016
  • Version 12.1 RU6 MP5 (12.1.7004.6500), 28 June 2016
  • Version 12.1 RU6 MP4 (12.1.6867.6400), 18 April 2016
  • Version 12.1 RU6 MP4 (12.1.6860.6400), 16 March 2016
  • Version 12.1 RU6 MP3 (12.1.6608.6300), 4 November 2015
  • Version 12.1 RU6 MP2 (12.1.6465.6200), 2 October 2015
  • Version 12.1 RU6 MP1a (12.1.6318.6100), 3 August 2015
  • Version 12.1 RU6 MP1 (12.1.6306.6100), 28 July 2015
  • Version 12.1 RU6 (12.1.6168.6000), 9 May 2015
  • Version 12.1 RU5 (12.1.5337.5000), 18 September 2014
  • Version 12.1 RU4 MP1b (12.1.4112.4156), 29 July 2014
  • Version 12.1 RU4 MP1a (12.1.4104.4130), 16 April 2014
  • Version 12.1 RU4 MP1 (12.1.4100.4126), 19 March 2014
  • Version 12.1 RU4a (12.1.4023.4080), 13 February 2014
  • Version 12.1 RU4 (12.1.4013.4013), 5 November 2013
  • Version 12.1 RU3 (12.1.3001.165), 6 June 2013
  • Version 12.1 RU2 MP1 (12.1.2100.2093), 9 April 2013
  • Version 12.1 RU2 (12.1.2015.2015), 15 November 2012
  • Version 12.1 RU1 MP1 (12.1.1101.401), 8 May 2012
  • Version 12.1 RU1 (12.1.1000.157), 17 November 2011
  • Version 12.1 RTW (12.1.671.4971), 5 July 2011 (release to world, initial SEP 12.1 version)

    • System support

    Endpoint Protection supports Windows 10, Red Hat Enterprise Linux (RHEL) 7.0 and 7.1, & Oracle Linux (OEL) 6U5 Since 12.1.6168.6000 Windows 8.1 & Windows Server 2012 R2 (Since 12.1.4013.4013), Windows 8 & Windows Server 2012 (Since 12.1.2015.2015), Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003, Windows Vista, Windows XP SP1 or higher, and Windows 2000 - and several distributions of Linux. 64-bit versions of Windows XP, Vista and Windows 7 are supported as well, but Itanium and PowerPC processors are not supported.

    Security concerns and controversies

    July 2016 - Google Project Zero Team has seen serious vulnerabilities with Symantec's Endpoint Protection products. The code has been found to have flaws in the decomposer component, which allows analysis of various archive formats like.zip and .rar.

    This enforces a process of remote code execution to create computer worms to execute and interfere with the local network without the knowledge of users.

    These issues were fixed in release, 12.1.7004.6500 (12.1 RU6 MP5).

    Features

    Firewall
    Endpoint incorporates a rules-based firewall, as well as an anti-malware technique that Symantec calls "generic exploit blocking". The firewall is based on technology developed by Sygate Technologies, who were purchased by Symantec. Generic exploit blocking is a technique that attempts to proactivly blocks malware from exploiting unpatched vulnerabilities.
    Proactive protection
    Endpoint uses Symantec's TruScan technologies to attempt detection of unknown malware. It analyzes both "safe" and "negative" behaviours of unknown applications. It also integrates Symantec's Deepsight honeypot sensors to warn of emerging threats and provide threat advisories. Proactive Threat Protection feature is supported on server operating systems in version 12.1 and above.
    Intrusion prevention

    Endpoint is able to create and enforce rules on client computers. For example, it can prevent clients from writing files to a USB flash drive. Intrusion prevention also works as IDS. Policies are enforced by TruScan. The IPS functionality acts as a first line of defence against network based attacks.

    Generic Exploit Mitigation

    Generic Exploit Mitigation prevents common vulnerability attacks in typical software applications, including the following types of protection: - Java exploit prevention, - Heap spray mitigation, and - Structured exception handling overwrite protection (SEHOP). The protections apply to the specific applications that are listed in the Intrusion Prevention policy. SEP downloads the application list as part of its LiveUpdate content.

    References

    Symantec Endpoint Protection Wikipedia
    (Text) CC BY-SA


    Similar Topics