Symantec Endpoint Protection 11
by admin on Jan.25, 2008, under Software, Systems
I installed a trial of Symantec’s Endpoint Protection which is the new version of Symantec’s Enterprise Antivirus. I have used Symantec in business all the way back to version 7 and have always liked it. Version 10 switched its servers to client communication from UDP to TCP which improved network stability. They also changed new virus definitions to be deltas instead of full definitions.
Well Symantec has taken it to the next level now with Endpoint Protection. Now the firewall package is built into all of their clients instead of just their SCS clients. They have also added a HIPS or Host Intrusion Protection Software into this client. This is the next step that a lot of companies have been trying to pull off but haven’t done well yet. IPS watches for known and unknown attacks by watching for activity that could be trying to do malicious things.
Firewalls are great because it blocks connections that aren’t specifically allowed but that still allows all traffic on open ports, the IPS piece will analyze the traffic and watch for malicious activity. So far I have been very impressed how well it is designed, I have not had to make any changes to allow things to work on my machine. I am on a domain and typically you have to allow a ton of stuff just for your machine to function and I did not. Only change I made was to turn off the alerts when the firewall blocked something.
One more note that a lot of standards including PCI require you to run HIDS/HIPS on your machines.
February 4th, 2008 on 8:47 am
My experience with endpoint is much different from yours. I haven’t done much with the client but more with the server install. It is a more robust server/client software package as far as threat/virus protection goes but it lacks hugely in the server admin console. In the past Symantec has used mmc which was great. this new version they try to go web for management interface…… sux. I’ve seen others that use the web interface and they too suck. I have installed the server portion on two different machines with the same outcome…. SLOW and Useless. Now the only thing I didn’t do was use a separate sql server for the database and just used the local database that Symantec installs. Having only 130 computers I wouldn’t think this would hamper the performance to the uselessness it currently is but it may…. Hopefully they fix this because I too like Symantec and think in the corporate world it’s the superior AV/Firewall protection out there.
February 4th, 2008 on 9:02 am
I am sad to hear that, I am currently using McAfee AV with EPO and I hate the admin console. I have always like Symantec’s interface and if they have ruined it I guess I will have to look elsewhere. The Admin console is so important in an Enterprise.
Thanks for the Info
February 22nd, 2008 on 5:44 pm
Hi B-Rrad….sorry to hear that you’re having issues. You should not have to utilize a SQL server for the database with only 130 computers. It’s intended for deployments of 1000 or more endpoints. The SEPM is a bit of a resource hog….do you have 2-4GB of RAM installed on your server? Just curious….additionally, we had to redesign our server console to ensure that we had a robust solution moving forward in light of the fact that we’ve added a lot of components. And actually this is far from 1.0 technology…the management console/architecture was acquired technology from Sygate, who received industry accolades for their management architecture. We also have received many complaints on the MMC GUI….I guess not everyone will be happy.
February 28th, 2008 on 11:10 am
This product is a severe disappointment from Symantec. I’ve been using SAV with several of my clients from the pre version 9 days and always loved the deployment and management of the product. The new management and deployment features are clunky, and the product has turned into a complete resource hog. We have approximately 7 sites on various versions of SAV totalling over 400 workstations and we’re looking for an alternative product to recommend to clients come renewal time.
March 4th, 2008 on 10:51 am
This new version has ground many workstations on my network to a halt, even with most of the new features disabled. Its a nightmare. Bloatware has finally crept up on what used to be the only good (IMO) symantec product, AV Corp version 10. Its just as bad if not worse than Symantecs consumer AV offerings.
April 18th, 2008 on 7:58 am
SEC 11 leaves a lot to be desired. For a 15 user company, it took over 6 Gig on the server, compared to version 10.5 at only one gig. Needless to say, had space issues. The admin interface is much more complex, easier to make mistakes and harder to administrate - pop ups on user machines for items that you don’t care about annoying users that can’t be killed through policy administration. Can no longer find IP address of machine at a glance. The A/V on the desktop is more robust, but like Vista, it is a resource pig - though it does seem relatively stable.
I can see for larger corporation how the new interface may be OK. More reporting that I guess some folks may want. Most folks I know want to know 1) Is it working, 2) Is it up to date and 3) IF something is caught, what is it. All the additional reports are fluff and not necessary. The 10.x interface was *MUCH* better and more effecient. This new version will take much more time for admins to track what is going on and then try and find the offending machine. One thing I will say is that it will probably be better for organizations with road warriers.