About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

Article:HOWTO54900  |  Created: 2011-06-29  |  Updated: 2011-12-20  |  Article URL http://www.symantec.com/docs/HOWTO54900
Article Type
How To


About the types of threat protection that Symantec Endpoint Protection Small Business Edition provides

Symantec Endpoint Protection Small Business Edition uses state-of-the-art protection to integrate multiple types of protection on each computer in your network. It offers advanced defense against all types of attacks for both physical systems and virtual systems. You need combinations of all the protection technologies to fully protect and customize the security in your environment. Symantec Endpoint Protection Small Business Edition combines traditional scanning, behavioral analysis, intrusion prevention, and community intelligence into a superior security system.

Table: Layers of protection describes the types of protection that the product provides and their benefits.

Table: Layers of protection

Protection type



Virus and Spyware Protection

Virus and Spyware Protection protects computers from viruses and security risks, and in many cases can repair their side effects. The protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans. Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.

See Managing scans on client computers.

Virus and Spyware Protection detects new threats earlier and more accurately using not just signature-based and behavioral-based solutions, but other technologies.

  • Symantec Insight provides faster and more accurate malware detection to detect the new and the unknown threats that other approaches miss. Insight identifies new and zero-day threats by using the collective wisdom of over millions of systems in hundreds of countries.

  • Bloodhound uses heuristics to detect a high percentage of known and unknown threats.

  • Auto-Protect scans files from a signature list as they are read from or written to the client computer.

Network Threat Protection

Network Threat Protection provides a firewall and intrusion prevention protection to prevent intrusion attacks and malicious content from reaching the computer that runs the client software.

The firewall allows or blocks network traffic based on the various criteria that the administrator sets. If the administrator permits it, end users can also configure firewall policies.

The Intrusion Prevention System (IPS) analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer. Intrusion Prevention also monitors outbound traffic and prevents the spread of worms.

See Managing firewall protection.

See Managing intrusion prevention on your client computers.

  • The rules-based firewall engine shields computers from malicious threats before they appear.

  • The IPS scans network traffic and files for indications of intrusions or attempted intrusions.

  • Browser Intrusion Prevention scans for attacks that are directed at browser vulnerabilities.

  • Universal download protection monitors all downloads from the browser and validates that the downloads are not malware.

Proactive Threat Protection

Proactive Threat Protection uses SONAR to protect against zero-day attack vulnerabilities in your network. Zero-day attack vulnerabilities are the new vulnerabilities that are not yet publicly known. Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions. Zero-day attacks may be used in targeted attacks and in the propagation of malicious code. SONAR provides real-time behavioral protection by monitoring processes and threats as they execute.

See Managing SONAR.

SONAR examines programs as they run, and identifies and stops malicious behavior of new and previously unknown threats. SONAR uses heuristics as well as reputation data to detect emerging and unknown threats.

The management server enforces each protection by using an associated policy that is downloaded to the client.

Figure: An overview of protection layers shows the categories of threats that each type of protection blocks.

Figure: An overview of protection layers

An overview of protection layers

See Components of Symantec Endpoint Protection Small Business Edition.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO54900

Terms of use for this information are found in Legal Notices