What's new in version 12.1 RTM

Article:HOWTO55189  |  Created: 2011-06-29  |  Updated: 2014-11-04  |  Article URL http://www.symantec.com/docs/HOWTO55189
Article Type
How To


What's new in version 12.1 RTM

The current release includes the following improvements that make the product easier and more efficient to use.

Table: New features in version 12.1 displays the new features in version 12.1 RTM.

Table: New features in version 12.1



Better security against malware

The most significant improvements in the 12.1 release include the following policy features to provide better protection on the client computers.

Faster and more flexible management

Symantec Endpoint Protection Manager helps you manage the client computers more easily with the following new features:

  • Centralized licensing lets you purchase, activate, and manage product licenses from the management console.

    See Licensing Symantec Endpoint Protection.

  • Symantec Endpoint Protection Manager registers with Protection Center version 2. Protection Center lets you centralize data and integrate management of Symantec security products into a single environment. You can configure some of the settings Protection Center uses to work with Symantec Endpoint Protection Manager.

    See About Symantec Endpoint Protection and Protection Center.

  • The Symantec Endpoint Protection Manager logon screen enables you to have your forgotten password emailed to you.

    See Logging on to the Symantec Endpoint Protection Manager console.

  • Symantec Endpoint Protection Manager includes an option to let any of the administrators in a site reset their forgotten password.

  • You can configure when and how Symantec Endpoint Protection Manager restarts the client computer, so that the restart does not interfere with the user's activity.

    See Restarting client computers.

  • The Monitors page includes a set of preconfigured email notifications that inform you of the most frequently used events. The events include when new client software is available, when a policy changes, license renewal messages, and when the management server locates unprotected computers. The notifications are enabled by default and support the BlackBerry, iPhone, and Android.

    See About the preconfigured notifications.

  • The Home page displays the high-level reports that you can click, which makes the Home page simpler and easier to read. The Home page also displays a link to notifications about log events that you have not yet read.

    See Viewing and acknowledging notifications.

  • Improved status reporting automatically resets the Still Infected Status for a client computer once the computer is no longer infected.

  • You can now configure Linux clients to send log events to Symantec Endpoint Protection Manager.

Better server and client performance

To increase the speed between the management server and the management console, database, and the client computers:

See Improving client and server performance.

Support for virtual environments

Enhanced to help protect your virtual infrastructure, Symantec Endpoint Protection includes the following new features:

  • The Shared Insight Cache Server lets clients share scan results so that identical files only need to be scanned once across all the client computers. Shared Insight Cache can reduce the effect of full scans by up to 80%.

    See Configuring your clients to communicate with Shared Insight Cache.

  • The Virtual Image Exception tool reduces the effect of scanning every single file in a trusted base image. Instead of continually scanning system files for viruses, the Virtual Image Exception tool lets you white list files from your baseline image on virtual machines.

    See Using the Virtual Image Exception tool on a base image.

  • Symantec Endpoint Protection Manager uses hypervisor detection to automatically detect which clients run on a virtual platform. You can create policies for groups of clients on virtual platforms.

  • The Symantec offline image scanner can scan offline VMware .vmdk files to ensure that there are no threats in the image.

See Managing Symantec Endpoint Protection in virtual environments.

Support for Mac clients

In Symantec Endpoint Protection, you can configure the policies for Mac clients based on a location as well as a group.

See Managing remote clients.

Improved installation process

You can install the product faster and easier than before with the following new installation features:

  • The Symantec Endpoint Protection Manager installation wizard lets you import a previously saved recovery file that includes client-server connection information. The recovery file enables the management server to reinstall existing backed-up certificates and to automatically restore the communication to the existing clients.

    See Installing the management server and the console.

  • The management server Web service uses Apache instead of IIS. You do not need to install IIS first, as you did in previous versions.

  • The Client Deployment Wizard quickly locates unprotected computers on which you need to install the client software. The wizard also provides an email deployment link so that users can download the client software by using the Web. The wizard makes client software faster and easier to deploy.

    See Deploying clients using a Web link and email.

    See Viewing the protection status of clients and client computers.

    See About the client protection status icons.

  • You can upgrade to the current version of the product while the legacy clients stay connected and protected.

  • A new quick report for deployment shows which computers have successfully installed the client software.

    See Running and customizing quick reports.

Support for additional operating systems and virtual platforms

Symantec Endpoint Protection Manager and the Symantec Endpoint Protection client now support the following additional virtual platforms:

  • VMware Workstation 7.0 or later

  • VMware ESXi 4.0.x or later

  • VMware ESX 4.0.x or later

  • VMware Server 2.0.1

  • Citrix XenServer 5.1 or later

Symantec Endpoint Protection Manager now supports the following Web browsers:

  • Internet Explorer 7.0, 8.0, 9.0

  • Firefox 3.6, 4.0

The Symantec AntiVirus for Linux client now supports the following additional operating systems:

  • RedHat Enterprise Linux 6.x

  • SUSE Linux Enterprise Server and Enterprise Desktop 11.x (includes support for OES 2)

  • Ubuntu 11.x

  • Fedora 14.x, 15.x

  • Debian 6.x

    For information about using the Symantec AntiVirus client on Linux, see the Symantec AntiVirus for Linux Client Guide.

See the knowledge base article: System Requirements for Symantec Endpoint Protection and Network Access Control 12.1

Better Enforcer management in Symantec Endpoint Protection Manager

You can manage the Enforcers more easily by configuring the following Enforcer settings in Symantec Endpoint Protection Manager:

  • Ability for the clients in an Enforcer group to synchronize their system time constantly by using the Network Time Protocol server.

  • You can more easily update the list of MAC addresses with the following improvements:

    • For the DHCP Integrated Enforcer, you can import a text file that contains the MAC address exceptions that define trusted hosts.

    • For the LAN Enforcer, you can add, edit, and delete the MAC addresses that the Host Integrity checks ignore by using the following features:

      MAC Authentication Bypass (MAP) bypasses the Host Integrity check for non-802.1x clients or the devices that do not have the Symantec Network Access Control client installed.

      Ignore Symantec NAC Client Check bypasses the Host Integrity check for 802.1x supplicants that do not have the Symantec Network Access Control client installed.

    • You can add individual MAC addresses or use wildcards to represent vendor MAC strings. You can also import the MAC addresses from a text file.

    • You can add MAC addresses with or without an associated VLAN, which allows multiple VLANs to be supported.

New Network Access Control features in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager includes the following additional functionality for Symantec Network Access Control:

  • Enforcer management server lists can include management servers from replication partners. Enforcers can connect to any management server at any site partner or replication partner.

    See Configuring a management server list.

    See Setting up failover and load balancing.

  • The Compliance logs for the Symantec Network Access Control client provide additional information about log events and Host Integrity check results. You can now see which requirement caused a Host Integrity check on a client computer to fail.

    See Viewing logs.

  • LiveUpdate downloads Host Integrity templates to management servers. Therefore, client computers can get the Host Integrity policies that include updated Host Integrity templates.

  • Enforcer groups support limited administrator accounts and administrator accounts as well as system administrator accounts. For a large company with multiple sites and domains, you probably need multiple administrators, some of whom have more access rights than others.

    See About administrators.

    See Adding an administrator account.

New Enforcer features

Symantec Network Access Control includes the following new features:

  • 64-bit support for the Integrated Enforcers.

  • Support for the Network Policy Server (NPS) with the Microsoft Windows Server 2008 (Longhorn) implementation of a RADIUS server and proxy. The Enforcer can now authenticate the clients that run Windows Vista or later versions and that use 802.1x authentication.

  • For the DHCP Integrated Enforcer, you can selectively turn on scope-based enforcement for the scopes that you define.

  • The Gateway Enforcer supports both 802.1q trunking and On-Demand Clients at the same time. You can designate a single VLAN on a multiple trunk VLAN to host On-Demand Clients.

  • Support for the guest enforcement mode, which enables the Gateway Enforcer to act as a download server for On-Demand Clients. The Gateway Enforcer downloads On-Demand Clients to guest computers, enabling the clients to communicate to the Enforcer through the guest computers' Web browsers. In the guest enforcement mode, the Gateway Enforcer does not forward inline traffic.

  • Support for On-Demand Client persistence, which includes the capability to be connected for a designated period.

  • The local database size has been increased to 32 MB to accommodate a larger number of MAC addresses.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO55189

Terms of use for this information are found in Legal Notices