About the types of threat protection that Symantec Endpoint Protection provides

Article:HOWTO55272  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55272
Article Type
How To


About the types of threat protection that Symantec Endpoint Protection provides

Symantec Endpoint Protection uses state-of-the-art protection to integrate multiple types of protection on each computer in your network. It offers advanced defense against all types of attacks for both physical systems and virtual systems. You need combinations of all the protection technologies to fully protect and customize the security in your environment. Symantec Endpoint Protection combines traditional scanning, behavioral analysis, intrusion prevention, and community intelligence into a superior security system.

Table: Layers of protection describes the types of protection that the product provides and their benefits.

Table: Layers of protection

Protection type



Virus and Spyware Protection

Virus and Spyware Protection protects computers from viruses and security risks, and in many cases can repair their side effects. The protection includes real-time scanning of files and email as well as scheduled scans and on-demand scans. Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.

See Managing scans on client computers.

Virus and Spyware Protection detects new threats earlier and more accurately using not just signature-based and behavioral-based solutions, but other technologies.

  • Symantec Insight provides faster and more accurate malware detection to detect the new and the unknown threats that other approaches miss. Insight identifies new and zero-day threats by using the collective wisdom of over millions of systems in hundreds of countries.

  • Bloodhound uses heuristics to detect a high percentage of known and unknown threats.

  • Auto-Protect scans files from a signature list as they are read from or written to the client computer.

Network Threat Protection

Network Threat Protection provides a firewall and intrusion prevention protection to prevent intrusion attacks and malicious content from reaching the computer that runs the client software.

The firewall allows or blocks network traffic based on the various criteria that the administrator sets. If the administrator permits it, end users can also configure firewall policies.

The Intrusion Prevention System (IPS) analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer. Intrusion Prevention also monitors outbound traffic and prevents the spread of worms.

See Managing firewall protection.

See Managing intrusion prevention on your client computers.

  • The rules-based firewall engine shields computers from malicious threats before they appear.

  • The IPS scans network traffic and files for indications of intrusions or attempted intrusions.

  • Browser Intrusion Prevention scans for attacks that are directed at browser vulnerabilities.

  • Universal download protection monitors all downloads from the browser and validates that the downloads are not malware.

Proactive Threat Protection

Proactive Threat Protection uses SONAR to protect against zero-day attack vulnerabilities in your network. Zero-day attack vulnerabilities are the new vulnerabilities that are not yet publicly known. Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions. Zero-day attacks may be used in targeted attacks and in the propagation of malicious code. SONAR provides real-time behavioral protection by monitoring processes and threats as they execute.

Application and Device Control monitors and controls the behavior of applications on client computers and manages the hardware devices that access client computers.

See Managing SONAR.

See About application and device control.

See Setting up application and device control.

SONAR examines programs as they run, and identifies and stops malicious behavior of new and previously unknown threats. SONAR uses heuristics as well as reputation data to detect emerging and unknown threats.

Application Control controls what applications are allowed to run or access system resources.

Device Control manages the peripheral devices that users can attach to desktop computers.

The management server enforces each protection by using an associated policy that is downloaded to the client.

Figure: An overview of protection layers shows the categories of threats that each type of protection blocks.

Figure: An overview of protection layers

An overview of protection layers

See Components of Symantec Endpoint Protection.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO55272

Terms of use for this information are found in Legal Notices