• Windows 8

• Windows Server 2012

• Windows 8 and Windows Server 2012

• Mac OS X 10.8, Mountain Lion

• Mac OS X case-sensitive formatted volumes

• Microsoft Internet Explorer 10

• Google Chrome

The Client Deployment Wizard includes the following changes:

• The Client Deployment Wizard includes the Communication Update Package Deployment option to push the communications file (Sylink.xml) to the client in a client installation package. You use the Sylink.xml file to convert an unmanaged client to a managed client, or to manage a previously orphaned client. In previous releases, you needed to export the Sylink.xml file from the management server, and import Sylink.xml to each client.

  See Restoring client-server communications with Communication Update Package Deployment.

  See Why do I need to replace the client-server communications file on the client computer?.

• The Client Deployment Wizard searches the network faster to find the computers that do not have the client software installed.

• The Client Deployment Wizard includes the Automatically uninstall existing security software option so that a security software removal feature can uninstall third-party security products from the client computer. The feature removes security software before the client installation package installs the client software. With version 12.1.2, the feature removes more than 40 additional third-party products.

  For a list of products that the third-party security software removal feature uninstalls, see the knowledge base article: About the third-party security software removal feature in Symantec Endpoint Protection 12.1

  See Deploying clients using a Web link and email.

  See Deploying clients by using Remote Push.

  See Deploying clients by using Save Package.

• A VMware vShield-enabled Shared Insight Cache. Delivered in a Security Virtual Appliance, you can deploy the vShield-enabled Shared Insight Cache into a VMware infrastructure on each host. The vShield-enabled Shared Insight Cache makes file scanning more efficient. You can monitor the Security Virtual Appliance and client status in Symantec Endpoint Protection Manager.

  See What do I need to do to use a vShield-enabled Shared Insight Cache?.

• For managing Guest Virtual Machines (GVMs) in non-persistent virtual desktop infrastructures:

  • Symantec Endpoint Protection Manager includes a new option to configure the aging period for offline non-persistent GVMs. Symantec Endpoint Protection Manager removes the non-persistent GVM clients that have been offline longer than the specified time period.

  • Symantec Endpoint Protection clients now have a configuration setting to indicate that they are non-persistent GVMs. You can filter out the offline non-persistent GVMs in the Clients tab view in Symantec Endpoint Protection Manager.

  See Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures.

• Run commands on the client to remediate threat situations.

• Export policies from the server.

• Apply policies to clients across servers.

• Monitor license status and content status on the management server.

• Support for the Microsoft Windows 8 style user interface, including toast notifications for critical events.

  See Configuring user interface settings.

• Support for Windows 8 and Windows Server 2012.

• Windows 8 Early Launch Anti-Malware (ELAM) support provides a Microsoft-supported way for anti-malware software to start before all other third-party components. In addition, vendors can now control the launching of third-party drivers, depending on trust levels. If a driver is not trusted, it can be removed from the boot sequence. ELAM support makes more efficient rootkit detection possible.

  See Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options.

Virus and Spyware Protection:

• Full support for the Microsoft Windows 8 style user interface.

Proactive Threat Protection:

• Device Control now sends a notification and creates a log event each time it blocks a previously disabled device. Previously, Device Control sent a notification and log event only the first time the device was disabled.

  See Managing device control.

• System lockdown can now run in blacklist mode. You must configure system lockdown to display a blacklist mode as well as the default whitelist mode. The blacklist mode blocks only the applications on the specified list. Symantec Endpoint Protection Manager can automatically update the existing file fingerprint lists and application name lists that system lockdown uses for whitelisting or blacklisting.

  See Automatically updating whitelists or blacklists for system lockdown.

Exceptions:

• Added support for HTTPS in trusted Web domain exceptions.

• Common variables in exceptions now apply to 64-bit applications as well as 32-bit applications.

  See Excluding a file or a folder from scans.