Symantec Endpoint Protection: About Proactive Threat Protection.

Article:TECH102733  |  Created: 2007-01-25  |  Updated: 2008-01-29  |  Article URL http://www.symantec.com/docs/TECH102733
Article Type
Technical Solution


Environment

Issue



What is Proactive Threat Protection?


Solution



About Proactive Threat Protection:
Proactive threat scanning provides an additional level of protection to a computer that complements existing AntiVirus, AntiSpyware, Intrusion Prevention, and Firewall protection technologies. AntiVirus and AntiSpyware scans rely mostly on signatures to detect known threats. Proactive threat scans use heuristics to detect unknown threats. The Heuristic process scan analyzes the behavior of an application or a process. The scan determines if the process exhibits the characteristics of a threat, such as Trojan horses, worms, or key loggers. The processes typically exhibit a type of behavior that a threat can exploit, such as opening a port on a user's computer. This type of protection is sometimes referred to as protection from "Zero-day attacks":
  • "Zero-day attack vulnerabilities" are new vulnerabilities that are not yet publicly known. Threats exploiting these vulnerabilities can evade signature based detection such as AntiSpyware and AntiSpyware definitions.
  • "Zero-day" attacks may be used in targeted attacks and in the propagation of malicious code.


Proactive Threat Protection also includes Application and Device Control Policies. Application and Device control is implemented on client computers using policies. An Application and Device Control Policy offers two types of control or protection over client computers:
  • Application control
  • Device control.


Administrators can use the following:
  • Application control to monitor Windows Application Provider Interface calls to a client computer and controls access to a client's computer files, registry keys, and processes
  • Device control to manage the peripheral devices that are attached to computers.


These two protections can be administered when a new policy is created. The option to add application control or device control first and then the other type of protection at a later time is also available.



Configure the following Proactive Threat Protection settings:
  • What types of threats to scan for
  • How often to run Proactive threat scans
  • Whether or not notifications should appear on the client computer when a Proactive threat detection occurs

For additional information, refer to the following documentation in the Symantec Endpoint Protection Administrators guide:

"About Proactive threat scans” on page 525 of the administrators_guide.pdf." at:
http://www.symantec.com/enterprise/support/documentation.jsp?pid=54619

“About Application and Device Control Policies” on page 539 of the administrators_guide.pdf" at:
http://www.symantec.com/enterprise/support/documentation.jsp?pid=54619


References
This document is available in the following languages:




Legacy ID



2007102515015148


Article URL http://www.symantec.com/docs/TECH102733


Terms of use for this information are found in Legal Notices