Protections provided by Symantec Security Products

Article:TECH105940  |  Created: 2008-01-18  |  Updated: 2009-01-01  |  Article URL http://www.symantec.com/docs/TECH105940
Article Type
Technical Solution


Issue



You want to know if you are protected against specific kinds of threats with the Symantec security product you have installed.


Solution




Does generic exploit blocking scan for Microsoft vulnerabilities only, or other software as well?
Generic exploit blocking protects mostly against Microsoft vulnerabilities, but there are other vulnerability signatures included as well.

Does generic exploit blocking require signature updates?
Yes. Symantec Security Response creates signatures for new vulnerabilities as necessary.

Does Symantec Endpoint Protection provide protection against buffer overflows?
Yes. Symantec Endpoint Protection provides Buffer Overflow protection through its Network Intrusion Prevention System.

What does Proactive Threat Protection view as good and bad behavior?
Proactive Threat Protection views signed applications as good behavior. Some examples of bad behavior include several open ports, listening on ports, and unsigned applications.

How often does Proactive Threat Protection scan the computer?
By default, Proactive Threat Protection runs a scan every 15 minutes and whenever a new process loads. Trojan horses are remediated by default, while keyloggers are only logged.

Does Proactive Threat Scan replace Tamper Protection? Aren't some of their protection features redundant?
Proactive Threat Scan does not replace Tamper Protection. Instead the two protection features complement each other. Tamper Protection protects Symantec processes against attack. Proactive Threat Scan technology protects your computers against unknown vulnerabilities and zero day attacks.

How has Symantec Endpoint Protection improved scan throttling?
Previously, Symantec AntiVirus set the priority of a scan so that the scan would not interfere with other processes using system resources. This method proved ineffective, as it was not necessarily the priority of the scan that degraded performance, but more how many processes used CPU or I/O activities. Symantec Endpoint Protection now watches for the new and existing processes that take CPU time, I/O activities, and using memory. When the Symantec Endpoint Protection scanner sees these types of events, it sleeps for a short period before it checks to see if system resources were freed. The overall experience for the end user is that their applications are not interfered with by the scanner and that the scan completes in a timely manner.

Can I use wildcards and system variables when creating centralized exceptions?
For Security Risk Exceptions and Tamper Protection Exceptions, you can use predefined system variables by specifying a prefix variable along with a file or a folder name.
Wildcards are not supported for Security Risk Exceptions and Tamper Protection Exceptions.

Is Rootkit detection and removal part of the Symantec Endpoint Protection Client?
Yes. The Symantec Endpoint Protection Client protects against rootkits.
  • AntiVirus/antispyware definitions protect against threats (including viruses, trojans and worms) and risks (including spyware and misleading applications).
  • Symantec security products include an extensive database of attack signatures. An attack signature is a unique arrangement of information that can be used to identify an attacker's attempt to exploit a known operating system or application vulnerability. When Intrusion Detection detects an attack signature, it displays a Security Alert.



References
The Symantec Security Response Website. For information on current risks, threats and attack signatures go to: http://www.symantec.com/business/security_response/index.jsp





Legacy ID



2008091810022648


Article URL http://www.symantec.com/docs/TECH105940


Terms of use for this information are found in Legal Notices