IT Consultant Group

 View Only
Back to Library

Differences between Symantec Endpoint Protection 11.x client and SEP 12.1 beta client 

May 06, 2011 09:16 AM

Problem

What are the differences between SEP 11.x client and SEP 12.1 beta client?

Environment

Tests have been made in the following conditions and versions of clients :

  • SEP 11.0.6300 RU6 MP3
  • SEP 12.1.399.4350 beta

Operating systems :

  • Windows 2003 32 bit
  • Windows 2008 64 bit

Virtual Environment :

  • VMWare ESXi 4.1

============================================================================

I. PRIMA FACIE DIFFERENCES

1. Virus and Spyware Protection Settings:

- Insight feature that can be enabled and disabled

- Insight can be enabled for Symantec and Community Trusted or only Symantec Trusted

- Bloodhound feature that can be enabled and disabled

- Bloodhound feature that can be set to automatic or aggressive

- It is possible to set user-defined exceptions in Global Settings instead of within Auto-Protect tab

- In Auto-protect tab, Scan actions option, additional types of security risks have been added

  • remote access
  • parental control
  • adware
  • joke

- Heuristic option has disappeared from auto-protect tab, advanced options

- Insight Tab has been added, providing the following options

  • specifying download protection level from 1 (minimum) to 9 (maximum)
  • specifying the way files should be detected as malicious (on the basis of Symantec Community DB)
  • allowing automatic trust to any file downloaded from an intranet site

2. Proactive threat protection settings

- it seems that this module is now used on 64bit machines (it's not inactive by default as on SEP 11.x)

- SONAR tab has been added, providing the following options

  • enable/disable SONAR
  • specifying actions for system change detection and suspicious behaviour

3. Client Management Settings

- proxy can now be configured here

- reboot after scan options are available

- location options are available

- it is possible to enable and disable Application and Device control here

- in LiveUpdate tab it is possible to set LiveUpdate download only when OS is idle to grant priority to this service

- new Submissions tab is introduced, allowing configuration of submissions to Symantec

4. Troubleshooting

- Connection Status option has been added which allows to test connection with Management Server

5. Windows interface

- It is now possible to scan files in 64 bit OS by right-clicking on it

II. LAUNCHED PROCESSES AND MEMORY USE

1. 64 bit version of SEP beta client uses following processes using a given amount of physical memory

  • Smc.exe, running in 64 bit mode, taking ca. 6500-7500Kb of RAM
  • SymCorpUI, running in 32 bit mode, taking ca. 7600-7900Kb of RAM
  • SmcGui.exe, running in 64 bit mode, taking ca. 2600-4000Kb of RAM
  • SavUI.exe, running in 32 bit mode, taking ca. 3000Kb of RAM
  • ccSvcHst.exe, in 32 bit mode, taking ca. 2-17Mb of RAM
    •  

2. The following processes are running when SEP is installed on VMWare

  •  ProtectionUtilSurrogate.exe, running in 32 bit mode, taking ca. 1250Kb of RAM

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Sep 23, 2011 12:51 PM

Useful info. Thxs for updated.

Migration User
Sep 23, 2011 07:38 AM

Is the Client Management Settings possible to administer in the Symantec Endpoint Protection Manager?

I ask because of the "reboot after scan options" wich is default on.

We wouldnt want our production servers to reboot randomly...

Migration User
Jul 05, 2011 05:32 AM

We will see how it will work in reality. SEP 12 seams to make Symantec 1st place company in AV market.

Migration User
Jul 05, 2011 04:40 AM

This is useful, thanks for the summary!

Migration User
Jun 06, 2011 12:07 AM

Gr8...

Migration User
Jun 03, 2011 11:03 AM

Good Info

Related Entries and Links

No Related Resource entered.