Video Screencast Help

Symantec Antivirus Corporate Edition vs Symantec Endpoint Protection

Created: 20 Aug 2009 • Updated: 20 Aug 2009 | 9 comments
Language Translations
Maximilian's picture
+5 5 Votes
Login to vote

This article is aimed towards the group of people who still working with Symantec Corporate Edition and wants to see what is the difference compared to Symantec Endpoint Protection.

SAVCE (Symantec Antivirus Corporate Edition) is an advanced Antivirus that can detect and remove most malware (Viruses, Trojans etc). It has a built in realtime scanner that detects what is running in system memory and it can also scan the harddrive or any removable drives at your convenience. This is a classic antivirus system with that has had the same design for several years. It can be installed on clients with standalone functionality (maintained by user) or be maintained centrally (server console)

SAVCE has a server console that is using the built in Microsoft mmc. It has a familiar mmc look and is straight forward to work with. For distributing virus definitions and checking log files you need to install an antivirus server. You can install and maintain many servers from the same console. This approach is very useful and it makes it easy to manage sites that connect to a local server from the same console. On the other hand you may have many antivirus servers installed to minimize network traffic over slow wan links.

With SAVCE you get some additional functionality besides antivirus server and client. You can install a separate reporting server that will help you get nice reports of your install base and current threats etc. Other functionality is AMS which is an alerting system as well as quarantine server for captured viruses.

Included in SAVCE (depending on license) with the later releases was the Symantec client firewall. This functionality was static and worked a little bit like the XP built in firewall but with a little more features. You could create policies that you pushed out to clients or distributed with packages. There was no live monitoring or “beat” connectivity with the client. This made the clients not very easy to centrally manage. The Symantec firewall was installed as a separate program. After a couple of versions this software was cancelled due to its design limitations and also because Symantec at that time bought the far more advanced firewall product made by Sygate (Sygate Secure Enterprise).

SEP (Symantec Endpoint Protection) is more advanced than the previous version. SEP now have besides the antivirus functionality also a really advanced firewall client that can be centrally managed and monitored “live”.

Reporting server is now included with SEP and needs not to be installed separately. It does not produce as good reports as the old reporting server did but this will most likely be addressed in newer releases.

SEP consist of the new feature “Proactive Threat Protection (Adds protection for zero-day attacks without relying on signatures. It also provides a way to block or limit processes or hardware devices on client computers.)

One of the two major differences for new users to SEP is the way to manage the clients which is now done by a console that uses JAVA. This approach was adapted from Sygate Secure Enterprise. The console can sometimes feel a bit slow to work with but with the latest version SEP 11MR4 and later it has been much improved. The other major difference compared to SAVCE is the usage of a client firewall (which by default is installed together with Proactive Threat protection).

The client firewall makes SEP more complex to manage for administrators compared to SAVCE but it enhances of course the security in a way that was not possible before. There is a possibility to not enable/install the client firewall portion of SEP and just make it work like before (antivirus only).

For new users to SEP it might be difficult to understand the way you need to think now that you have so many parameters to think of. I would therefore recommend users that need to quickly get to know SEP to not enable all the features instantly and rather make it look like SAVCE did in the end.

Follow these steps to for a SAVCE similar experience:

  1. Install SEP with the integrated database (a separate SQL-server is of course an option)
  2. Log on to the console and configure the default policy with the same settings you had for your SAVCE server. When you install your clients make sure the policy is applied to them.
  3. Create client install package(s) that contain the antivirus and antispyware protection and antivirus e-mail protection (optional). Do not install Network Threat Protection or TruScan Proactive Threat Scan or Application and Device Control. (This can be done later in a test environment when you feel that you have the time and resources for it)
  4. Push the client and install it over the network on top of old SAVCE client installations (uninstalling the old SAVCE might be necessary in some cases).
  5. Enjoy SEP!
  6. Plan for future usage of SEP with the advanced features now enabled.

For new users I recommend this Q&A to see more about the differences between SEP and SAVCE

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007071909500548

SEP documentation can be found here:

http://www.symantec.com/business/support/overview.jsp?pid=54619

Conclusion about SEP compared to SAVCE!

SEP was not an entirely mature product when it was launched. It had many bugs that really affected the usage of the product negatively. It took some months to fix the initial problems and during the year even more has happened. Now after release SEP 11MR4 and newer the product is very stable and the functionality is really good. I can definitely recommend SAVCE users to go over to SEP!

Comments 9 CommentsJump to latest comment

jeffwichman's picture

Excellent high level overview on some of the differences between SAVCE and SEP! 

0
Login to vote
Maximilian's picture

Thanks!

I just hope it can help someone who is doubtful of SEP.

It really rocks! :)

0
Login to vote
Mithun Sanghavi's picture

Amazing Analysis....

We could surely use this for many customers....

Great job done...

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote
Kali Elysees's picture

Cool! *wink*

Brandon Boyd Rocks!

0
Login to vote
Jay Pawaskar's picture

I still preferred SAVCE. I could see in real time when I ran a scan on a user machine, and there were many useful features which would be admin friendly. in SEP, I send a command to update content or scan a computer, I have no way of knowing if it has initiated, other than physically visiting the location where the client machine is. :(

0
Login to vote
Maximilian's picture

 Hi Jay,

I agree that SEP is not userfriendly in all aspects especially the report and monitor part needs to be improved. However it is not true that you need to physically visit the client to see if the command you initiated really worked or not. You can see this from the console.

0
Login to vote
MacLEOD's picture

Thanks

--
Duct tape is like the force. It has a light side, a dark side, and it holds the universe together.

0
Login to vote
Gary2's picture

Nice.

I just wish I had found this before I started installing Endpoint Protection 12.

Two resons:

1. I might not have started out hating it.
2. I would have turned off the firewall that locked me out of a remote desktop connection last night so now I have to drive an hour to reset it.

0
Login to vote
Gary2's picture

Correct me if I'm wrong; is it correct that there is now no such thing as an Antivirus server?  That all hosts are now "Clients"?  Even the host that has the Symantec Protection Center installed?

0
Login to vote