What's new in SEP 12.1 RU2
Hello Everyone,
Previously we have seen What's new in SEP 12.1 RU1 MP1
Now Symantec has released SEP 12.1 RU2 with many new features and enhancements.For more detail info check this article.
I have tried to list down few of them.
Especially I would like to show changes/additions in GUI, inhancements.
1. Security Virtual Appliance
Path: SEPM --> Monitors --> Security Virtual Appliance
A Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. Symantec Endpoint Protection Security Virtual Appliance integrates with VMware's vShield Endpoint and hosts the Symantec Endpoint Protection Shared Insight Cache server.
Shared Insight Cache lets Guest Virtual Machines (GVMs) share scan results so that identical files need to be scanned only once across all GVMs on the ESX/ESXi host. Shared Insight Cache improves performance of full scans by reducing disk I/O and CPU usagec
2. Early Launch Anti-Malware Driver:
Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.
The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.
The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.
Path: SEPM --> Virus & Spyware Protection --> Edit assigned Policy --> Protection Technology --> Early Launch Anti-Malware Driver
Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options
http://www.symantec.com/docs/HOWTO81106
3. Explicit Group Update Provider for Roaming Clients:
It will allow clients to use GUP's outside their subnet.
Only configurable through SEPM
This is not auto discovery feature
Path: SEPM --> Policies --> Liveupdate Policy --> Edit liveupdate setting policy --> Server Settings --> Group Update Provider
4. Client Deployment Wizard:
Now you can successfully replace communication file only. No need to re-deploy entire pacakge in case of communication issue.
SEP 12.1 RU2 onwards no need to use Sylink replacer utility.
You can check this article to learn more about it:
https://www-secure.symantec.com/connect/articles/s...
5. New third party products are added under Software security removal feature.
Check this article
Third-party security software removal support in Symantec Endpoint Protection 12.1 RU2
http://www.symantec.com/docs/TECH195029
6. New Cleanwipe version is introudced & it works/performs much better.
Check this article to know more about it
https://www-secure.symantec.com/connect/articles/n...
Here are few Articles provided below which would provide more information on the Latest Version Released:
SEP release details can be found here: http://bit.ly/m0vOJp
What's new in Symantec Endpoint Protection 12.1.2
http://www.symantec.com/docs/HOWTO81091
System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.2
http://www.symantec.com/docs/TECH195325
New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2
http://www.symantec.com/docs/TECH199676
Upgrading or migrating to Symantec Endpoint Protection 12.1.2011 (RU2)
http://www.symantec.com/docs/TECH197426
I hope it's informative
Comments 20 Comments • Jump to latest comment
thanks,
4. Client Deployment Wizard: plesae explain me when i have tried to replace sykink.xml file through this at that time it is asking administrator password.?
which one it need,? domain or work group.
my all clients are in domain.
Hi,
While adding machines to replace Sylink.xml you should use Domain admin password.
It's a just authentication process to add machines in the list.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
HI,
Do you have protect sep client with password ?
If yes you can put SEP client stop/Uninstall password..
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
i have 100 unmanaged SEP Client of sep 11.6 version and my SEP Console is 12.1 RU1 MP1 how can i manage then to SEPM without manually replace sylink.xml file.
HI,
Check this artical.
How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
you have to replace the sylink to make unmanaged clients to managed clients.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Chetan,
now we are planning to replace sylink.xmlfile in 5000+ SEP cleints most of SEP Clients are 12.1 ru1 mp1 and our server is 12.1 ru2 can we push sylink.xml file with sepm new feature that "communication update package deployemnet" is it ok .
or we need to use sylink replacer tool.
please sugggest.
Hi Rupesh,
No need to use Sylink replacer from SEP 12.1 RU2 onwards.
You can use new feature "Communication Update Package deployment"
Benefits:
No need to send entire package to restore communication with Manager.
No more dependency on Sylink replacer/Sylink drop tool.
Easy to use.
Check this article: https://www-secure.symantec.com/connect/articles/s...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
thanks a lot Every1..
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Can anyone have document which explains the working of SVA?
Hi,
You can refer these articles:
What do I need to do to install a Security Virtual Appliance?
http://www.symantec.com/docs/HOWTO81110
Installing a Symantec Endpoint Protection Security Virtual Appliance
http://www.symantec.com/docs/HOWTO81083
About the Symantec Endpoint Protection Security Virtual Appliance
http://www.symantec.com/docs/HOWTO81080
Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file
http://www.symantec.com/docs/HOWTO81082
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Look this symantec Kb's
About the Symantec Endpoint Protection Security Virtual Appliance
Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file
Thanks In Advance.
Manish
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
I've already gone through these links - these links are referring to installation part and what is SVA. I'm looking for the document so i can troubleshoot the issues related to SVA.
In my environment I've installed SVA and it was working very perfectly - now no VDI clients is reporting to SVA. I've logged a case with Symantec and they are still researching it.
Hii Chetan,
I have a query that ELAM is basically for Windows 8 and Windows Server 2012 ? or for Windows 7 too.
Basically Our Organisation has Windows 7 machine So ELAM feature with Symantec 12.1RU2 can this be useful to detect the drivers and analyzed accordingly to good or bad drivers ?
Awaiting for your Reply
Thanks & Regards
Aniket Shirke
ELAM is included in windows 8 platform , its not applicable for win 7.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi,
Symantec Endpoint Protection provides an ELAM driver that works with the Microsoft ELAM driver to provide protection for the computers in your network when they start up. The settings are supported on Microsoft Windows 8.
Reference: Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) option
http://www.symantec.com/docs/HOWTO81106
Managing early launch anti-malware (ELAM) detections
http://www.symantec.com/docs/HOWTO81107
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
great
hi chetan
we have getting error on SEPM console and we have not able to view in home, monitor and report pages. please help me, i have solution for it that is repari to SEPM or restart the SEPM server database and manager service or run reconfirguration wizard.
but i have more than 12000+ sep clients on sepm console and i have 2 sepm server in lod balancing state.
please help me.
Error-unexpected server error.ErrorCode: 0x10010000
are you using the SQL authentication or windows authentication?
what is the SEPM version?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
hello,
check this
Unexpected server error. Error Code: 0x10010000.
Thanks In Advance.
Manish
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Would you like to reply?
Login or Register to post your comment.