Video Screencast Help

What's new in SEP 12.1 RU2

Created: 20 Nov 2012 • Updated: 15 Apr 2013 | 20 comments
Language Translations
Chetan Savade's picture
+10 10 Votes
Login to vote

Hello Everyone,

Previously we have seen What's new in SEP 12.1 RU1 MP1

Now Symantec has released SEP 12.1 RU2 with many new features and enhancements.For more detail info check this article.

I have tried to list down few of them.

Especially I would like to show changes/additions in GUI, inhancements.

1. Security Virtual Appliance

Path: SEPM --> Monitors --> Security Virtual Appliance

A Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. Symantec Endpoint Protection Security Virtual Appliance integrates with VMware's vShield Endpoint and hosts the Symantec Endpoint Protection Shared Insight Cache server.

Shared Insight Cache lets Guest Virtual Machines (GVMs) share scan results so that identical files need to be scanned only once across all GVMs on the ESX/ESXi host. Shared Insight Cache improves performance of full scans by reducing disk I/O and CPU usagec

2. Early Launch Anti-Malware Driver:

Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.

The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.

The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.

Path: SEPM --> Virus & Spyware Protection --> Edit assigned Policy --> Protection Technology --> Early Launch Anti-Malware Driver

Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

http://www.symantec.com/docs/HOWTO81106

3. Explicit Group Update Provider for Roaming Clients:

It will allow clients to use GUP's outside their subnet.

Only configurable through SEPM

This is not auto discovery feature

Path: SEPM --> Policies --> Liveupdate Policy --> Edit liveupdate setting policy --> Server Settings --> Group Update Provider

4. Client Deployment Wizard:

Now you can successfully replace communication file only. No need to re-deploy entire pacakge in case of communication issue.

SEP 12.1 RU2 onwards no need to use Sylink replacer utility.

You can check this article to learn more about it:

https://www-secure.symantec.com/connect/articles/s...

5. New third party products are added under Software security removal feature.

Check this article

Third-party security software removal support in Symantec Endpoint Protection 12.1 RU2

http://www.symantec.com/docs/TECH195029

6. New Cleanwipe version is introudced & it works/performs much better.

Check this article to know more about it

https://www-secure.symantec.com/connect/articles/n...

 

 

Here are few Articles provided below which would provide more information on the Latest Version Released:

SEP release details can be found here: http://bit.ly/m0vOJp

What's new in Symantec Endpoint Protection 12.1.2

http://www.symantec.com/docs/HOWTO81091

System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.2

http://www.symantec.com/docs/TECH195325

New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2

http://www.symantec.com/docs/TECH199676

Upgrading or migrating to Symantec Endpoint Protection 12.1.2011 (RU2)

http://www.symantec.com/docs/TECH197426

I hope it's informative

Comments 20 CommentsJump to latest comment

rupesh.naik45@yahoo.in's picture

thanks,

 

4. Client Deployment Wizard: plesae explain me when i have tried to replace sykink.xml file through this at that time it is asking administrator password.?

which one it  need,? domain or work group.

my all clients are in domain.

 

 

0
Login to vote
Chetan Savade's picture

Hi,

While adding machines to replace Sylink.xml you should use Domain admin password.

It's a just authentication process to add machines in the list.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Ashish-Sharma's picture

HI,

Do you have protect sep client with password ?

If yes you can put SEP client stop/Uninstall password..

Thanks In Advance

Ashish Sharma

 

 

0
Login to vote
rupesh.naik45@yahoo.in's picture

i have 100 unmanaged SEP Client of sep 11.6 version and my SEP Console is 12.1 RU1 MP1 how can i manage then to SEPM without manually replace sylink.xml file.

 

0
Login to vote
Ashish-Sharma's picture

HI,

Check this artical.

 

How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling

Article:TECH104010  |  Created: 2008-01-19  |  Updated: 2011-09-16  |  Article URL http://www.symantec.com/docs/TECH104010
 

 

Thanks In Advance

Ashish Sharma

 

 

0
Login to vote
pete_4u2002's picture

you have to replace the sylink to make unmanaged clients to managed clients.

0
Login to vote
rupesh.naik45@yahoo.in's picture

Hi Chetan,

 

now we are planning to replace sylink.xmlfile in 5000+ SEP cleints most of SEP Clients are 12.1 ru1 mp1 and our server is 12.1 ru2 can we push sylink.xml file with sepm new feature that "communication update package deployemnet" is it ok .

 

or we need to use sylink replacer tool.

please sugggest.

0
Login to vote
Chetan Savade's picture

Hi Rupesh,

No need to use Sylink replacer from SEP 12.1 RU2 onwards.

You can use new feature "Communication Update Package deployment"

Benefits:

No need to send entire package to restore communication with Manager.

No more dependency on Sylink replacer/Sylink drop tool.

Easy to use.

Check this article: https://www-secure.symantec.com/connect/articles/s...

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Ambesh_444's picture

thanks a lot Every1..

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

0
Login to vote
Amit S's picture

Can anyone have document which explains the working of SVA?

0
Login to vote
Chetan Savade's picture

Hi,

You can refer these articles:

What do I need to do to install a Security Virtual Appliance?

http://www.symantec.com/docs/HOWTO81110

Installing a Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81083

About the Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81080

Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file

http://www.symantec.com/docs/HOWTO81082

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
W007's picture

Look this symantec Kb's
About the Symantec Endpoint Protection Security Virtual Appliance

Article:HOWTO81080  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81080

Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file

Article:HOWTO81082  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81082

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote
Amit S's picture

I've already gone through these links - these links are referring to installation part and what is SVA. I'm looking for the document so i can troubleshoot the issues related to SVA.

In my environment I've installed SVA and it was working very perfectly - now no VDI clients is reporting to SVA. I've logged a case with Symantec and they are still researching it.

0
Login to vote
aniket_1900's picture

Hii Chetan,

 

I have a query that ELAM is basically for Windows 8 and Windows Server 2012  ? or for Windows 7 too.

Basically Our Organisation has Windows 7 machine So ELAM feature with Symantec 12.1RU2 can this be useful to detect the drivers and analyzed accordingly to good or bad drivers ?

Awaiting for your Reply

Thanks & Regards

Aniket Shirke

0
Login to vote
pete_4u2002's picture

ELAM is included in windows 8 platform , its not applicable for win 7.

0
Login to vote
Chetan Savade's picture

Hi,

Symantec Endpoint Protection provides an ELAM driver that works with the Microsoft ELAM driver to provide protection for the computers in your network when they start up. The settings are supported on Microsoft Windows 8.

Reference: Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) option

http://www.symantec.com/docs/HOWTO81106

Managing early launch anti-malware (ELAM) detections

http://www.symantec.com/docs/HOWTO81107
 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Dharamveer Yadav's picture

great

0
Login to vote
rupesh.naik45@yahoo.in's picture

hi chetan

we have getting error on SEPM console and we have not able to view in home, monitor and report pages. please help me, i have solution for it that is repari to SEPM or restart the SEPM server database and manager service or run reconfirguration wizard. 

 

but i have more than 12000+ sep clients on sepm console and i have 2 sepm server in lod balancing state.

please help me.

 

Error-unexpected server error.ErrorCode: 0x10010000

0
Login to vote
pete_4u2002's picture

are you using the SQL authentication or windows authentication?

what is the SEPM version?

 

0
Login to vote
W007's picture

hello,

check this

Unexpected server error. Error Code: 0x10010000.

Article:TECH200253  |  Created: 2012-11-29  |  Updated: 2012-12-19  |  Article URL http://www.symantec.com/docs/TECH200253

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote