Video Screencast Help

What's New in Symantec Endpoint Protection version 12.1

Created: 28 Jun 2011 • Updated: 07 Jul 2011 | 4 comments
Language Translations
Mithun Sanghavi's picture
+6 6 Votes
Login to vote


The current release includes the following improvements that make Symantec Endpoint Protection and Symantec Network Access Control easier and more efficient to use.

1) Support for additional operating systems

Symantec Endpoint Protection Manager now supports the following operating systems:

■ VMware Workstation 7.0 or later

■ VMware ESXi 4.0.x

■ VMware ESX 4.0.x

■ VMware Server 2.0.1

■ Citrix Xenserver 5.1

Symantec Endpoint Protection Manager now supports the following Web browsers:

■ Internet Explorer 7.0, 8.0, 9.0

■ Firefox 3.6, 4.0

The Symantec Endpoint Protection client now supports the following operating system:

■ Windows Home Server 2008

The Symantec Endpoint Protection Linux client now supports the following operating systems:

■ Novell SLEX 9, SLED 9

■ Novell Open Enterprise Server (OES2-10, OES2-11)

■ Ubuntu 10.x

■ Fedora 13.x

■ Debian 6.x

For more information, please check the System Requirements Document for the Symantec Endpoint Protection 12.1

2) New features for your virtual environment 

The new virtualization features include the following:

■ Shared Insight Cache

The Symantec Endpoint Protection Shared Insight Cache reduces the need to scan files in a virtualized environment that Symantec Endpoint Protection has determined are clean. Shared Insight Cache runs independently of Symantec Endpoint Protection. However, you must configure Symantec Endpoint Protection Manager to specify the location of Shared Insight Cache so that your clients can communicate with it.

No special license is required to install or run Shared Insight Cache.

■ Virtual Image Exclusion

Instead of continually scanning system files for viruses, the Virtual Image Exclusion tool lets you whitelist files from your baseline image on virtual machines. You run the Virtual Image Exclusion tool from the command line. However, you must also configure Symantec Endpoint Protection Manager so that your clients skip the whitelisted files.

■ Hypervisor detection

Symantec Endpoint Protection Manager now automatically detects which clients are virtual, as well as their virtual platform. This feature lets you not only know more about your clients, it also lets you create policies for virtual machine groups and search for virtual clients.

■ Symantec offline image scanner 

The Symantec offline image scanner can scan offline VMware .vmdk files to ensure that there are no threats in the image.

3) Faster and more flexible management

Symantec Endpoint Protection Manager helps you manage the client computers more easily with the following new features:

■ Centralized licensing lets you purchase, activate, and manage product licenses from the management console.

■ The management console includes a new Welcome screen that provides links to the most likely tasks that you need to do next.

■ Symantec Endpoint Protection Manager registers with Protection Center version 2. Protection Center lets you centralize data and integrate management of Symantec security products into a single environment. You can configure some of the settings Protection Center uses to work with Symantec Endpoint Protection Manager. In Symantec Protection Center, you can now send Symantec Endpoint Protection Manager logs, update groups, update policies, move clients, and receive data from clients.

■ The Symantec Endpoint Protection Manager logon screen enables you to have your forgotten password emailed to you.

■ Symantec Endpoint Protection Manager includes an option to let any of the administrators in a site reset their forgotten password.

■ You can configure when and how Symantec Endpoint Protection Manager restarts the client computer, so that the restart does not interfere with the user's activity.

■ The Monitors page includes a set of preconfigured email notifications that inform you of the most frequently used events. The events include when new client software is available, when a policy changes, license renewal messages, and when the management server locates unprotected computers. The notifications are enabled by default and support the BlackBerry, iPhone, and Android.

■ The Home page displays the high-level reports that you can click, which makes the Homepage simpler and easier to read. TheHomepage also displays a link to notifications about log events that you have not yet read.

■ Improved status reporting automatically resets the Still Infected Status for a client computer once the computer is no longer infected.

■ You can now configure Linux clients to send log events to Symantec Endpoint Protection Manager.

4) Improved installation process

■ You can upgrade to the current version of the product while the legacy clients stay connected and protected.

■ The Symantec Endpoint Protection Manager installation wizard lets you import a previously saved recovery file that includes client-server connection information. The recovery file enables the management server to reinstall existing backed-up certificates and to automatically restore the communication to the existing clients.

■ The management server Web service uses Apache instead of IIS. You do not need to install IIS first, as in previous versions.

■ To improve network performance, the client installation package includes the latest definition files.

■ You can configure when and how the management server restarts the client computer after you deploy the client installation package.

■ You can more easily locate unprotected computers on which you need to install the client computer. The Client Deployment Wizard quickly locates unprotected computers on which you need to install the client computer. The wizard also provides an email deployment link so that users can download the client software by using the Web. The wizard makes client software faster and easier to deploy.

■ You can view an installation status report that shows which computers are in the process of installing the client software. 

5) Improved server and client performance

You can increase the speed of the management server, management console, database, and the clients, by configuring the following features:

■ The database performs automatic database cleanup tasks to improve the management server-client responsiveness and scalability.

■ Auto-Protect and Insight scans skip the files that the scans have already cleaned. You can also schedule scans to run when users do not actively use the client computer. Scans that use Insight are faster and more accurate, and reduce scan overhead by up to 70%.

■ LiveUpdate can detect when the client computer is idle and download content updates during a time that does not interfere with the user's activity.

6) More effective and better security against malware

You can better protect the client computers with the following features:

■ Symantec Endpoint Protection can now detect threats based on a file's characteristics rather than by using Symantec virus definitions only. This behavioral protection reduces management overhead as you do not need to add exceptions for the files that are false positives.

■ The Virus and Spyware Protection policy detects threats more accurately while it reduces false positives and improves scan performance with the following technologies:

■ SONAR replaces the TruScan technology to identify malicious behavior of unknown threats using heuristics and reputation data. While TruScan runs on a schedule, SONAR runs at all times.

■ Auto-Protect provides additional protection with Download Insight, which examines the files that users try to download through Web browsers, text messaging clients, and other portals. Download Insight uses reputation information from Symantec Insight to make decisions about files.

■ Insight lets scans skip Symantec and community trusted files, which improves scan performance.

■ Insight Lookup detects the application files that might not typically be detected as risks and sends information from the files to Symantec for evaluation. If Symantec determines that the application files are risks, the client computer then handles the files as risks. Insight Lookup makes malware detection faster and more accurate.

■ The Firewall policy includes firewall rules to block IPv6-based traffic. 

■ The Firewall policy and Application and Device Control policy have additional default rules so that you do not have to create commonly used rules.

■ The Intrusion Prevention policy includes browser intrusion prevention, which uses IPS signatures to detect the attacks that are directed at browser vulnerabilities.

■ Application and Device Control supports the computers that run 64-bit operating systems.

7) Support for Mac clients

In Symantec Endpoint Protection Enterprise Edition, you can configure the polices for Mac clients based on a location as well as a group.

In Symantec Endpoint Protection Small Business Edition, you can now deploy and manage Mac clients on Symantec Endpoint Protection Manager for Symantec Endpoint Protection Small Business Edition

8) Symantec Network Access Control (SNAC) functionality

Better Enforcer management in Symantec Endpoint Protection Manager

You can manage the Enforcers more easily by configuring the following Enforcer settings in Symantec Endpoint Protection Manager:

■ Ability for the clients in an Enforcer group to synchronize their system time constantly by using the Network Time Protocol server.

■ Improvements for updating lists of MAC addresses:

■ For the DHCP Integrated Enforcer, you can import a text file that contains the MAC address exceptions that define trusted hosts.

■ For the LAN Enforcer, you can add, edit, and delete the MAC addresses that the Host Integrity checks ignore by using the following features.

MACAuthenticationBypass (MAP) bypasses the Host Integrity check for non-802.1x clients or the devices that do not have the Symantec Network Access Control client installed.

The Ignore SymantecNACClientCheck bypasses the Host Integrity check for 802.1x supplicants that do not have the Symantec Network Access Control client installed.

■ You can add individual MAC addresses or use wildcards to represent vendor MAC strings. You can also import the MAC addresses from a text file.

■ You can add MAC addresses with or without an associated VLAN, which allows multiple VLANs to be supported.

New Network Access Control features in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager includes the following additional functionality for Symantec Network Access Control:

■ Enforcer management server lists can include management servers from replication partners. Enforcers can connect to any management server at any site partner or replication partner.

■ The Compliance logs for the Symantec Network Access Control client provide additional information about log events and Host Integrity check results. You can now see which requirement caused a Host Integrity check on a client computer to fail.

■ LiveUpdate downloads Host Integrity templates to management servers. Therefore, client computers can get the Host Integrity policies that include updated Host Integrity templates.

■ Enforcer groups support limited administrator accounts and administrator accounts as well as system administrator accounts. For a large company with multiple sites and domains, you probably need multiple administrators, some of whom have more access rights than others.

New Enforcer features

Symantec Network Access Control includes the following new features:

■ 64-bit support for the Integrated Enforcers.

■ Support for the Network Policy Server (NPS) with the Microsoft Windows Server 2008 (Longhorn) implementation of a RADIUS server and proxy. The Enforcer can now authenticate the clients that run Windows Vista or later versions and that use 802.1x authentication.

■ For the DHCP Integrated Enforcer, you can selectively turn on scope-based enforcement for the scopes that you define.

■ The Gateway Enforcer supports both 802.1q trunking and On-Demand Clients at the same time. You can designate a single VLAN on a multiple trunk VLAN to host On-Demand Clients.

■ Support for the guest enforcement mode, which enables the Gateway Enforcer to act as a download server for On-Demand Clients. The Gateway Enforcer downloads On-Demand Clients to guest computers, enabling the clients to communicate to the Enforcer through the guest computers' Web browsers. In the guest enforcement mode, the Gateway Enforcer does not forward inline traffic.

■ The local database size has been increased to 32 MB to accommodate a larger number of MAC addresses.

Comments 4 CommentsJump to latest comment

yang_zhang's picture

Wonderful collection!

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Login to vote
VIVEK.R's picture

Hi ,

Please let me know whether the ADC policy will work on an linux operating system and whether those ADC policies can be managed through SEPM.

It would be really helpful if any of you could attach some documents regarding that.

Thanks in advance.



Login to vote
Mithun Sanghavi's picture


Just a FYI....

Almost all Features of SEP 12.1 are supported on 64 bit OS

  1. AV                                                                  
  2. Proactive threat Scan (a.k.a truscan or Sonar)     
  3. Bloodhound                                                     
  4. Malheur                                                           
  5. Tamper Protection                                            
  6. Device Control
  7. Firewall
  8. IPS
  9. Application learning
  10. Host Integrity (SNAC)

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Login to vote