As you may already know, Microsoft has officially ended support for Windows XP. (You can access the official Microsoft announcement here: http://www.microsoft.com/en-us/windows/endofsupport.aspx)
If you are a Symantec Endpoint Protection customer who uses machines running on Windows XP, you may wonder how this will impact your protection and system security. This post covers a few important things we think you should know.
- Do I need to move to a new operating system?
Yes! We want you to be as secure as possible and the best way to do that is to migrate to a fully supported Microsoft operating System. Attackers will continue to find exploits they can leverage to gain access to your systems. While Symantec solutions will protect you from new and emerging threats, ultimately a strong security strategy includes adopting the latest operating system and security updates.
- Am I protected?
We want you to know that Symantec will continue to support Windows XP until further notice. Your security is important to us, and we want to keep you protected while you migrate to a newer Microsoft operating system. As a Symantec Endpoint Protection customer, if new, zero-day attacks emerge for Windows XP, you will be protected by our Insight and SONAR technologies that provide advanced defenses against these threats while you transition your computers. SONAR and Insight have been tested and validated to have best in class performance (see www.AV-test.org ) so you can continue to get the best performance from Windows XP today and your new operating systems investments going forward!
- Are there any additional steps I should take in the meantime to secure Windows XP systems?
Yes – if you plan to continue using Windows XP, we recommend that you enable some additional security measures.
A. Symantec Endpoint Protection customers:
- Only allow known good applications to send or receive traffic in your firewall settings.
- Enable application control policies (See:http://www.symantec.com/security_response/securityupdates/list.jsp?fid=adc)
- Consider enabling System Lockdown. This will offer the best security and is recommended if you want to remain secure on Windows XP. (See: http://www.symantec.com/docs/TECH102526)
- Ensure that you have all anti-malware layers enabled, including:
B. Symantec Endpoint Protection Small Business Edition (SEP SBE), Symantec Endpoint Protection Small Business Edition 12.1 & Symantec Protection Suite Customers
- Enable custom alerts or reports for these systems so that you’re aware of any suspicious changes or activity (e.g. low memory, connectivity, suspicious application activities). This will help to show common indicators of threats or dangers and aid in reducing the impact of threats.
- SEP SBE customers using a local update host should consider turning Live Update on for all XP systems so that the latest upgrades and updates are available immediately
- Restrict user access to install applications on these systems
- Make sure that all protections are enabled (Web, Insight, SONAR, etc.)
- Complement malware protection by keeping other applications and tools up to date that might be exploited (Java, Adobe, etc.)
Should you have any additional questions or need help, please contact Symantec Support or your local Symantec partner.