Hi All,

I just need a comparison between 12. 1 and 12.1 RU2.

In which ways 12.1 RU2 is more secured than 12.1 RU1 MP1.

hi,

Check this artical

https://www-secure.symantec.com/connect/articles/whats-new-sep-121-ru2

Edit

Check also 

New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2

Also SEP12 RU2 is the only current version that works with windows 8 and windows server 2012

There is no change in security, just a few added features

What's new in Symantec Endpoint Protection 12.1.2

https://www.symantec.com/business/support/index?page=content&id=HOWTO81091

Hi,

If we talk about security then Early Launch Anti-Malware Driver tab is newly added.

Early Launch Anti-Malware Driver:

Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.

The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.

The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.

Check this artical

https://www-secure.symantec.com/connect/articles/w...

Hello,

SEP 12.1 RU1 MP1 is an older version whereas SEP 12.1 RU2 is the Latest Release Update of SEP 12.1

To brief you a bit on difference about older and Latest versions of SEP 12.1, 

The Latest Version of SEP 12.1.1101.401 (RU1 MP1) has - 

1. Over 800 product fixes 
2. Third Party Removal 
3. Remote Monitoring and Management (RMM) Support 
4. Release of the Symantec Endpoint Protection Management Plug-in 1.5 for Kaseya 
5. System Change Detection Exceptions 
6. Changes to Tamper Protection alerts and logging 
7. Trialware package size reduction 
8. Support for SQL Server 2012 
9. STAR updates 
10. Security updates 

Reference:

https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru1-mp1-and-sep-110-ru7-mp2

Here are the Product Highlights for SEP 12.1 RU2:

1) Extended Platform support

• Mac OS X Mountain Lion (10.8)
• Windows 8
• Windows Server 2012

2) Virtualization – Shared Insight Cache for VMware vShield

3) Improved Protection

• Improved STAR protection technologies
• Windows 8 ELAM support
• Windows 8 App remediation

4) Extended Management

• Web Services for 3rd party integration (i.e. RMM)
• SEP Management Plugin for Kaseya 2.0
• GUP roaming support for multiple subnets
• Remote Sylink drop support from the SEP Manager
• Expanded 3rd party security software removal – 130 products from 30 vendors

Reference:

https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru2-and-sep-110-ru7-mp3

Hope that helps!!

Hi Mithun,

Could you please explain or give a brief for the below point numbers.

Point No:5,6,9.

Hi Chetan,

Thanks for your views.

Could you please explain about Download protection under windows setting.

System Change Detection Exceptions 

This behavior happens when the SEP client Virus and Spyware Protection policy has been modified to log hosts file changes detected by SONAR. hosts file change detections are logged as an error in the System Event Log.

Changes to Tamper Protection alerts and logging 

ease to change configuration with alerts and logging.

STAR updates

Within Symantec, Security Technology and Response (STAR) oversees the research and development efforts for all of our malware security technologies. These form the core protection capabilities of Symantec’s corporate and consumer security products.

Check the implementation guide

Hi Chetan,

It would be more understanble for me if you give some example and little brief about Early Launch Anti-Malware Drivers.

How it would be heplful in evironment?

this is feature of windows 8. are you using this OS in your environment.

Early Launch Anti-Malware Driver:

Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.

The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.

The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information

Hmmm definitely would requre to test ELAM in VM environment.... no Win 8 yet here...

So ELAM 'definition' basically comes from normal AV/AS definition or from the internet?

(or other component)

Thanks

Hi pete,

Yes we are using windows 8 in our environment.

You can check the Release Notes for details on 12.1.2, including the info provided in the What's New HOWTO doc included above, but the PDF format may be easier to look at. The Release Notes PDF also has details on known issues and workarounds too.

sandra