Comparison Between SEP 12.1RU1 MP1 with 12. RU 2
Created: 18 Dec 2012 | 12 comments
Hi All,
I just need a comparison between 12. 1 and 12.1 RU2.
In which ways 12.1 RU2 is more secured than 12.1 RU1 MP1.
Discussion Filed Under:
Hi All,
I just need a comparison between 12. 1 and 12.1 RU2.
In which ways 12.1 RU2 is more secured than 12.1 RU1 MP1.
Comments 12 Comments • Jump to latest comment
hi,
Check this artical
https://www-secure.symantec.com/connect/articles/w...
Edit
Check also
New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Also SEP12 RU2 is the only current version that works with windows 8 and windows server 2012
Please review ideas and vote there could be something useful :)
https://www-secure.symantec.com/connect/security/ideas
There is no change in security, just a few added features
What's new in Symantec Endpoint Protection 12.1.2
https://www.symantec.com/business/support/index?pa...
SEP Knowledge Base
Endpoint SWAT
Hi,
If we talk about security then Early Launch Anti-Malware Driver tab is newly added.
Early Launch Anti-Malware Driver:
Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.
The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.
The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.
Check this artical
https://www-secure.symantec.com/connect/articles/w...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hello,
SEP 12.1 RU1 MP1 is an older version whereas SEP 12.1 RU2 is the Latest Release Update of SEP 12.1
To brief you a bit on difference about older and Latest versions of SEP 12.1,
The Latest Version of SEP 12.1.1101.401 (RU1 MP1) has -
Reference:
https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru1-mp1-and-sep-110-ru7-mp2
Here are the Product Highlights for SEP 12.1 RU2:
1) Extended Platform support
2) Virtualization – Shared Insight Cache for VMware vShield
3) Improved Protection
4) Extended Management
Reference:
https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru2-and-sep-110-ru7-mp3
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi Mithun,
Could you please explain or give a brief for the below point numbers.
Point No:5,6,9.
Hi Chetan,
Thanks for your views.
Could you please explain about Download protection under windows setting.
Regards,
Priyaagopal
A new bud in symantec.
System Change Detection Exceptions
This behavior happens when the SEP client Virus and Spyware Protection policy has been modified to log hosts file changes detected by SONAR. hosts file change detections are logged as an error in the System Event Log.
Changes to Tamper Protection alerts and logging
ease to change configuration with alerts and logging.
STAR updates
Within Symantec, Security Technology and Response (STAR) oversees the research and development efforts for all of our malware security technologies. These form the core protection capabilities of Symantec’s corporate and consumer security products.
Check the implementation guide
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Chetan,
It would be more understanble for me if you give some example and little brief about Early Launch Anti-Malware Drivers.
How it would be heplful in evironment?
Regards,
Priyaagopal
A new bud in symantec.
this is feature of windows 8. are you using this OS in your environment.
Early Launch Anti-Malware Driver:
Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.
The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.
The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hmmm definitely would requre to test ELAM in VM environment.... no Win 8 yet here...
So ELAM 'definition' basically comes from normal AV/AS definition or from the internet?
(or other component)
Thanks
Hi pete,
Yes we are using windows 8 in our environment.
Regards,
Priyaagopal
A new bud in symantec.
You can check the Release Notes for details on 12.1.2, including the info provided in the What's New HOWTO doc included above, but the PDF format may be easier to look at. The Release Notes PDF also has details on known issues and workarounds too.
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Would you like to reply?
Login or Register to post your comment.