Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Comparison Between SEP 12.1RU1 MP1 with 12. RU 2

Created: 18 Dec 2012 | 12 comments

Hi All,

I just need a comparison between 12. 1 and 12.1 RU2.

In which ways 12.1 RU2 is more secured than 12.1 RU1 MP1.

Comments 12 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

Check this artical

https://www-secure.symantec.com/connect/articles/w...

Edit

Check also 

 
New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2

Article:TECH199676  |  Created: 2012-11-13  |  Updated: 2012-11-14  |  Article URL http://www.symantec.com/docs/TECH199676
 

Thanks In Advance

Ashish Sharma

GeoGeo's picture

Also SEP12 RU2 is the only current version that works with windows 8 and windows server 2012

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

Brɨan's picture

There is no change in security, just a few added features

What's new in Symantec Endpoint Protection 12.1.2

https://www.symantec.com/business/support/index?pa...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

If we talk about security then Early Launch Anti-Malware Driver tab is newly added.

Early Launch Anti-Malware Driver:

Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.

The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.

The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.

Check this artical

https://www-secure.symantec.com/connect/articles/w...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

SEP 12.1 RU1 MP1 is an older version whereas SEP 12.1 RU2 is the Latest Release Update of SEP 12.1

To brief you a bit on difference about older and Latest versions of SEP 12.1, 

The Latest Version of SEP 12.1.1101.401 (RU1 MP1) has - 

  1. Over 800 product fixes 
  2. Third Party Removal 
  3. Remote Monitoring and Management (RMM) Support 
  4. Release of the Symantec Endpoint Protection Management Plug-in 1.5 for Kaseya 
  5. System Change Detection Exceptions 
  6. Changes to Tamper Protection alerts and logging 
  7. Trialware package size reduction 
  8. Support for SQL Server 2012 
  9. STAR updates 
  10. Security updates 

Reference:

https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru1-mp1-and-sep-110-ru7-mp2

Here are the Product Highlights for SEP 12.1 RU2:

1) Extended Platform support

  • Mac OS X Mountain Lion (10.8)
  • Windows 8
  • Windows Server 2012

2) Virtualization – Shared Insight Cache for VMware vShield

3) Improved Protection

  • Improved STAR protection technologies
  • Windows 8 ELAM support
  • Windows 8 App remediation

4) Extended Management

  • Web Services for 3rd party integration (i.e. RMM)
  • SEP Management Plugin for Kaseya 2.0
  • GUP roaming support for multiple subnets
  • Remote Sylink drop support from the SEP Manager
  • Expanded 3rd party security software removal – 130 products from 30 vendors

Reference:

https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru2-and-sep-110-ru7-mp3

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

priyaa's picture

Hi Mithun,

Could you please explain or give a brief for the below point numbers.

Point No:5,6,9.

Hi Chetan,

Thanks for your views.

Could you please explain about Download protection under windows setting.

Regards,

Priyaagopal

A new bud in symantec.

pete_4u2002's picture

System Change Detection Exceptions 

This behavior happens when the SEP client Virus and Spyware Protection policy has been modified to log hosts file changes detected by SONAR. hosts file change detections are logged as an error in the System Event Log.

Changes to Tamper Protection alerts and logging 

ease to change configuration with alerts and logging.

STAR updates

Within Symantec, Security Technology and Response (STAR) oversees the research and development efforts for all of our malware security technologies. These form the core protection capabilities of Symantec’s corporate and consumer security products.

Check the implementation guide

priyaa's picture

Hi Chetan,

It would be more understanble for me if you give some example and little brief about Early Launch Anti-Malware Drivers.

How it would be heplful in evironment?

Regards,

Priyaagopal

A new bud in symantec.

pete_4u2002's picture

this is feature of windows 8. are you using this OS in your environment.

Early Launch Anti-Malware Driver:

Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.

The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.

The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information

cus000's picture

Hmmm definitely would requre to test ELAM in VM environment.... no Win 8 yet here...

So ELAM 'definition' basically comes from normal AV/AS definition or from the internet?

(or other component)

Thanks

priyaa's picture

Hi pete,

Yes we are using windows 8 in our environment.

Regards,

Priyaagopal

A new bud in symantec.

sandra.g's picture

You can check the Release Notes for details on 12.1.2, including the info provided in the What's New HOWTO doc included above, but the PDF format may be easier to look at. The Release Notes PDF also has details on known issues and workarounds too.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!