Video Screencast Help

different between Symantec Endpoint protection and Symantec Scan Engine

Created: 23 Oct 2012 | 22 comments

What are the different between Symantec Endpoint protection and Symantec Scan Engine?

Why we need both in same environments?

Comments 22 CommentsJump to latest comment

.Brian's picture

Symantec Scan Engine is for content scanning network attached storage/filers/net apps, etc..You can check the guide here

https://www.symantec.com/business/support/index?pa...

Symantec Endpoint Protection is a client-server solution that protects laptops,
desktops, Mac computers, and servers in your network against malware. Symantec
Endpoint Protection combines virus protection with advanced threat protection
to proactively secure your computers against known and unknown threats.
Symantec Endpoint Protection protects against malware such as viruses, worms,
Trojan horses, spyware, and adware. It provides protection against even the most
sophisticated attacks that evade traditional security measures such as rootkits,
zero-day attacks, and spyware that mutates. Providing low maintenance and high
power, Symantec Endpoint Protection communicates over your network to
automatically safeguard computers against attacks for both physical systems and
virtual systems.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jason1222's picture

Symantec Endpoint Protection is a software base, installed locally on a computer system in order to provide real-time virus protection, network threat protection, including Mail scanning and Firewall as well as an IPS (intrusion prevention system) on a single node in an IP network.

Symantec Endpoint Potected nodes can than either manage themselves (unmanaged) or be managed by a centralized server (SEPM) for content management and updates.

* * * * * * *

Symantec Scan Engine is a centralized node in your network that scans content from clients which have implemented the scan engine.  The only way I could describe this, would be, it's closer to a proxy or scannign device.  The client machine (individual nodes) is not scanning content the machine hosting the Symantec Scan Engine is.

Have you seen the implementation PDF?

http://www.symantec.com/business/support/index?page=content&id=TECH83878

The short description:

http://www.symantec.com/business/support/index?page=content&id=TECH83878

Nagesh Singh's picture

Hi jeson1222,

You mean to say, there is no need to install Symantec Scan engine agent on all an Endpoint system.

if so then How I can integrate my server to scan with Symantec Scan Engine?

and  how it will detect which system try to access which URL?

 

 

 

Thanks & Regards,

Nagesh Singh

 

Mithun Sanghavi's picture

Hello,

Symantec Scan Engine and Symantec Endpoint Protection are 2 different products.

Symantec Scan Engine, formerly marketed as Symantec AntiVirus Scan Engine, is a carrier-class content-scanning engine. The scan engine features all of the key content-scanning technologies that are available in the complete line of Symantec enterprise security products. The scan engine provides content-scanning capabilities to any application on an IP network, regardless of platform.

Reference: 

The function and role of Symantec Scan Engine

http://www.symantec.com/docs/TECH83878

Knowledgebase: http://www.symantec.com/business/support/index?page=releasedetails&key=55108

Whereas 

Symantec Endpoint Protection offers superior anti-malware protection for Windows, Macs and Linux computers – Detected 25% more threats than any other vendor tested; and removes more malware and scans faster than any product in its class.

Check this:http://www.symantec.com/endpoint-protection

Knowledgebase: http://www.symantec.com/business/support/index?page=landing&key=55108

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Nagesh Singh's picture

Thanks all,

But can you please tell me what I can do with Symantec Scan engine but not with SEP?

Thanks & Regards,

Nagesh Singh

 

Mithun Sanghavi's picture

 

Hello,

SEP is a file system level scan, meaning it has drivers that allow SEP to scan an item before it is accessed.  Scan Engine is a scan on demand process, meaning that it sits and waits for information or an item to be passed to it. 

Scan Engine can be used to scan items as they are being submitted through a website or can work with Netapp, EMC filers or MS Sharepoint to scan items as they are committed or modified on the file system.

Definitions cannot be managed by a SEPM for the Scan Engine product.  Scan Engine would need to be allowed to pull definitions from the internet or from an LUA server. http://www.symantec.com/docs/TECH90305

The product is managed through a web interface and is very simple in comparison with most Symantec AV scanning products.
 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

SEP is host based , Scan engine works on ICAP protocol. Scan engine does content check to some extent which scan engine cannot.

Nagesh Singh's picture

 

Hi all,

Actually I want what I can do with Scan engine which I can’t do with SEP?

Thanks & Regards,

Nagesh Singh

 

.Brian's picture

Scan engine is only for attached storage so it has the auto protect feature similar to SEP. Other than that it does not have much else in common with SEP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Nagesh Singh's picture

Hi Brian81,

It means it’s not detecting virus and worms?

It’s not monitoring any new virus which are comes on server?

It’s only monitoring a application and URLs?

Thanks & Regards,

Nagesh Singh

 

.Brian's picture

It will monitor viruses for your attached storage.

Your user will access a file on your SAN and it will be scanned before they can access the file.

Definitions are also updated on a regular basis.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Nagesh Singh's picture

Dear Brian81,

Can you please let me how I can assign any server to get scan with Symantec Scan engine?

Thanks & Regards,

Nagesh Singh

 

.Brian's picture

It's a configuration setting in the Scan Engine. You configure it to look at your SAN so those files can be scanned.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Nagesh Singh's picture

Hi Brian81,

You mean to say I can only scan SAN drives. If support I have windows server 2008 and I want this server must get scan with Scan engine then will I able to do that?

Thanks & Regards,

Nagesh Singh

 

.Brian's picture

This is really only for NAS.

SEP can take care of Server 2008.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

it detects malwares, as the definitions are released for scan engine as well.

Vikram Kumar-SAV to SEP's picture

Scan Engine ( what you would be using be SAV for NAS) 

With SEP you can only Scan your local hard Drives and if mapped then network drives.

With SAV for Nas/Scan Engine you can scan your NAS Drive centrally.NAS does not have an Windows OS and its not fixed Drive.

SEP is only for Windows and MAC computers.

SAV for NAS is not for computers but for Network Attached Storage.

SAV for NAS will not Scan you machine or would have PTP and NTP (firewall/IPS/ ADC/Insight/Sonar ) it will not scan activity of the user.

 

 

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Nagesh Singh's picture

Thanks Vikram,

It means if I am installing Scan Engine then we are using SAV Antivirus?

Thanks & Regards,

Nagesh Singh

 

Vikram Kumar-SAV to SEP's picture

SAV Antivirus is a different product SAV is also a host based AV its not for SAN or any other applications.

Scan Engine is can be used not just with NAS but it can be connected to any of your custom Application or  Sharepoint etc..

SCAN engine will not protect your host machine..you will have to install SEP on the machine you have hosted Scan engine.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Nagesh Singh's picture

Thanks Vikram,

But can you please tell me how I can connect any application to get scan through it and secondly it’s on demand application scanner then how our application request for scan?

Thanks & Regards,

Nagesh Singh

 

Vikram Kumar-SAV to SEP's picture

SCAN Engine is real time scanner and does not do scheduled scans.

You will have to write a connector to your application so that scan engine can talk to your application.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Nagesh Singh's picture

Now what is connecter? Can you please share the doc for the same?

Thanks & Regards,

Nagesh Singh