Video Screencast Help

Enpoint Protection 11.0.3001.2224

Created: 18 Sep 2012 | 8 comments

Recently the external auditors open an issue about Symantec EndPoint Protection 11, I have installed in all PCs.

They said is not an HIDS.   I  think the software have all the features required for an HIDS.

There are any document to send the information to the auditors?

Comments 8 CommentsJump to latest comment

Ashish-Sharma's picture

Firewall – Symantec's Firewall is one of the best "host-based" firewalls, taken from Sygate.  I told him, the firewall is always a very essential part of any organization and host based firewalls help a lot in controlling access for users.
With this feature you can also block websites..

Intrusion Prevention System- It is always a best practice to have an IDS or IPS in your network and HIPS can also work as HIDS. Symantec Endpoint Protection IPS system is the best IPS available anywhere!  I explained Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 32,000 recorded vulnerabilities (spanning more than two decades) affecting more than 72,000 technologies from more than 11,000 vendors.
You can also create your own IPS rules for your specific requirement.

 

Check this artical

http://www.symantec.com/connect/blogs/connect-and-protect-symantec-endpoint-protection-always-winner

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

Not sure why they think that but it is a HIPS. Which in my opinion is better than a HIDS because a HIDS will just alert on an intrusion where a HIPS will stop the intrusion.

Also, as a side note, if you are on 11.0.3, I would strongly suggest upgrading as this was one of the first versions of SEP 11.x that was released. Many many bugs have been fixed since 11.0.3.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

FTAMG's picture

Thanks Ashish.  I agree with you.   But I need to present some document to support my point.

Enpoint Protection has all needed features of an HIDS.  

Mick2009's picture

Hi FTAMG,

The IPS/IDS component of SEP 11 is indeed Host-based rather than Network-based. Do note, though, that SEP can be installed with or without its IDS/IPS component.  Check your local deployment to see if the clients in your company have those components. 

Also note: when IDS is selected in SEP 11, you must also have the NTP (firewall) component installed.

"Thumbs up" to the advice to upgrade!  That SEP 11 MR3 release is YEARS old.

 Hope this helps! &: )

With thanks and best regards,

Mick

sandra.g's picture

I've got the release date for MR3 noted as 16 Sept 2008, to be precise, so almost exactly 4 years old. wink

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

FTAMG's picture

thanks Mick and Ashish. 

I will use your information.

Mick2009's picture

Hi FTAMG,

In case anyone needs an in-depth description of what SEP's IPS is and how it works, there's excellent information in the Client Guide for Symantec™ Endpoint Protection and Symantec Network Access Control.  This .pdf ships on the product CD/DVD. 

How Intrusion Prevention protection works

Intrusion Prevention protection automatically detects and blocks network attacks.
Intrusion Prevention protection scans every packet that enters and exits a
computer for attack signatures. An attack signature is a unique arrangement of
information that identifies an attacker's attempt to exploit a known operating
system or program vulnerability......

Hope thsi helps!  If the info in this thread has answered your question, please do remember to mark it solved for the benefit of future admins in the same situation. &: )

With thanks and best regards,

Mick