Video Screencast Help

Sophos up for renewal - what next?

Created: 04 Aug 2009 • Updated: 21 May 2010 | 9 comments

Hello Everyone,

We currently are using Sophos Endpoint Protection and contract renewal is due to expire so back on the market looking at a replacement or simply renew with our current vendor.

The choices are as follows.

1. Symantec
2. McAfee
3. Sophos

I do not want to turn this into a vendor bashing thread, but like to hear from anyone who has moved from Sophos / McAfee to Symantec and did the product perform to their expectation. I understand Sep 11 had some problem in their earlier releases but now ironed out in MR4 and Gartner have given great reviews on SEP 11. 25,000 endpoints in total. Thanks for your help.


Comments 9 CommentsJump to latest comment

Beppe's picture


here you can read a lot of stories about migration experiences to SEP 11:




P_K_'s picture

Symantec Endpoint Protection is the newest Symantec AntiVirus product, combining technologies from previous Symantec products in a new interface:

Antivirus and Antispyware: Antivirus and Antispyware scan for viruses and for other security risks, including spyware, adware, and other files that can put a computer or a network at risk.

Personal Firewall: The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet, preventing unauthorized users from accessing the computers and networks. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.

Intrusion Prevention: The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.

Proactive Threat Scanning: Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.

Device and Application Control: Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow applications that try to access system resources.

New features
For Symantec AntiVirus Corporate Edition customers, new technology features include:

Intrusion Prevention
Proactive Threat Scanning
Device and Application Control
For Symantec Client Security customers, new technology features include:

Proactive Threat Scanning
Device and Application Control

Additional new features for all Symantec AntiVirus customers include:

New client software user interface: The client user interface has been redesigned.

Kernel-level rootkit protection: Symantec Endpoint Protections expands rootkit protection, to detect and repair kernel-level rootkits. Rootkits are programs that hide from a computer's operating system and can be used for malicious purposes.

New management console: The management console has been redesigned and is called the Symantec Endpoint Protection Manager console.

Role-based administration: Allows different administrators to access different levels of the management system based on their roles and responsibilities.

Group Update Provider: Symantec Endpoint Protection clients can be configured to provide signature and content updates to clients in a group. When clients are configured this way, they are called Group Update Providers. Group Update Providers do not have to be in the group or groups that they update.

Location awareness: Symantec Endpoint Protection expands location awareness support to the group level. Each group can be divided into multiple locations, and, when a client is in that location, policies can be applied to that location.

Policy Based settings: Policies now control most client settings, and can be applied down to the location level.

: Domains let you create additional global groups. This feature is advanced and should be used only if necessary.

Failover and load balancing: If you have a large network and need the ability to conserve bandwidth consumption, you can configure additional management servers in a load-balanced configuration. If you have a large network and need the ability to configure redundancy, you can configure additional management servers in a failover configuration.

Replication :
Data fromMutiple sites can be repliacted into one site

SQL Database support: Symantec Endpoint Protection now stores client information in a database on the management server. Where legacy products stored information in the registry, Symantec Endpoint Protection Manager now stores all information about client computers in a SQL database (either the embedded database or a Microsoft SQL database).

Enhanced LiveUpdate: LiveUpdate now supports the downloading and installation of a wide variety of content, including definitions, signatures, white lists to prevent false positives, engines, and product updates.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

I just missed it.

SEP  can also be installed on Windows 7

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

dries_vb's picture

You can read this report from AV comparitives. It dates from april 2009.

It includes also Sophos, McAfee, Symantec and many more. As an addition to this report, also read this forum topic (look for Paul Murgatroyd's comment "So I'd like to add some data...") about the flase positive - detection ratio.

Good luck!

jonnie5's picture

dries_vb, thank you for this.  Good reading and I have a  much better understanding on how the results are measured.

Thomas K's picture

Here is another very good Anti-Virus software comparison website.

Virus Bulletin -

Thomas Ballandras's picture

Please note that the document provided by dries_vb lists only Norton AntiVirus 2009 - This product is quite different from Symantec Endpoint Protection 11.0. As the name suggests, Symantec Endpoint Protection is not just an AntiVirus, but also includes: Firewall, IPS, Application and device control amongst other functionalities. Some products from our competitors alos include these functionalities, and to be fully protected these days, that's the kind of solution you should be looking for. An Antivirus is just not enough anymore...

jonnie5's picture

Yes, currenty we are using HIPS Firewall, Device control, AV, BOPS.  The three vendors are pretty much up there with each other.  Symantec just missed out on the VB100 award for July 2009, but 44 in a row is not bad at all.

"After putting together a quite magnificent unbroken run of 44 VB100
passes stretching back to the last century, this month
Symantec is denied an award by a whisker"

P_K_'s picture

Yes you are right, we missed it this time by a  whisker. Neverthless it will motivate us to do better and get the VB100 award back in august.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)