Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Endpoint Question

Created: 18 Feb 2013 • Updated: 19 Feb 2013 | 8 comments
This issue has been solved. See solution.

If I install Symantec Enpoint Protection for Windows on a Windows box, can I also use it to scan for viruses that are destined for a Linux box? Meaning, if I scan a CD that will have programs for Linux, will the Windows version of Endpoint detect any viruses on that CD that will affect Linux? Also, what about the different versions of Windows? If I have Endpoint installed on a Windows 7 computer, will it detect viruses that are specific to Windows XP? Thank you in advance.

Bert

Comments 8 CommentsJump to latest comment

.Brian's picture

Yes it can also scan for and detect linux malware. All versions of windows are covered and scanned the same.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mathisbr's picture

Thanks for the speedy reply! So is this information documented somewhere or is this just common knowledge? Reason I ask, is because I will have to somehow back up this statement. Right now we have a Windows 7 box running a VM for XP and a VM for Linux Red Hat, all running Enpoint. For performance reasons, we cannot install AV on the computers in one of our industrial applications. So we scan anything that goes in or out and right now that means to scan them on 3 separate OSs. Seems like a lot of wasted time to me if the main OS can scan for viruses on all OSs.

.Brian's picture

Very similar thread here:

https://www-secure.symantec.com/connect/forums/sym...

Check the comments from a few of the Symantec eployees who commented.

A brief paraphrase from Mick2009:

  • SAVFL will catch Linux threats, Windows threats, and Mac threats.
  • SEP on Windows will catch Linux threats, Windows threats, and Mac threats
  • SEP on Mac will catch Linux threats, Windows threats, and Mac threats
  • Symantec Mobile Security 7.2 / SEP Mobile Edition on Windows Mobile will only catch threats that are designed to work on the Android/WM platforms (not full Windows, Linux or Mac)

But if you check the risk list in SEP you will also notice it contains viruses for Linux and Mac as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
mathisbr's picture

Excellent. Thanks for the link. I will have to check it out in the morning. Another fire just started somewhere else :)

JS@support's picture

Hello,

Refer Mike2009 comment

https://www-secure.symantec.com/connect/forums/sym...

  • SAVFL will catch Linux threats, Windows threats, and Mac threats.
  • SEP on Windows will catch Linux threats, Windows threats, and Mac threats
  • SEP on Mac will catch Linux threats, Windows threats, and Mac threats
  • Symantec Mobile Security 7.2 / SEP Mobile Edition on Windows Mobile will only catch threats that are designed to work on the Android/WM platforms (not full Windows, Linux or Mac)

(So: if you have a file server that is running Linux, it won't be able to help spread Windwos viruses.  The same goes in vice-versa: a Wuindows file server will block threats that target Linux machines.  SMS 7.2 on an Android phone doesn't have the memory, CPU, etc to detect every threat for every platform- it just protects itself.)

Here's a couple of articles that will help you to make the most of SAV for Linux:

Do we really need a Antivirus for Linux
https://www-secure.symantec.com/connect/articles/do-we-really-need-antivirus-linux

How to Install SAV for Linux (SAVFL) and Update It Using LUA 2.x (2.3.0.71)
https://www-secure.symantec.com/connect/articles/how-install-sav-linux-savfl-and-update-it-using-lua-2x-23071

SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide
https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

Please do update this thread if you need any more info!  I know SAVFL pretty well.  &: )

Mick2009's picture

Hi Bert,

"Thumbs up" to the advice, above.  Here's an official Symantec KB with that info, too:

How to View the Threat List on Symantec Endpoint Products 
Article URL http://www.symantec.com/docs/TECH200963

Technical Information

Will SEP for Mac detect and remediate only threats that are designed to target Macintosh computers? Will SAV for Linux only detect and remediate Linux threats?

  • SEP on Windows will detect all known Linux threats, Windows threats, and Mac threats
  • SEP on Mac will detect all known Linux threats, Windows threats, and Mac threats
  • SAVFL on Linux computers will detect all known Linux threats, Windows threats, and Mac threats.
  • Symantec Mobile Security 7.2 / SEP Mobile Edition on Windows Mobile will only catch threats that are designed to target the Android/WM platforms (not the full range of Windows, Linux and Mac definitions)

For example: if an organization has a file server that is running Linux and is defended by SAV for Linux, that server can block threats that target the environment's Windows clients. 

SMS 7.2 on an Android of Windows Mobile phone does not have the memory, CPU, and other resources to detect every threat for every platform.  Mobile products are designed to protect only the mobile device

I definitey do recommend that SEP be installed on all Mac and Windows machines, and SAV for Linux on RedHat.  Every endpoint should have an AV. 

For performance reasons, we cannot install AV on the computers in one of our industrial applications. So we scan anything that goes in or out and right now that means to scan them on 3 separate OSs.

SEP 12.1 can function on XPE,WEPOS, etc etc. 

Symantec Endpoint Protection support for embedded operating systems
Article URL http://www.symantec.com/docs/TECH106027 
 

Hope this helps (with this fire, at least!) - please do update this thread with news if your question has been answered, or with any additional elaboration that is necessary. 

Mick  

With thanks and best regards,

Mick

mathisbr's picture

Excellent. You guys were very helpful. I read all the links you sent and I have forwarded the info up the chain. This will make our lives a whole lot easier. I certainly do understand the importance for having SEP installed on every host, but this will not work for our application. Due to timings and performance limitations, it simply cannot be done. To work around this and to prevent any viruses from being replicated in our environment, we will scan every piece of media that gets introduced. This sounds tedious, but there will not really be that much to scan because this is an industrial application and outside media doesn't get introduced very often. Thanks again for the help!

mathisbr's picture

So it wasn't good enough that I had Symantec's employees telling me on a Symantec forum that the Windows version of SEP will scan for Linux so I had to find a technically document. I found it here for anyone that needs to reference it. The important nugget was under technical information near the bottom.

http://www.symantec.com/business/support/index?page=content&id=TECH200963