Endpoint Protection Small Business Edition

 View Only

Symantec Endpoint Protection Small Business Edition Adds Consumer Features That Don’t Serve the Needs of Small Businesses 

Jan 27, 2016 07:49 PM

In mid-January 2016, Symantec began releasing an update to the Endpoint Protection component of their cloud-based Endpoint Protection Small Business Edition offering.  The cloud Agent itself is a wrapper, while the base product – Endpoint Protection – is the Norton Internet Security product.  The latest version, NIS-22.5.4.24, has been updated to work with Windows 10, has been given a new user interface, and has been updated with additional technology to protect computers from threats.  However, the problem with this update is in the number of settings that were added to this version behind the scenes and turned on by default.

Symantec partners access their clients’ cloud-based portals via the Partner Management console (https://manage.symanteccloud.com).  Most of the operations of the cloud product are controlled via policies and settings that are defined in each client’s web page (https://hostedendpoint.spn.com).  From there administrators can control how the servers, computers, and laptops will be protected, how USB devices will be handled, the kind of web protection and network protection to be offered, as well as the scanning schedule.  With the exception of providing Firewall rules and Program control rules, those are the only facets of the program that can be controlled via the web.

To control other elements of the product, you have to log in to the client’s computer, open up an elevated Command Prompt, access the C:\Program Files\Symantec.cloud\Antivirus folder and issue the following command:

avagent  –SHOW_UI

SEPz1.jpg

And that’s where we can find the latest problem.  With the 22.5.4.24 update, the number of settings that have been included – all without any option to control from the web – are startling.

SEPz2.jpg

Within the Firewall settings is the “Network Cost Awareness” setting. This new policy allows you to configure the amount of bandwidth the agent will use.  There is no equivalent setting in the cloud to manage this.

SEPz3a.jpg

 

SEPz3b.jpg

There is a completely new section for Tasks Scheduling.

SEPz5a.jpg

 

SEPz5b.jpg

Again, neither these settings nor the scheduling are controlled via the policies on the web.

I don't even want to venture into the discussion of how the “disk optimization” utility handles SSD drives that have already been blocked by Windows own defragment utility.  Nor do I want to guess what the automatic schedule setting actually is for these tasks.

Last are the newly enhanced Administrative Settings which contain some of the more egregious changes.

SEPz4a.jpg

SEPz4b.jpg

SEPz4c.jpg

Why anyone should need “performance monitoring” on a modern-day computer baffles me. The other question that is posed by these settings is why the monitoring is on, yet the alerting is off – but colored green (as if on).

There are the Firefox Cleanup options, which for some reason, are not included in the scheduled tasks.  But if Firefox is installed, by having this on by default, it will – purportedly – clean up the temporary files.

Quite frankly, I am horrified that these settings are on my clients’ computers!

As a Managed Services Provider, I already use a Remote Monitoring and Management (RMM) software product to take care of scheduled Windows tasks, including the removal of temporary files.  I use Group Policy Objects to control how other tasks are scheduled during off hours.  I don’t expect a third-party software product – especially one designed for Internet Security – to be introducing a completely new and totally ungovernable set of tasks to my client base.  I certainly don’t expect the software to adversely affect the performance of an end-user’s computer without my ability to control what does, and doesn’t, occur.

I won’t mind that I will have to explain why the statistics in my RMM’s monthly reports will show a dramatic change with respect to performance and file clean-up.  But what I do mind is that I cannot explain why Symantec did not inform its partners that they were going to be introducing these new “features” to the product.

I have done some research since these settings appeared, and I have yet to find anything mentioned other than the fact that Windows 10 will be supported and that the screens have changed in appearance.  It seems that all of the other items that were added did not deserve any mention whatsoever.

This product is marketed as a Symantec Small Business product – and for years, I have sold it as a business-class product.  While I realize it is built on the Norton consumer base, it must be completely managed; otherwise it is next to useless.  There has to be a way to control ALL of these settings from the client’s web portal.  Without that ability, it will be necessary log in to each of the affected computers (after they receive this update) and manually change the settings.  That is going to take time, effort, and coordination.  Afterwards, I am going to have to review the settings in each future update to see if any additional consumer-grade “features” creep in.

Symantec, this is simply unacceptable behavior!

In an effort to handle Windows 10, you’ve thrown consumer-level garbage into the workings of a business-based product.  The only way that you can reconcile this oversight is by providing discrete controls in the client web portal.

After reading this article, if you agree that Symantec should include controls for these settings in the cloud, please click the question mark, located on the upper, right-hand side of either the Partner Management Console or the Hosted Endpoint page and submit a Feedback item.  Indicate that consumer-level controls in a business product are not acceptable.  If they have to remain, then the cloud interface needs to be updated to control these settings.

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Feb 04, 2016 11:09 AM

Larry,

This is an amazing article providing much needed insight and awareness. I cannot believe none of these settings are available from the managed console. They need to be!

Thanks for sharing.

-Brian

Related Entries and Links

No Related Resource entered.