Endpoint Protection

Much awaited SEP14, now its clear that it will not support SEPM to install on Desktop Operating System.

This made cumpolsary to install SEPM on server operating systems.

Really don't understand the idea of this move.

Totally disappointed move from Symantec.

 

 

This has been known since beta. Don't know why they chose to stop SEPM support on a desktop OS but it is what it is now.

I am very disappointed that SEP 14 doesnt support Windows Server 2003. I know MS also don't provide support to Windows server 2003, but I think many clients should have some legacy systems which are running on Windows server 2003.

Server has many functionally that is needed for SEPM to work. At the end of the day, SEPM is meant to be installed on an Server enviornment and not on a Desktop.

SEP is meant for enterprise deployments. If you install server software on a client operating systems, you are not really operating at an enterprise level.
You might want to look into SEP.Cloud which is designed for the SMB market. .

 

 

I've heard of companies that still have NT 3.51 installations. We have way too many Server 2003 and Server 2000 in our environment that we can't get rid of yet.

Anybody know of a good AV that provides protection for all clients - Desktops XP and above, and Servers 2000 and above?

Hate to leave Symantec, but they're leaving me no other choice.

@Dsmith: SEPM 14 can still manage SEP 12.1 agents with Windows 2003 support.  Still for legacy systems you should rather look into CSP or other solutions that harden the system until you can decomission it. 

 

 

Unbelievable, some people really blame a security software company like Symantec just because they don't support NT 3.5 or Server 2000/3 anymore or the management server on a desktop os?! Hey guys, just because of such IT administrators like you which keeps 20 years old server OS running, we have many exploited servers in the WAN. Update your old servers or keep them running isolated!

Hello,

SEP 12.1 RU6 MP6 is the latest supported version against platform 12.1. I will suggest to continue with the existing platform instead of upgrade.

You can expect patch updates as well, MP7 is due for 12.1 platform. Symantec is not going to discontinue 12.1 support so quickly, i believe it will be available till 2018. 

 

One important object to have SEP for several SMBs (Small Medium Business) that the SEP can run flawlessly under Workgroup setup, and that serves the required purpose;  but the latest have been forced to keep a server in the environment. I am sure it is much easy to look for a similar product than to keep the server.

Poor decision by the developers who develop the idea as the latest SEPM support only servers.

 

 

 

 

This is what SEP SBE cloud is for. SEPM is for enterprise not SMB/SBE

Good luck in your hunt for better product

 

In case you're not aware; there are actually different products out there based on the size of the company.

SEPM is more geared toward the Enterprise version.

And Symantec Endpoint Protection Small Business Edition is geared toward SMB. This will give you the most benefit as it's cheaper in the long run. No server is needed.

https://www.symantec.com/en/uk/products/threat-protection/endpoint-family

This will really hit my company hard.  I am a reseller and I deal exclusively with micro and small business.  I have all of my two dozen customers running SEPM/SEP, many of them all the way since 2008!  All but 2 are running SEPM on Windows "desktop".  They don't have Windows Server and won't ever.  They are too small or can't afford it.  We run Linux servers at all locations.

SEPM has run on Windows desktop since before 2008 and that has never changed.  Why change it all of a sudden?  Surely any rationale provided today would have been valid years ago, yet it's today you decide to drop this feature?  If anything, Windows desktops have gotten MORE feature rich and capable (closer to Server), not less.

My customer base represents about 250 yearly license renewals for Symantec.  If I can no longer run SEPM at these sites, then Symantec will lose that revenue stream, and the generous goodwill I provide as being a promoter for Symantec products while all the other tech guys I know bash them.

I would like to ask two specific questions to try to address this problem:

1. How long will 12.x continue to be supported?  If it will be supported for 5+ years, I can continue to sell SEP and hope that Syamntec reverses course on this "no desktop" policy.

2. Will 14.x support "desktop" SEPM eventually?  Maybe if enough people complain?

To those who say the following, I have easy answers for you:

a) You say "use SEP cloud / small business version": my customers don't want cloud/SMB products.  I don't want cloud/SMB products.  Do you know how many different lame products Symantec has had in the last 8 years where they dumb down / cripple SEP and slap a "SMB" on it?  At least 3.  They come, then are dropped.  Following those products would require way more work for me/customers than SEPM.  Just because my customer is small, doesn't mean they don't deserve the same level of security and management as an enterprise!  The only reason that these products exist is that a SMB doesn't have the technical capacity to manage their own SEP.  That's why I do it for them.  Once setup, SEPM requires very little time to maintain apart from upgrades.  And several of my customers are behind very slow terrestial microwave internet links where the download once, push to many clients features of SEPM are necessities.

b) You say "SEP is meant for enterprise deployments. If you install server software on a client operating systems, you are not really operating at an enterprise level".  I guess my many customers using SEPM on desktop for 8 years successfully with full "enterprise level" security are just mistaken?  Such a Microsoft-centric view of the world that unless we pay MS thousands more a year we only get an inferior OS?  Did you know that SEP 12 runs on tomcat/java and is more unix-y than MS-y and tomcat doesn't give a hoot whether your Windows thinks it's a "server" or not?  The only one who cares is MS so they can charge you more.  Maybe SEPM needs to support Linux, where such artificial divides between desktop/server do not exist.

c) You say "Server has many functionally that is needed for SEPM to work".  You mean just now when 14.x was released?  Because before 14.x was released, your statement was 100% false.  If they added dependencies on Server just for 14.x then shame on them.  The previously SEPM developers didn't feel the need to do so.  Why now?  Laziness.  Or they're just lying and SEPM works fine on desktop but they don't want to be bothered to test/support it.

d) You say "NT 3.5, Win XP, blah blah": I'm not talking about old versions of Windows.  That is muddying the waters, that should get its own thread (it is a valid question, but has nothing to do with "SEPM on desktop").  All my customers are running fully supported Windows versions, a mix of 7, 8 and 10.  Why can't I continue on with SEPM as I have for the last 8 years?

To sum, SEPM on "desktop" was a HUGE feature for me.  Getting rid of it for what seems like no good reason will really harm me and my customers, if nothing else we'll have to throw away money spent on the licenses and spend a fortune buying a competitor's licenses.  This will impact Symantec through lost yearly renewal revenue.  I had a couple of SEP sales in the hopper for 20-ish licenses each and now I can't in good conscience sell them SEP.  Symantec, please tell me you're going to look into this!

 

P.S. I just installed SEPM 14.0 on a "desktop" Windows 8 box and other than one alert about GP & users it installed perfectly fine.  I am logged into the SEPM console now and it all looks perfectly fine.  I will run a test of installing a client for it to manage and make sure it looks like it is working.

If so, so much for "requires Windows Server due to technical reasons"!  If it works fine (or even mostly fine) then this is just laziness by the testing and support departments.

Need some clarification here, Symantec!

 

Very interested to see how this pans out. We've been running SEP for 15 years here in our SMB (50 seats) and found this thread looking for news on the v14 install. We've been running 12.x on a W7Pro workstation dedicated to SEPM, Shavlik Patch and Spiceworks for some time - I don't wish to be forced into upgrading this machine to a server OS when it's perfectly fine as it is just so we can progress to v14.

As an aside, I couldn't agree more with your comments on the SMB software - I've moved two clients away from SEP because of the crippled nature of SBE.

You are right about Symantec rebranding their SMB/Cloud products quite often. Luckily under new management Symantec are heading in a new direction. The product you should check out is "Symantec Endpoint Protection Cloud". It was just released and contains the same features as SEP 14 and more. Core executives in Symantec says this is their main product going forward as things are shifting towards cloud. Confusing enough there is also (used to be?) a product called SEP .Cloud The new SEP Cloud also contain policy settings so you can provide some AD GPO security even if they are in a workgroup. Just as in SEP 14, definitions for SEP cloud are now in the cloud so bandwith and definition size is reduced by 80%, solving your bandwith issue https://support.symantec.com/en_US/article.HOWTO124358.html https://www.symantec.com/products/threat-protection/endpoint-family/endpoint-protection-cloud?inid=globalnav_scflyout_endpoint-protection-cloud

Cloud *might* work for half my clients, but the others it won't work.

A) I get a lot of pushback against "cloud-only", and personally I'm extremely skeptical.  Good security professionals don't like drastic change until it's fully proven.

B) My customers on slow/expensive internet simply cannot use a cloud-only product: what happens when a new minor version comes out (like 12.5 to 12.6) and every pc needs to pull its 50-100MB upgrade?  Even if cloud shrinks the client to 20-30MB it still is not feasible with cloud.  With SEPM I have one box that pushes all content and upgrade installers to all workstations, with zero extra bandwidth use.  There's also the aspect of some customers' microwave internet not being 24/7, with on average an hour outage per week.

SEPM is perfect, it's affordable, it just works, I have hassles with it almost never, it's secure, my customers like it, I like it.  I want to sell it.

I cannot tell my micro-business customers they now need to buy a $1200 Windows Server + $1000 new computer for it just to run $400 worth of SEP!

I am initiating discussions with all my contacts within Symantec in addition to here to see if I can get some answers.  Everyone on board with me please contact your Symantec sales reps, channel partners, etc, and complain here on this forum.  Tell them they're about to lose a sale, as well as renewals.  Like I said, it looks like 14 is "mostly there" on non-servers, so I'm sure they could change their backstabbing policy to allow desktop support once again.