Symantec Endpoint Protection 12.1

Discussion in 'other anti-virus software' started by Brocke, Dec 3, 2011.

Thread Status:
Not open for further replies.
  1. Brocke

    Brocke Registered Member

    Has anyone used the newest version of SEP? trying it now. seems light and see they added lot of new features from the NIS line

    Also what the differences between the SEP and Small Business Ed. ?
    Last edited: Dec 3, 2011
  2. zfactor

    zfactor Registered Member

    personally i still say nis is the better product unless you need to actually use it in that type of enviornment
  3. Zyrtec

    Zyrtec Registered Member

    WOW! You are not alone. I am running it too, but just the client because at home I only run client OSes [Win XP, Vista & 7] not servers.

    Actually, I'm running SEP client version 12.1.1000.157 RU1. I did a custom install and installed the Anti-Virus/Spyware protection + Proactive Threat Protection [protects against 0-day threats] + Network Threat Protection. It's running light here. There are three [3] processes: [1] ccSvcHst.exe using 9668 KB of RAM, [2] a second ccSVcHst.exe using 2008 KB of RAM and, [3] Smc.exe using 5256 KB of RAM for a total of 16932 KB of RAM [~ 17 MB of RAM in total]. That's on Windows 7 Pro with SP-1.

    I tested it against 0-Day threats at MDL [15 malicious URLs], Malc0de [20 malicious URLs] and Clean-MX [7 malicious URLs] and nothing went through. It stopped every single attack, either using virus signatures, download Insight or SONAR, and Intrusion Prevention System [against Black hole exploit], just like Norton Internet Security. Very impressive!!

    The advantage of using the SEP client on a client computer [non-managed] is that you get virus definitions as long as the product is supported by Symantec and it wouldn't require to pay for an annual subscription like for commercial home AVs.

    I'm testing this at home because I got it from an IT worker friend of mine that happens to work for the company I used to work for, and they are planning to replace McAfee VirusScan Enterprise 8.7i with SEP in the Q1/ 2012 when McAfee contract runs out.

    But, bottom line: SEP [CLIENT] is basically NIS 2011/2012 but aimed to corporate customers.

    Hope this helps

    P.S.: the difference between SEP and Small Business Edition SEP is the number of clients on which each can be deployed. If I'm not mistaken the Small Business can be deployed in companies with up to 100 client computers and SEP can be deployed in companies with up to 50,000 client computers.
  4. zfactor

    zfactor Registered Member

    i was told directly by symantec it does not have all the layers that nis has and for a normal user they still recc nis, though i do agree the newest sep is MUCH better than previous versions were.
  5. Brocke

    Brocke Registered Member

    also you cant edit the proactive settings in the SMB version. not sure if that makes a difference or not
  6. Zyrtec

    Zyrtec Registered Member

    Another feature I forgot to mention that has also been implemented in SEP 12.1 RU1 is called Application and Device Control and it works by automatically blocking Autorun.inf on USB thumb drives and USB hard drives as well. This prevents malware worms like Conficker from infecting your PC.

    I've noticed that whenever I pug in a USB drive on my computer, SEP displays a message on the taskbar stating that autorun.inf has been blocked from running on that removable drive.

  7. Brocke

    Brocke Registered Member

    kool, in the GUI does it show anything about the Application and Device Control ? if i remeber right didnt version 11 show that? well in the SMB im not seeing it.

    im also have RU1
  8. Zyrtec

    Zyrtec Registered Member

    Have you checked under CHANGE SETTINGS tab ---> Client Management ?

    You'll see at the bottom of the General tab [under Client Management] a check mark for Application & Device Control.

    Although, I have to clarify, I am running the Symantec Endpoint Protection for Large Business [the client, of course], not the Small Business Edition like you are. That might be the difference if you see that your installation is lacking some settings that mine has.

  9. I'm a runn'in it, and I'm a lik'in it.

    Strangely, my version is 12.1.671.4971 (Shouldn't the auto update have us at the same version?)

    Like the personal product, it now has SONAR, IPS, and Insight. So I wonder what else the personal product might have that SEP does not?

    I had to turn off the 'Tamper Protection' as it seemed to not play nice with both WinPatrol Plus and MBAM (as depicted in the Tamper Protection Log). Anybody know a way to create an exception so I can leave on the Tamper Protection?

    Overall, the product seems light, effective, and well developed.
  10. Chubb

    Chubb Registered Member

    The new 12.1 is better than 11.X because you have the option of not installing the firewall in 12.1.
  11. Brocke

    Brocke Registered Member

    yup it gives you the option for basic virus and spyware protection or the full suite. very nice
  12. Zyrtec

    Zyrtec Registered Member


    Your SEP 12.1 version # is a little bit outdated because [if my memory serves me well] that is the original release which became RTW [released to world] on July 5th, 2011.

    The one I'm running is the RU1 [Release Update 1, a.k.a. SP-1] which was released on November 18, 2011. As I said earlier, I got this installer from a friend who works on IT Dept. of my former employer. They plan to deploy SEP during Q1/2012.

    By the way, RU [Release Updates] for SEP client and SEPM [manager] are NOT applied automatically as soon as Symantec releases them. They need to be downloaded from Symantec FILECONNECT site [---] and you must have a valid Serial Number to log in. Those S/N can be obtained from your IT people if they have a valid service contract with Symantec.

    Basically, SEP is very, very similar to NIS 2011 or 2012. I think is has all the goodies NIS has [Insight, SONAR and IPS] but lacks Parental Controls, AntiSpam, Norton DNS, etc. which are more aimed to consumer versions but not to corporate environments.

    Since I'm not running WinPatrol nor MBAM I cannot say if there are incompatibilities between SEP and those applications but if after disabling Tamper Protection it works for you, then it's ok. Just be mindful, by disabling Tamper Protection, any malware that sneaks in to your system will be able to shut down SEP effortlessly.

    Last edited: Dec 4, 2011
  13. Zyrtec

    Zyrtec Registered Member

    Some screenshots of SEP 12.1.1000.157 RU1 CLIENT on Windows 7 Pro SP-1:


    P.S.: Had to go back and change pictures resolution b/c the first time I uploaded them I used the wrong resolution and pics looked very tiny.
    Last edited: Dec 4, 2011
  14. Zyrtec

    Zyrtec Registered Member

    Last edited: Dec 4, 2011
  15. Brocke

    Brocke Registered Member

    I just installed SEP Enterprise :)lurking: download) hehe, And it running very nice. like you said the memery usage is low.
  16. iwod

    iwod Registered Member

    Are you sure it gets update along as you are running the product? We Get Retail Boxed copy of them for a tiny amount of money in where i live.

    Basically it is a NIS 2012, or 2011 I think since the newest tech are always on Norton First. And definition are slower due to extra checks made in them so there should theoretically be less false positive. And a Nicer, Cleaner UI.
  17. Zyrtec

    Zyrtec Registered Member

    I am 100% POSITIVE, it gets: virus definitions updates + Sonar/Insight updates + Intrusion Prevention signature updates, as long as Symantec SUPPORTS that version of SEP. I was told this by my IT friend and he must know that for sure. What you do NOT get automatically are MP [maintenance packs] and RU [Release Updates] unless you or your employer or company have a contract with Symantec and can access their FileConnect site with a valid service contract number or a valid Serial Number[S/N].

    That's it [getting virus defs updates], if are just running the un-managed CLIENT on your computer and that client is not the DEMO client with a 30-60 days trial that you download from Symantec once you have filled out a lot of information at their site such as name, phone number, employer, employer phone #, employer address, etc. Not that one.

    I mean, you've got to have the official installer which may ONLY be downloaded from Symantec FileConnect site, [site which is only accessible to individuals or companies with current paid contracts with Symantec].

    Hope this helps.
    Last edited: Dec 4, 2011
  18. the_sly_dog

    the_sly_dog Registered Member

  19. Good info. Thanks.

    Yes, I'll bet my version is the original release. My employer has a contract, but it would be a long shot if I could ever get the right info to go to 'File Connect.'

    It appears that only having the client, I could download RU1. (Thank you to 'The Sly Dog')

    But the release notes don't really compel me to do so yet.

    But now I'll start watching occasionally to see what future updates bring. I'll also contact our network guys to see if I can get the info to go to 'File Connect' directly. I downloaded SEP 12.1 from my employer's server.

    I'm actually running SEP 12.1 on three machines. Happy with all. Just wish it would not conflict with MBAM.
  20. symthomas

    symthomas Registered Member


    This Symantec KB article explains why you are seeing notices for svchost.exe detections
    Symantec Endpoint Protection 12.1 SONAR Detection: Svchost.exe Causes "Hosts File Change" Security Risk

  21. piero_depaoli

    piero_depaoli Registered Member

    Hi there - this is Piero from Symantec.

    New in SEP 12.1
    - New Protection Technologies. Insight and SONAR. Insight is Symantec's reputation technology which leverages info from 200M+ systems and 3.1B files to determine whether downloaded content is good or bad. This is particularily helpful for protection against new or mutating threats. SONAR runs in real-time and can block applications from malicious behavior.
    - Faster: the Insight techology mentioned above allows Symantec Endpoint Protection to scan in a more efficient way - making it feel lighter and faster on the machine.
    - Virtualization Features: if running SEP in a virtual environment, a series of features have been added to eliminate and deduplicate scanning. Together, they have optimized SEP so it doesn't get in the way of getting the most our of your virtualization investment.....and you get best-in-class protection too.

    Main differences between SEP and the Small Business Edition:
    - one of the earlier posts is close....Small Business Edition is typically for 100 users or less. The full version of SEP can actually scale to hundreds of thousands of users, just requires multiple management servers.
    - the new protection technologies - SONAR and Insight - are included in both versions.
    - the device control and application control technologies that are present in SEP are not present in the Small Business Edition. (The same holds true for earlier versions of SEP and SEP SBE.)
    - the features for virtualization security mentioned above that are present in SEP 12.1 are in the Small Business Edition.

    Hope this helps!
    - Piero
  22. cwling

    cwling Registered Member

    Hi All,

    I just manage to deploy new SEP 12.1 RU 1 by importing all the policy from 11.0 MR 4. We are testing the ADC policy for some machine seems the windows 7 32 bit cannot be excluded.

    However, the policy is working in windows XP.

    Can you share with me the experience in windows 7 SP 1.

    Thanks in advance.

    Alex Ling
  23. the_sly_dog

    the_sly_dog Registered Member

    See i have them options to ignored and i still see programs saying program blocked,

    Attached Files:

    Last edited: Dec 6, 2011
  24. Zyrtec

    Zyrtec Registered Member

    Strange. As I posted before, I'm running SEP 12.1 RU1 on Windows 7 - 32bit with SP-1 and I'm not getting that odd balloon message about svhost.exe being blocked either by the firewall or SONAR.

  25. the_sly_dog

    the_sly_dog Registered Member

    I have run a scan with drweb,kaspersky,eset im clean, As i was thinking i was infected>>

    I have unistalled and reinstalled symantec i still get the same pop ups its weird
Thread Status:
Not open for further replies.