Symantec Endpoint Security 11.0 released

There is no global setting for that. Applications may be blocked and once on the list they may be set up on an ask each time basis. This would be handy for some media players that phone home a bit too much.

My understanding is that a la Sygate there is a blacklist of malware that is blocked, just how powerful this is I don't know. What I do know is that some worms like Storm use an encrypted Overnet/Edonkey protocol. If that can be identified regardless of the encryption key or ports used, it would provide a powerful way to detect something that slipped by the other defenses.

 

Took a look, didn't like it. Not enough fine grained control. Also, a big mistake not to offer a new/improved SAV as a separate entity.

 

Too bulky, clumsy, resource hog for a 'end point', bring my system(XP, amd 3600+ 65nm, 1GB ram) back to like win 95 age, worse than nav 2007.

 

I find the opposite to be true here on my old 1 gig cpu PIII with 512mb ram. Performance in general is as good as with any other AV or suite. Not at all like the "Norton" offerings either, this one is lighter with less annoyances. Much better than NAV 2007 for example.... there is a slight bit of cpu usage however, which I am not fond of, but otherwise it seems to perform well, even on this 6 year old PC.

 

SEP is of course much heavier than NAV 2007, I am using the C900 and 256 RAM.

 

Yeah, they are both fairly heavy on ram. Regardless of what task manager says about the processes, if you measure free system ram before and after installing either one of them, you will see a considerable drop in free ram. They are not light in that regard. I am mostly concerned with performance rather than ram usage by itself. At any rate, I am back to Avira Premium for now..

 

IMO, SEP 11 had less system impact on Vista than on XP. Perhaps the latest generation of Syhmantec products are Vista oriented.

 

It is just because Vista use a better hardware, SEP has much more to consume.

 

My tests were based on running SEP 11 under both XP and Vista using a recent notebook computer with a 2 ghz Intel core 2 duo and 2 gigs of memory. Vista does run a bit slower to start with. I simply found that SEP 11 had no noticeable effect on Vista and some, but small on XP.

For those who run XP as a limited user, SEP 11 is a real pain because all settings are locked out, and some of these need to be accessed. Many of the tricks for temporarily elevating privileges do not work with SEP 11. On a corporate machine with fast user switching disabled (required for domain log ons) one would have to log out and log back in to an administrative account, to disable network discovery and file sharing at the firewall level. This is a pain for traveling notebook users.

 

May I ask why it is such child's play to just open up task manager and terminate SEP's processes with astonishing ease? They should be protected, like they were in all previous releases of Sym Client Secuirty and the Norton series, aswell as many other decent apps.

 

I just tried to do that in Vista and received a message that the action was blocked. The process was not terminated.

 

I think in the corporate world, task manager is usually blocked from access. This makes it not absoultely necessary to have such kind of protection. I am may be wrong, but this is what i think.

 

Task Manager is not blocked where I work in which I am glad. Sometimes I need to terminate an errant process which uses too much CPU. On some workstations a process used by the account program reacts strangely to SAV scans and it's CPU usage goes way up to the point where the computer runs very slow. I kill this process and then it comes back acting normally.

I find it hard to believe that the home edition has self protection and the Corp edition does not.

Diver, are the SEP processes "owned" (have a user name) in the task manager? I have noticed that when these are blank that means that self protection is on (it is as far as NIS is concerned anyway).

 

I have it installed here and the ccApp.exe process is under my username, but the other processes (scanner etc) are under SYSTEM in task manager. Don't know what that all means, but that's how it is here...

 

SEP processes are owned by SYSTEM, as are SAV processes if Tamper Protection is disabled. If they are protected against unauthorized termination they will appear under a nameless account in task manager. However, on SEP processes are all owned by SYSTEM, wether Tamper Protection is activated or not. And yes, they CAN be shut down even with Tamper Protection activated. You don't even get as much as a notification. My solution? I combined forces with COMODO Firewall Pro by making Defense+ rules for the Symantec AntiVirus folder to block any processes that run from there from being terminated LOL.

What I don't understand is SmcGui.exe, which tends to "jump" CPU usage up for brief moments. Its command line reveals it has something to do with Sygate firewall, which I know it incorporates. But WTF, I didn't install the firewall component from SEP, just the AV!!

 

I had some pretty high cpu usage just idling from the main process, it fluctuated between 6-15% while doing nothing! This is pretty weird, but I have to say that system performance was fine, so I guess it didn't really matter.. have moved on to something else for now, but will have another go at it sometime this week perhaps.. Overall I liked SEP11.

 

Are you kidding? Have you seen the firewall on that thing? It doesn't ask you if you wanna allow or block an app from accessing the internet. No you have to define specific rules for EVERY SINGLE ONE of your programs. I can't believe the nerveon them for releasing a corporate product with such a whimpy firewall. It's supposed to be a corporate protection suite and its firewall can't do what even some free firewalls do.

The only think I found good about it was the proactive protection, which goes well with the AV. And the way it fails to protect its processes from termination...? I really dunno... *shudders*

 

Under Vista there are only 2 processes and both are blank. I have not tried to go to services.msc and terminate anything. As you may know, the task manager in Vista is nothing like previous versions of Windows.

Serinox, the firewall is based on Syagate which was highly regarded. It is programmed to recognize and stop various types of malware outbound communications.

 

It's primarily an AV with some proactive protection, not a firewall product, so as such, I'm not expecting it to even have a firewall component, let alone protect me from outbound traffic.. I think it's great as an AV with a little "extra"....

As far as corporate protection, I don't believe that most corporate protection worries about any outbound traffic, there is the usual heavy duty inbound corporate firewall, and then an AV on the workstations, but who cares about outbound traffic in a corporate environment? If they want to filter that on the main firewall fine, otherwise it's quite unusual for a workstation AV to have any firewall component..

If the firewall acts as a secondary block when active malware is detected, then that's fine (as Diver suggests). Otherwise, I could just as easily do without any firewall component at all..

 

Well to me it just looks like they're "devolving" because Sym Client Security products had that ability. And yes more of an AV it is. Which is why I couple it with CFP 3.0.10, which seemed to be necessary for more than one reason: CFP blocks memory access and termination of SEP processes, which strangely SEP can't do on its own?!

EDIT: Tamper Protection works now. Apparently one must restart the computer after installing SEP and all updates for it to work. I'm not used to this cause SAV never ever asks for restarts, not even after installing or reinstalling.

 

Amazing what restarting your 'puter can do for you. Maybe I need to reboot my head.

 

Has anyone had a problem with nothing showing up in the applications list? I have a trialing copy running on a Vista machine and a xp home machine and nothing shows up on the application list. Did a google for this and haven't found a answer.

 

You have top go into the options and "view network activity" while the application in question is running. Right click the app, select "block" that will put it on the applications list. After that, the settings can be changed. Its mainly for keeping things like media players from phoning home. This is not like most bidirectional firewalls. Nearly everything goes out, unless it is identified by a signature in the firewall as malware.

 

What would be a good application to run alongside SEP to alert of outbound connections? I know that SEP is pretty unhappy running alongside other security applications, but I just can't feel comfortable without the filtering, which is a shame as I like this firewall. I just don't feel safe running it, which kind of defeats the object, really. Or is Symantec's theory that anything maliciously asking for outbound connections will be stopped by the other components of Endpoint Protection?

 

thanks Diver ... I would have never found that. Really cheezy way of doing things.