Symantec Endpoint NTP 11.0 = Sygate

After viewing the thread Firewall Screenshots I saw Sygate back in this Symantec product. Way to go, Sygate. So it wasn't 'shelved' afterall.

Any experience anyone, like BG ?

 

Hello,
I will be testing this thingie soon, just for the sake of testing.
But it's not Sygate anymore, it's Symantec ... unfortunately.
Mrk

P.S. From the screenshot, it looks Sygate all right. Why not use Sygate then?

P.S.S. If what MS did with Giant is an indicator, I'm afraid to think what the monsters might do to this great firewall...

 

So it asks for permission for all apps connecting to the internet like Sygate did?

If so, have they fixed Sygate's local proxy hole?

 

Hi,

There is a significant layoff at Symantec house.

Perhaps, It is a strong indication that something much different from the ugly past will finally materialize. Keep our fingers crossed.

 

Sygate relies in part on signatures which are very out of date.

 

Hello,
What do you need the signatures for?
Mrk

 

Signatures are for intrusion detection, possibly for unusual outbound protocols associated with bots.

 

The sigs in the Sygate Pro version were for the IDS, which I always thought was for detecting inbound exploits, not outbound. But who knows... perhaps I am wrong there...

Don't know if the IDS stuff is incorporated into SEP11, I kinda doubt it.

 

Hello,
You didn't understand my question. I know what they are for.
Why do you need them? As in, why are they important - to you?
Mrk

 

I personally could care less about them... I can't speak for others though... maybe Diver likes 'em for some reason...

 

Hi,

Could Sygate with IDS be the same as BlackIce PC Protection, which is a firewall with updated IDS signature. Although BlackIce no longer available for sale, it still updates signatures until Oct, 2008.

Some of commercial Firewall such as discontinued McAfee desktop Firewall does come with IDS, its successor HIPS 6 or 7 also has updated IDS signatures.

According to BlackIce's prod info, it can scan every packet ( is this a right term?) with signatures, and can stop /send alert to PC user, moreover, if you wish, it can also trace back to the place of origin (with the aid of another app, could not recall its name). Take care.

 

See here, here and here (thanks Diver)

What happened to some features such as Anti-IP spoofing in Symanterc Endpoint?

Symantec has now redone Sygate Personal Firewall to target businesses not home users. Symantec would probably continue updating the IPS/IDS signatures now that they have re-released Sygate as Symantec Endpoint 11.

Does anyone know why its 11? Surely Sygate was version 5?

 

Yoda ... I'm not a big tester just use software that doesn't bog down my system and keeps me relatively safe (ymmv). I also rely on the folks at Wilders and DSLReports security forum for insite. I d/led the trial for Endpoint from the Symantec site and it lasts for 4 months. Got it loaded on 5 of my boxes (XP Home & Pro and Vista). It runs quiet on all systems. No slow down in performance (again ymmv). I still haven't got used to the Symantec/Sygate firewall concept but getting there. Just for grins I uninstalled the firewall portion on one system and installed ZA AS. This suprisingly runs well . I also tryed the same with OA free and that worked too. So??

 

Well, I can't say exactly what the signatures do because there is not much information on that, nor can I tell you what the practical effect of not being up to date is. However, that could be said about just about any security product. All I can say is that signatures are part of the product design and in SEP 11 new network protection signatures are published about once a week.

SEP 11 is a roll up of various purchased technologies including the Sygate firewall, Sana behavioral analysis, andI believe the root kit detection comes from Veritas. The original Norton Antivirus technology was purchased from IBM, but there is no telling what is in there now.

 

Thanks for your answer BG.
There are some reactions here too.
I tried a trial too now (after imaging ).
The firewall side looks like sygate alright, and even the IDS is updated through liveupdate. But what I really missed was that applications could not be asked to access internet only block or allow options. And the applications window was empty even after letting some apps connect to internet. Didn't like that, so I restored my image again with my good old Sygate pro.


Cheers.

 

Sygate has a pretty poor Intrusion Prevention engine compared to what Symantec had even in the last version (Symantec Client Security 3.0). SEP 11.0 now includes both the old Sygate engines (for customers that have written their own custom signatures for that engine) and Symantec's own highly advanced IPS engine (similar to ISS) where the signatures are updated VERY often. See http://www.symantec.com/avcenter/security/Content/Product/Product_SEP.html

 

There is NO Sana behavioral Analysis in SEP. Not sure where you got that from.

 

All firewall functionality in SEP is purely based on Sygate technology. There is no Symantec firewall functionality at all. Any missing Sygate functionality is purely because the former Sygate team felt that that protection was not being used or not providing any real protection.

 

11 because thats the next number after SAV 10.0, the previous version of the endpoint protection even though SAV doesn't have anything but AV. Ideally it should have been SEP 4.0 which would have followed from the previous endpoint suite i.e. Symantec Client Security 3.0, but I guess they felt they will follow on from the SAV versioning.

 

As mentioned, SEP does have the Sygate engine but only to support customer's custom signatures. The real value and protection comes from Symantec's own IPS engine thats much more advanced than Sygate's and the signatures are being updated constantly http://www.symantec.com/avcenter/security/Content/Product/Product_SEP.html.

This engine is a lot more advanced that BlackIce PC Protection.

 

SEP11 includes intrusion detection which is up-to-date.

 

Since you seem to be so sure of that, tell me where the behavioral analysis came from, if not Sana.

 

For those of us that used to use Sygate as a separate entity from our other security products this still won't be a revival because they won't sell the firewall separate from that bloated security suite.

If they did, and it turned out to be a nice product, they may get some money from me. But I have not seen the firewall sold separate from other products since they first purchased Sygate initially.

 

I don't think there is much of a commercial market for just a straight firewall anymore.. I doubt they'd waste their time with anything like that.

 

The nice thing about the Sygate firewall in SEP is that it has the potential to provide some degree of outbound protection without the endless pop-ups that are unacceptable for the typical work environment.

Signatures can cover a variety of generic malware communication methods, so zero day variations of malware that are simply altered to avoid flat file scanning might be detected. Anyway, that is why I think up to date signatures are important. Why would Symantec be issuing weekly updates to the signatures otherwise?