Symantec Endpoint NTP 11.0 = Sygate

Discussion in 'other firewalls' started by Yoda1953, Dec 1, 2007.

Thread Status:
Not open for further replies.
  1. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    After viewing the thread Firewall Screenshots I saw Sygate :thumb: back in this Symantec product. Way to go, Sygate. So it wasn't 'shelved' afterall.

    Any experience anyone, like BG ?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I will be testing this thingie soon, just for the sake of testing.
    But it's not Sygate anymore, it's Symantec ... unfortunately.
    Mrk

    P.S. From the screenshot, it looks Sygate all right. Why not use Sygate then?

    P.S.S. If what MS did with Giant is an indicator, I'm afraid to think what the monsters might do to this great firewall...
     
  3. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    So it asks for permission for all apps connecting to the internet like Sygate did?

    If so, have they fixed Sygate's local proxy hole?
     
    Last edited: Dec 2, 2007
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    There is a significant layoff at Symantec house.

    Perhaps, It is a strong indication that something much different from the ugly past will finally materialize. Keep our fingers crossed.
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Sygate relies in part on signatures which are very out of date.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    What do you need the signatures for?
    Mrk
     
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Signatures are for intrusion detection, possibly for unusual outbound protocols associated with bots.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    The sigs in the Sygate Pro version were for the IDS, which I always thought was for detecting inbound exploits, not outbound. But who knows... perhaps I am wrong there...

    Don't know if the IDS stuff is incorporated into SEP11, I kinda doubt it.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    You didn't understand my question. I know what they are for.
    Why do you need them? As in, why are they important - to you?
    Mrk
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I personally could care less about them... I can't speak for others though... maybe Diver likes 'em for some reason...
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    Could Sygate with IDS be the same as BlackIce PC Protection, which is a firewall with updated IDS signature. Although BlackIce no longer available for sale, it still updates signatures until Oct, 2008.

    Some of commercial Firewall such as discontinued McAfee desktop Firewall does come with IDS, its successor HIPS 6 or 7 also has updated IDS signatures.

    According to BlackIce's prod info, it can scan every packet ( is this a right term?) with signatures, and can stop /send alert to PC user, moreover, if you wish, it can also trace back to the place of origin (with the aid of another app, could not recall its name). Take care.
     
  12. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    See here, here and here (thanks Diver)

    What happened to some features such as Anti-IP spoofing in Symanterc Endpoint?

    Symantec has now redone Sygate Personal Firewall to target businesses not home users. Symantec would probably continue updating the IPS/IDS signatures now that they have re-released Sygate as Symantec Endpoint 11.

    Does anyone know why its 11? Surely Sygate was version 5? :D
     
  13. BG

    BG Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    214
    Yoda ... I'm not a big tester just use software that doesn't bog down my system and keeps me relatively safe (ymmv). I also rely on the folks at Wilders and DSLReports security forum for insite. I d/led the trial for Endpoint from the Symantec site and it lasts for 4 months. Got it loaded on 5 of my boxes (XP Home & Pro and Vista). It runs quiet on all systems. No slow down in performance (again ymmv). I still haven't got used to the Symantec/Sygate firewall concept but getting there. Just for grins I uninstalled the firewall portion on one system and installed ZA AS. This suprisingly runs well :eek: . I also tryed the same with OA free and that worked too. So??
     
  14. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Well, I can't say exactly what the signatures do because there is not much information on that, nor can I tell you what the practical effect of not being up to date is. However, that could be said about just about any security product. All I can say is that signatures are part of the product design and in SEP 11 new network protection signatures are published about once a week.

    SEP 11 is a roll up of various purchased technologies including the Sygate firewall, Sana behavioral analysis, andI believe the root kit detection comes from Veritas. The original Norton Antivirus technology was purchased from IBM, but there is no telling what is in there now.
     
  15. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    Thanks for your answer BG.
    There are some reactions here too.
    I tried a trial too now (after imaging ;) ).
    The firewall side looks like sygate alright, and even the IDS is updated through liveupdate. But what I really missed was that applications could not be asked to access internet only block or allow options. And the applications window was empty even after letting some apps connect to internet. Didn't like that, so I restored my image again with my good old Sygate pro.


    Cheers.
     
  16. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Sygate has a pretty poor Intrusion Prevention engine compared to what Symantec had even in the last version (Symantec Client Security 3.0). SEP 11.0 now includes both the old Sygate engines (for customers that have written their own custom signatures for that engine) and Symantec's own highly advanced IPS engine (similar to ISS) where the signatures are updated VERY often. See http://www.symantec.com/avcenter/security/Content/Product/Product_SEP.html
     
  17. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    There is NO Sana behavioral Analysis in SEP. Not sure where you got that from.
     
  18. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    All firewall functionality in SEP is purely based on Sygate technology. There is no Symantec firewall functionality at all. Any missing Sygate functionality is purely because the former Sygate team felt that that protection was not being used or not providing any real protection.
     
  19. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    11 because thats the next number after SAV 10.0, the previous version of the endpoint protection even though SAV doesn't have anything but AV. Ideally it should have been SEP 4.0 which would have followed from the previous endpoint suite i.e. Symantec Client Security 3.0, but I guess they felt they will follow on from the SAV versioning.
     
  20. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469

    As mentioned, SEP does have the Sygate engine but only to support customer's custom signatures. The real value and protection comes from Symantec's own IPS engine thats much more advanced than Sygate's and the signatures are being updated constantly http://www.symantec.com/avcenter/security/Content/Product/Product_SEP.html.

    This engine is a lot more advanced that BlackIce PC Protection.
     
  21. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    SEP11 includes intrusion detection which is up-to-date.
     
  22. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater

    Since you seem to be so sure of that, tell me where the behavioral analysis came from, if not Sana.
     
  23. Juggernaut

    Juggernaut Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    60
    For those of us that used to use Sygate as a separate entity from our other security products this still won't be a revival because they won't sell the firewall separate from that bloated security suite.

    If they did, and it turned out to be a nice product, they may get some money from me. But I have not seen the firewall sold separate from other products since they first purchased Sygate initially.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I don't think there is much of a commercial market for just a straight firewall anymore.. I doubt they'd waste their time with anything like that.
     
  25. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    The nice thing about the Sygate firewall in SEP is that it has the potential to provide some degree of outbound protection without the endless pop-ups that are unacceptable for the typical work environment.

    Signatures can cover a variety of generic malware communication methods, so zero day variations of malware that are simply altered to avoid flat file scanning might be detected. Anyway, that is why I think up to date signatures are important. Why would Symantec be issuing weekly updates to the signatures otherwise?
     
Thread Status:
Not open for further replies.