The tool combines traditional scanning, behavioral analysis, intrusion prevention and community intelligence into its security system.
Endpoint Protection is most commonly installed on a Windows Server class system, with a 32-bit or 64-bit processor using either the embedded database or SQL Server database. MS SQL 2000 and above are supported. The Symantec Endpoint Protection client is most commonly installed on Windows XP, Windows 7 32-bit or Windows 7 64-bit systems, Mac OX 10.5 or higher and Linux systems. Our copy was installed on our Windows 2003 Server and SQL 2005 database.
The implementation is straightforward. Admins launch the installer and the deployment is fully automated and menu driven. The binaries are fairly large, around 1.5G, but the software load went pretty fast. The Symantec Endpoint Protection Manager is loaded along with the database. We had an SQL server running on our server so it deployed using that resource. The software load took about 20 minutes. Once loaded, we were able to access the user interface for configuring our protection. The console was accessed as an application from the start menu.
The user interface (UI) is dashboard driven and attractively laid out. We had protection for anti-virus, firewall, intrusion prevention, and application and device control. Policies for each of these functional areas can be set from the UI menu. Admins can add to or edit the basic policies and can get very granular as to what is to be scanned. Application control was done well. It comes with basic rules sets that users can employ, customize or add to. The device control gave granular control of setting policies. The firewall comes with a number of built-in rules and was simple to configure. The firewall had a stealth mode feature to block websites from fingerprinting endpoints. Dashboard reports were great.
Leveraging, Insight and SONAR technologies, Symantec Endpoint Protection 12 blocks new and unknown threats missed by traditional signature, heuristic, behavioral and HIPS-based security solutions. We did not test catch rates or performance claims, but the documentation does state that the technology is optimized to eliminate up to 70 percent of scan overhead, reducing load on the endpoint. For virtual environments, Endpoint Protection can whitelist images and maintain a local cache of scanned files shared across VMs reducing load on the disk farm and increasing virtual instance density.
Symantec offers basic maintenance that includes telephone support between 8 a.m. and 6 p.m. with Symantec Endpoint Protection 12. Essential support is available as an upgrade and fees vary. Documentation was sufficient to get through the install process.