Endpoint Protection

 View Only

What's new in SEP 12.1 RU2 

Nov 20, 2012 02:45 AM

Hello Everyone,

Previously we have seen What's new in SEP 12.1 RU1 MP1

Now Symantec has released SEP 12.1 RU2 with many new features and enhancements.For more detail info check this article.

I have tried to list down few of them.

Especially I would like to show changes/additions in GUI, inhancements.

1. Security Virtual Appliance

Path: SEPM --> Monitors --> Security Virtual Appliance

A Symantec Endpoint Protection Security Virtual Appliance is a Linux-based virtual appliance that you install on a VMware ESX/ESXi server. Symantec Endpoint Protection Security Virtual Appliance integrates with VMware's vShield Endpoint and hosts the Symantec Endpoint Protection Shared Insight Cache server.

Shared Insight Cache lets Guest Virtual Machines (GVMs) share scan results so that identical files need to be scanned only once across all GVMs on the ESX/ESXi host. Shared Insight Cache improves performance of full scans by reducing disk I/O and CPU usagec

2. Early Launch Anti-Malware Driver:

Early launch anti-malware (ELAM) protects client computers from threats that load at startup. Symantec Endpoint Protection includes an early launch anti-malware driver that works with the Microsoft early launch anti-malware driver to provide the protection. The settings are supported on Microsoft Windows 8.

The early launch anti-malware driver is a special type of driver that initializes first and inspects other startup drivers for malicious code. When the Symantec Endpoint Protection driver detects a startup driver, it determines whether the driver is good, bad, or unknown. The Symantec Endpoint Protection driver then passes the information to Windows to decide to allow or block the detected driver.The Symantec Endpoint Protection settings provide an option to treat bad drivers and bad critical drivers as unknown. Bad critical drivers are the drivers that are identified as malware but are required for computer startup. By default, Windows allows unknown drivers to load. You might want to select the override option if you get any false positive detections that block an important driver. If you block an important driver, you might prevent client computers from starting up.

The Windows early launch anti-malware driver must be enabled for the Symantec Endpoint Protection settings to take effect. You use the Windows Group Policy editor to view and modify the Windows ELAM settings. See your Windows 8 documentation for more information.

Path: SEPM --> Virus & Spyware Protection --> Edit assigned Policy --> Protection Technology --> Early Launch Anti-Malware Driver

Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) options

http://www.symantec.com/docs/HOWTO81106

3. Explicit Group Update Provider for Roaming Clients:

It will allow clients to use GUP's outside their subnet.

Only configurable through SEPM

This is not auto discovery feature

Path: SEPM --> Policies --> Liveupdate Policy --> Edit liveupdate setting policy --> Server Settings --> Group Update Provider

4. Client Deployment Wizard:

Now you can successfully replace communication file only. No need to re-deploy entire pacakge in case of communication issue.

SEP 12.1 RU2 onwards no need to use Sylink replacer utility.

You can check this article to learn more about it:

https://www-secure.symantec.com/connect/articles/sep-12-ru2-and-reset-client-communication

5. New third party products are added under Software security removal feature.

Check this article

Third-party security software removal support in Symantec Endpoint Protection 12.1 RU2

http://www.symantec.com/docs/TECH195029

6. New Cleanwipe version is introudced & it works/performs much better.

Check this article to know more about it

https://www-secure.symantec.com/connect/articles/new-cleanwipe-version-introuduced-sep-121-ru2

 

 

Here are few Articles provided below which would provide more information on the Latest Version Released:

SEP release details can be found here: http://bit.ly/m0vOJp

What's new in Symantec Endpoint Protection 12.1.2

http://www.symantec.com/docs/HOWTO81091

System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.2

http://www.symantec.com/docs/TECH195325

New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2

http://www.symantec.com/docs/TECH199676

Upgrading or migrating to Symantec Endpoint Protection 12.1.2011 (RU2)

http://www.symantec.com/docs/TECH197426

I hope it's informative

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

May 24, 2013 02:59 AM

are you using the SQL authentication or windows authentication?

what is the SEPM version?

 

May 24, 2013 02:49 AM

hello,

check this

Unexpected server error. Error Code: 0x10010000.

Article:TECH200253  |  Created: 2012-11-29  |  Updated: 2012-12-19  |  Article URL http://www.symantec.com/docs/TECH200253

 

Apr 30, 2013 07:40 AM

hi chetan

we have getting error on SEPM console and we have not able to view in home, monitor and report pages. please help me, i have solution for it that is repari to SEPM or restart the SEPM server database and manager service or run reconfirguration wizard. 

 

but i have more than 12000+ sep clients on sepm console and i have 2 sepm server in lod balancing state.

please help me.

 

Error-unexpected server error.ErrorCode: 0x10010000

Apr 16, 2013 03:45 AM

great

Apr 16, 2013 02:29 AM

Hi,

Symantec Endpoint Protection provides an ELAM driver that works with the Microsoft ELAM driver to provide protection for the computers in your network when they start up. The settings are supported on Microsoft Windows 8.

Reference: Adjusting the Symantec Endpoint Protection early launch anti-malware (ELAM) option

http://www.symantec.com/docs/HOWTO81106

Managing early launch anti-malware (ELAM) detections

http://www.symantec.com/docs/HOWTO81107
 

Apr 16, 2013 12:58 AM

ELAM is included in windows 8 platform , its not applicable for win 7.

Apr 16, 2013 12:31 AM

Hii Chetan,

 

I have a query that ELAM is basically for Windows 8 and Windows Server 2012  ? or for Windows 7 too.

Basically Our Organisation has Windows 7 machine So ELAM feature with Symantec 12.1RU2 can this be useful to detect the drivers and analyzed accordingly to good or bad drivers ?

Awaiting for your Reply

Thanks & Regards

Aniket Shirke

Apr 08, 2013 02:21 AM

I've already gone through these links - these links are referring to installation part and what is SVA. I'm looking for the document so i can troubleshoot the issues related to SVA.

In my environment I've installed SVA and it was working very perfectly - now no VDI clients is reporting to SVA. I've logged a case with Symantec and they are still researching it.

Apr 08, 2013 02:14 AM

Look this symantec Kb's

About the Symantec Endpoint Protection Security Virtual Appliance

Article:HOWTO81080  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81080

Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file

Article:HOWTO81082  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81082

 

Apr 08, 2013 02:10 AM

Hi,

You can refer these articles:

What do I need to do to install a Security Virtual Appliance?

http://www.symantec.com/docs/HOWTO81110

Installing a Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81083

About the Symantec Endpoint Protection Security Virtual Appliance

http://www.symantec.com/docs/HOWTO81080

Configuring the Symantec Endpoint Protection Security Virtual Appliance installation settings file

http://www.symantec.com/docs/HOWTO81082

Apr 08, 2013 01:15 AM

Can anyone have document which explains the working of SVA?

Jan 04, 2013 01:47 AM

thanks a lot Every1..

Jan 04, 2013 01:06 AM

Hi Rupesh,

No need to use Sylink replacer from SEP 12.1 RU2 onwards.

You can use new feature "Communication Update Package deployment"

Benefits:

No need to send entire package to restore communication with Manager.

No more dependency on Sylink replacer/Sylink drop tool.

Easy to use.

Check this article: https://www-secure.symantec.com/connect/articles/sep-12-ru2-and

Jan 03, 2013 10:50 PM

Hi Chetan,

 

now we are planning to replace sylink.xmlfile in 5000+ SEP cleints most of SEP Clients are 12.1 ru1 mp1 and our server is 12.1 ru2 can we push sylink.xml file with sepm new feature that "communication update package deployemnet" is it ok .

 

or we need to use sylink replacer tool.

please sugggest.

Dec 16, 2012 11:43 PM

you have to replace the sylink to make unmanaged clients to managed clients.

Dec 16, 2012 11:41 PM

HI,

Check this artical.

 

How to convert Symantec Endpoint Protection (SEP) clients from managed to unmanaged without uninstalling and reinstalling

Article:TECH104010  |  Created: 2008-01-19  |  Updated: 2011-09-16  |  Article URL http://www.symantec.com/docs/TECH104010
 

 

Dec 16, 2012 11:35 PM

i have 100 unmanaged SEP Client of sep 11.6 version and my SEP Console is 12.1 RU1 MP1 how can i manage then to SEPM without manually replace sylink.xml file.

 

Dec 15, 2012 04:11 AM

Hi,

While adding machines to replace Sylink.xml you should use Domain admin password.

It's a just authentication process to add machines in the list.

Dec 15, 2012 12:32 AM

HI,

Do you have protect sep client with password ?

If yes you can put SEP client stop/Uninstall password..

Dec 15, 2012 12:28 AM

thanks,

 

4. Client Deployment Wizard: plesae explain me when i have tried to replace sykink.xml file through this at that time it is asking administrator password.?

which one it  need,? domain or work group.

my all clients are in domain.

 

 

Related Entries and Links

No Related Resource entered.