Endpoint Protection

What are the different between Symantec Endpoint protection and Symantec Scan Engine?

Why we need both in same environments?

Symantec Scan Engine is for content scanning network attached storage/filers/net apps, etc..You can check the guide here

https://www.symantec.com/business/support/index?page=content&id=DOC4615&key=55108

Symantec Endpoint Protection is a client-server solution that protects laptops,
desktops, Mac computers, and servers in your network against malware. Symantec
Endpoint Protection combines virus protection with advanced threat protection
to proactively secure your computers against known and unknown threats.
Symantec Endpoint Protection protects against malware such as viruses, worms,
Trojan horses, spyware, and adware. It provides protection against even the most
sophisticated attacks that evade traditional security measures such as rootkits,
zero-day attacks, and spyware that mutates. Providing low maintenance and high
power, Symantec Endpoint Protection communicates over your network to
automatically safeguard computers against attacks for both physical systems and
virtual systems.

Symantec Endpoint Protection is a software base, installed locally on a computer system in order to provide real-time virus protection, network threat protection, including Mail scanning and Firewall as well as an IPS (intrusion prevention system) on a single node in an IP network.

Symantec Endpoint Potected nodes can than either manage themselves (unmanaged) or be managed by a centralized server (SEPM) for content management and updates.

* * * * * * *

Symantec Scan Engine is a centralized node in your network that scans content from clients which have implemented the scan engine.  The only way I could describe this, would be, it's closer to a proxy or scannign device.  The client machine (individual nodes) is not scanning content the machine hosting the Symantec Scan Engine is.

Have you seen the implementation PDF?

http://www.symantec.com/business/support/index?page=content&id=TECH83878

The short description:

http://www.symantec.com/business/support/index?page=content&id=TECH83878

Hello,

Symantec Scan Engine and Symantec Endpoint Protection are 2 different products.

Symantec Scan Engine, formerly marketed as Symantec AntiVirus Scan Engine, is a carrier-class content-scanning engine. The scan engine features all of the key content-scanning technologies that are available in the complete line of Symantec enterprise security products. The scan engine provides content-scanning capabilities to any application on an IP network, regardless of platform.

Reference: 

The function and role of Symantec Scan Engine

http://www.symantec.com/docs/TECH83878

Knowledgebase: http://www.symantec.com/business/support/index?page=releasedetails&key=55108

Whereas 

Symantec Endpoint Protection offers superior anti-malware protection for Windows, Macs and Linux computers – Detected 25% more threats than any other vendor tested; and removes more malware and scans faster than any product in its class.

Check this:http://www.symantec.com/endpoint-protection

Knowledgebase: http://www.symantec.com/business/support/index?page=landing&key=55108

Hope that helps!!

Thanks all,

But can you please tell me what I can do with Symantec Scan engine but not with SEP?

SEP is host based , Scan engine works on ICAP protocol. Scan engine does content check to some extent which scan engine cannot.

Hello,

SEP is a file system level scan, meaning it has drivers that allow SEP to scan an item before it is accessed.  Scan Engine is a scan on demand process, meaning that it sits and waits for information or an item to be passed to it. 

Scan Engine can be used to scan items as they are being submitted through a website or can work with Netapp, EMC filers or MS Sharepoint to scan items as they are committed or modified on the file system.

Definitions cannot be managed by a SEPM for the Scan Engine product.  Scan Engine would need to be allowed to pull definitions from the internet or from an LUA server. http://www.symantec.com/docs/TECH90305

Hope that helps!!

Hi all,

Actually I want what I can do with Scan engine which I can’t do with SEP?

Scan engine is only for attached storage so it has the auto protect feature similar to SEP. Other than that it does not have much else in common with SEP.

Hi Brian81,

It means it’s not detecting virus and worms?

It’s not monitoring any new virus which are comes on server?

It’s only monitoring a application and URLs?

it detects malwares, as the definitions are released for scan engine as well.

Hi jeson1222,

You mean to say, there is no need to install Symantec Scan engine agent on all an Endpoint system.

if so then How I can integrate my server to scan with Symantec Scan Engine?

and  how it will detect which system try to access which URL?

It will monitor viruses for your attached storage.

Your user will access a file on your SAN and it will be scanned before they can access the file.

Definitions are also updated on a regular basis.

Dear Brian81,

Can you please let me how I can assign any server to get scan with Symantec Scan engine?

It's a configuration setting in the Scan Engine. You configure it to look at your SAN so those files can be scanned.

Hi Brian81,

You mean to say I can only scan SAN drives. If support I have windows server 2008 and I want this server must get scan with Scan engine then will I able to do that?

Scan Engine ( what you would be using be SAV for NAS) 

With SEP you can only Scan your local hard Drives and if mapped then network drives.

With SAV for Nas/Scan Engine you can scan your NAS Drive centrally.NAS does not have an Windows OS and its not fixed Drive.

SEP is only for Windows and MAC computers.

SAV for NAS is not for computers but for Network Attached Storage.

SAV for NAS will not Scan you machine or would have PTP and NTP (firewall/IPS/ ADC/Insight/Sonar ) it will not scan activity of the user.

This is really only for NAS.

SEP can take care of Server 2008.

Thanks Vikram,

It means if I am installing Scan Engine then we are using SAV Antivirus?

SAV Antivirus is a different product SAV is also a host based AV its not for SAN or any other applications.

Scan Engine is can be used not just with NAS but it can be connected to any of your custom Application or  Sharepoint etc..

SCAN engine will not protect your host machine..you will have to install SEP on the machine you have hosted Scan engine.

Thanks Vikram,

But can you please tell me how I can connect any application to get scan through it and secondly it’s on demand application scanner then how our application request for scan?

SCAN Engine is real time scanner and does not do scheduled scans.

You will have to write a connector to your application so that scan engine can talk to your application.

Now what is connecter? Can you please share the doc for the same?