Symantec Endpoint Protection is the newest Symantec AntiVirus product, combining technologies from previous Symantec products in a new interface:
Antivirus and Antispyware: Antivirus and Antispyware scan for viruses and for other security risks, including spyware, adware, and other files that can put a computer or a network at risk.
Personal Firewall: The Symantec Endpoint Protection firewall provides a barrier between the computer and the Internet, preventing unauthorized users from accessing the computers and networks. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
Intrusion Prevention: The intrusion prevention system (IPS) is the Symantec Endpoint Protection client's second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
Proactive Threat Scanning: Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.
Device and Application Control: Device-level control is implemented using rule sets that block or allow access from devices, such as USB, infrared, FireWire, SCSI, serial ports, and parallel ports. Application-level control is implemented using rule sets that block or allow applications that try to access system resources.
New features
For Symantec AntiVirus Corporate Edition customers, new technology features include:
Firewall
Intrusion Prevention
Proactive Threat Scanning
Device and Application Control
For Symantec Client Security customers, new technology features include:
Proactive Threat Scanning
Device and Application Control
Additional new features for all Symantec AntiVirus customers include:
New client software user interface: The client user interface has been redesigned.
Kernel-level rootkit protection: Symantec Endpoint Protections expands rootkit protection, to detect and repair kernel-level rootkits. Rootkits are programs that hide from a computer's operating system and can be used for malicious purposes.
New management console: The management console has been redesigned and is called the Symantec Endpoint Protection Manager console.
Role-based administration: Allows different administrators to access different levels of the management system based on their roles and responsibilities.
Group Update Provider: Symantec Endpoint Protection clients can be configured to provide signature and content updates to clients in a group. When clients are configured this way, they are called Group Update Providers. Group Update Providers do not have to be in the group or groups that they update.
Location awareness: Symantec Endpoint Protection expands location awareness support to the group level. Each group can be divided into multiple locations, and, when a client is in that location, policies can be applied to that location.
Policy Based settings: Policies now control most client settings, and can be applied down to the location level.
Domains: Domains let you create additional global groups. This feature is advanced and should be used only if necessary.
Failover and load balancing: If you have a large network and need the ability to conserve bandwidth consumption, you can configure additional management servers in a load-balanced configuration. If you have a large network and need the ability to configure redundancy, you can configure additional management servers in a failover configuration.
Replication : Data fromMutiple sites can be repliacted into one site
SQL Database support: Symantec Endpoint Protection now stores client information in a database on the management server. Where legacy products stored information in the registry, Symantec Endpoint Protection Manager now stores all information about client computers in a SQL database (either the embedded database or a Microsoft SQL database).
Enhanced LiveUpdate: LiveUpdate now supports the downloading and installation of a wide variety of content, including definitions, signatures, white lists to prevent false positives, engines, and product updates.