Symantec Endpoint Protection (review & explanation)

Status
Not open for further replies.

Striker

Level 7
Verified
Mar 27, 2013
327
Thanks for this Umbra, thats a real review! not like the youtube review "tests".. im thinking to use symantec endpoint protections, seems realy nice. thanks again, greez
 
  • Like
Reactions: Deleted member 178

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
SEP or NIS?Who is better...

SEP would be better as its the industrial version of NIS which is a home version.
Also SEP and NIS are miles apart in terms of options. These 2 packages cannot be compared as NIS is internet security for home use, while SEP is end point protection made for corporate networks and such.
 

robin hood

Level 4
Verified
Dec 12, 2012
173
SEP would be better as its the industrial version of NIS which is a home version.
Also SEP and NIS are miles apart in terms of options. These 2 packages cannot be compared as NIS is internet security for home use, while SEP is end point protection made for corporate networks and such.
what we recommend for home computer?Can I use SEP for home computer?
 
Last edited:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Although I haven't had any dealings with SEP for about a year, I felt the Firewall component in former builds was superior (and I'm certain that at a minimum that continues). For example, I ran a true zero-day RAT on a system protected by SEP (without any Application Control Policy hardening) and at the first whiff of a connection to the C&C the Firewall popped up with a "Connection to malicious site detected- Traffic stopped for (I forget how many) minutes". So even though the malware itself was not detected, the malicious activity was.

And Nico (and I don't mean to burden you)- as the point that you made above shouldn't be lost, with your familiarity with SEP can you comment further on the limitations of just installing SEP as an Unmanaged client on a home computer for those who may be considering it?
 
Last edited:

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Although I haven't had any dealings with SEP for about a year, I felt the Firewall component in former builds was superior (and I'm certain that at a minimum that continues). For example, I ran a true zero-day RAT on a system protected by SEP (without any Application Control Policy hardening) and at the first whiff of a connection to the C&C the Firewall popped up with a "Connection to malicious site detected- Traffic stopped for (I forget how many) minutes". So even though the malware itself was not detected, the malicious activity was.

And Nico (and I don't mean to burden you)- as the point that you made above shouldn't be lost, with your familiarity with SEP can you comment further on the limitations of just installing SEP as an Unmanaged client on a home computer for those who may be considering it?

Well SEP as a unmanaged client still offers you way above average protection, however you will have to go into the settings and configure EVERYTHING yourself. keep in mind i mentioned earlier that SEP is a industrial product, so the package on its own is basically just a bare bone solution, because as i said you have to add custom rules, you have to configure everything yourself in order to make it close to perfect.
Now the simplicity of configuring it yourself comes directly from the package itself that houses most of the critical protection rules, where Antivirus/exploit/malware/spyware/zero-day and vulnerability modules do work as a team to give the firewall the hardening it needs.
For example, traditional AV programs rely on a engine that takes it rules and detection methods from 1 or 2 sources within the package and as such most modules work alone and report to the UI engine which will report the issue and takes action as designed right? Now SEP is different as it has a number of engines each specialized upon their own abilities yet they are very much one engine. As the decision making is not only based upon fixed protocols. As the package will run every bit of data trough various engines.
And because SEP has the ability to anticipate actions done by malware and malicious actions it can stop things before they even happened.
Keep in mind a firewall is not a anti malware engine, yet SEP's firewall very much detects malware in the same fashion as it would detect a hack attempt. The reason for this is that SEP will talk to the windows OS and gather all the info about a file or data stream/action then compare that info to the last known reference (when the file passed the engine) and then it makes a call to Symantec to get additional info about the file/behavior/routine and so on. Now if all these sources match with the routine the data stream shows then the file is being tagged and passed. However while the file is passed trough it is still tagged and the moment the file changes outside the predefined routines SEP will directly intervene and take the file and all its routines out of the memory and block it or deal with it.

Now thats the unmanaged version. The managed version is very much the same however it does not take actions by its own as it will report to a master server who has the final word, and can roll back ANY change made.
For example the malware cryptolocker could defeat SEP unmanaged as a unmanaged version does need "user" supervision who might allow a file when it should have been blocked. Or might have forgotten to add custom rules.
SEP managed version does not rely on your actions, infact SEP does not need you and malware like cryptolocker on the client pc cannot infect the system as SEP will make everything session based.
So to make it easy there is no data it can infect as the master server is usually strictly configured to allow certain actions and block all others by default. And the local client cannot change it even if they wanted to, on top of that if i take our own master server as example it has hundreds of custom rules, blocking everything except those rules we want to allow. And thats not only traffic/data but that is system wide.
Also SEP takes security rules from system sources and servers and add them to your SEP master database, which you can make as comprehensive as you want/like and need.
One could say that a client PC suddenly is being put into full sandbox mode. it cannot process any data without a explicit green light from the master server.
So what do you want me to say? If SEP does not explicit tell the client computer to do something then it will intervene and rollback towards the last point of "green light" reference.
And while SEP is a software package it can work together with most AAA+ grade hardware firewalls and together they are pretty much military grade protection. As the level of security that can be obtained is only limited by the very rules you create within the closed off master server. Keep in mind the master server itself is on a closed network and the only 4 connections it has =

1: Secure link to Symantec
2: Secure direct link to the hardware firewall link up
3: All client PC's and computers/servers
4: optional backup server/failover/anti ddos

So for a hacker to shut it down it has to go past multiple layers of security.
Now while SEP has been compromised several times during international hacking attacks, the master server has yet not been beaten ever.
5 years in a row several major hacking events tried to break a SEP control server and zombie it. And all failed.

One has to realize SEP is IMO fantastic even while i hate Symantec as they are a bunch of over payed greedy *beep* *beep* *beeps*
yet their product SEP and the additional support available + the enormous capability that SEP has is a winning combination.

That being said there might be other vendors that do a better job in their own respective fields, but when it comes to endpoint protection then both Symantec and Sophos offer a complete solution that makes all other end point vendors look like amateurs.
But again i am saying that SEP and Sophos are NOT designed with plug and play in mind, they do have been designed to offer you as much flexibility as you need to configure it to your needs and while doing so, ones configured it will offer you pretty much the best software level protection within the market. But it will take time, effort and knowhow as SEP is only as strong and the very configuration you put into it. That said SEP in the hands of security specialist or a team of security / ICT administrators that build the company network from scratch to finished state can truly be close to perfect.

I hope this helps.
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
long post but always interesting ^^

Thanks at least one person that takes the time to read a wall of text...
Now you can officially call yourself my personal wall of text junk

WALL_OF_TEXT_by_Blackwaterflame.jpg
 
  • Like
Reactions: Deleted member 178

robin hood

Level 4
Verified
Dec 12, 2012
173
symscreen_zps0cf4e78d.jpg
[/URL][/IMG]
a>


just install SEP(unmanaget client)home computer with reccomended setting from here.
when put USB in computer no autoscan...how to change setting to autoscan USB
link scanner(bd-trafficlight,avg link scanner..)..what to use or not need
how to setting DNS change and Host in(Proactive Threat Protection) System change Detection(defaults is IGNORE)
(sorry for bad english)
 

wajiman

Level 5
Verified
Jul 18, 2013
242
As far as my experience goes with SEP, its a completely a different level of product as compared to NIS and N360. In my opinion, it offers much more better protection plus zero day detection. I wonder why dont they implement somewhat of same technology for home users. :/
 

Cch123

Level 7
Verified
May 6, 2014
335
symscreen_zps0cf4e78d.jpg
[/URL][/IMG]
a>


just install SEP(unmanaget client)home computer with reccomended setting from here.
when put USB in computer no autoscan...how to change setting to autoscan USB
link scanner(bd-trafficlight,avg link scanner..)..what to use or not need
how to setting DNS change and Host in(Proactive Threat Protection) System change Detection(defaults is IGNORE)
(sorry for bad english)

Well this is exactly why Symantec Endpoint is meant for industries, while Norton 360/antivirus/internet security is meant for home users. For the home products, you are good to just install and use. However, Symantec endpoint requires you to pour through the documentations to configure for your own needs. And most likely you will need to understand the various technologies involved and windows itself in order to create custom rules, which is basically the main benefit of Endpoint protection.

As far as my experience goes with SEP, its a completely a different level of product as compared to NIS and N360. In my opinion, it offers much more better protection plus zero day detection. I wonder why dont they implement somewhat of same technology for home users. :/

That's mainly because the technologies involved can cause problems with softwares installed and needs to be customised for each enterprise. A trained administrator is needed to configure and be there when something breaks. However, for home users, the moment something breaks, they start complaining and have no idea what went wrong. However, as the technologies involved matures, they will be brought down to home products. E.g. Kaspersky Zeta shield.
 

Rahadian Putra

Level 9
Verified
Well-known
Jan 28, 2014
444
As far as my experience goes with SEP, its a completely a different level of product as compared to NIS and N360. In my opinion, it offers much more better protection plus zero day detection. I wonder why dont they implement somewhat of same technology for home users. :/

From my humble opinion, I think SEP is designed for IT Administrator which I believe they already familiar with creating custom rules, and how to configure it properly etc, but when SEP being used by home users or an average joe, it would simply fail due to it's complexity. IMO I even believe Symantec's home product (like NIS/306) is complicated for normal home/casual users, it is why most of them just complained and keep saying norton is a bad product, when anyone looking for a simple internet security..then symantec is not the best choice, and they would likely disappointed, but when it used by advanced users who can tweak it properly, then symantec is one of the best choice. In fact I highly recommend it :)
 
D

Deleted member 178

Thread author
For advanced users, there is no much choices:

Norton/Symantec , Eset , Kaspersky and *cough cough* Comodo
 
  • Like
Reactions: Rahadian Putra

robin hood

Level 4
Verified
Dec 12, 2012
173
sym_zps1189e391.jpg
[/URL][/IMG] SEP uninstalled with RevoUninstaller...now can't open yahoomail and oder mail.Flush DNS and clear with Ccleaner,privazer no help.New windows installation today and again no open yahoomail.How to complet uninstall SymantecEndpoint Protection? Any uninstall tool?

There is a problem with this website’s security certificate.


The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.


We recommend that you close this webpage and do not continue to this website.





down.png
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
sym_zps1189e391.jpg
[/URL][/IMG] SEP uninstalled with RevoUninstaller...now can't open yahoomail and oder mail.Flush DNS and clear with Ccleaner,privazer no help.New windows installation today and again no open yahoomail.How to complet uninstall SymantecEndpoint Protection? Any uninstall tool?

There is a problem with this website’s security certificate.


The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.


We recommend that you close this webpage and do not continue to this website.





down.png

Uhhhm why would you use RevoUnistaller for SEP?
The uninstaller made by symantec is GREAT there is no need for RevoUninstaller as it cannot handle the advanced configuration changes made by Symantec.
It would be best to re-install SEP and then remove it using its own tool, Because Revo just messed up the settings ...
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
symscreen_zps0cf4e78d.jpg
[/URL][/IMG]
a>


just install SEP(unmanaget client)home computer with reccomended setting from here.
when put USB in computer no autoscan...how to change setting to autoscan USB
link scanner(bd-trafficlight,avg link scanner..)..what to use or not need
how to setting DNS change and Host in(Proactive Threat Protection) System change Detection(defaults is IGNORE)
(sorry for bad english)

My advise would be based upon your questions, remove SEP and take avast or any other much more simple program.
Because i think SEP is to much for you.
 
  • Like
Reactions: Thunderbold

robin hood

Level 4
Verified
Dec 12, 2012
173
Alright can you provide me with some screenshots? And the full adress of the specific key then i will personally help you uninstall it.
today installed new windows 7 pro x86...problem to open yahoomail and other mail is steel here(sorry for bad English).Now go to again install SEP...and again uninstall.See later,

problem solved...with clearwise in save mode...
ss1savemode_zps59eb6275.jpg
[/URL][/IMG]
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top