Site of promotion
https://www.comss.ru/page.php?id=569
Event
  1. Other type of event
Instructions
Download unmanaged from the link below Symantec Endpoint Protection

Vitali Ortzi

Level 20
Verified
Perhaps not so clever question, but will Windows Firewall be disabled?
By default yes but you shouldn't have any issues using both in case you are too lazy to import them since I have no knowledge of an automated firewall policies migration from defender firewall.

Anyway you should be warned running both firewalls at the same time since it might create conflicts and performance degradation as well as the vender Broadcom doesn't recommend doing it as well .

But if you have a huge defender policies setup I would recommend automation via scripting using the rest API and python .
 
Last edited:

JoyousBudweiser

Level 9
Verified
There is an update to Symantec Endpoint Protection. New version is 14.3 MP1 (14.3.0.1) (14.3.1148.0100). the update is also available in the original download link.

What's new for Symantec Endpoint Protection 14.3 MP1 (14.3.0.1)
Last Updated August 6, 2020
This section describes the new features in this release.
    • A REST API enhancement lets you copy over settings in the
      General Settings
      policy to other groups. If you do not have inheritance for groups enabled, you can use the API call to change settings for multiple groups. For example, you can set the heartbeat and download randomization values, enable Tamper Protection, and configure Server control options.
    • The Audit log includes details about policy changes, such as whether a policy was withdrawn or reassigned to another group, who made the changes, and which settings changed. This change adds a log line containing the policy payload when a policy change is made and recorded.
    • External logging forwards information about the type of scan to Syslog servers. This information includes whether the scan was a full scan or active scan and a manual or scheduled scan. This change adds a new SCAN_TYPE column in External Logging for scan events. You can use this information to track regularly scheduled scans on your client computers.
    • The Symantec Endpoint Protection Manager Administrative Log displays the administrator's user name and the source and destination group names after a client moves from one group to another.
    • Added command-line scan support for the Windows Subsystem for Linux (WSL) processes. Dependent on SDS 1.12 or later.
      What is the Windows Subsystem for Linux?
    • The database schema includes the following table changes:
        • SEM_AGENT: TDAD_GLOBAL_DATA_PROCESSING_DONE_TIME (Timestamp for when the agent is done processing the TDAD policy).
        • SERVER_POLICY_LOG_1 and 2: EVENT_CONTENT (Stores the policy contents when added, edited, or deleted after Audit Log option is enabled.)
 
Last edited:

Lenny_Fox

Level 15
Verified
[B said:
Vitali Ortzi[/B][]
It's the proactive and Auto protect causing high ram and CPU usage made a firewall and exploit mitigation only installation config (for replacing the heavy av component with a lighter one ) to get under 20mb ram and near zero CPU usage by SEP.

Would it be possible to run it along side Kaspersky Free or Windows Defender in this Firewall and exploit mitigtion mode?
 

Vitali Ortzi

Level 20
Verified

SearchLight

Level 11
Verified
Symantec Endpoint Protection: is this a free antivirus app with firewall than be used on a personal Home PC or is it for corporations only on servers?
 

Soulbound

Moderator
Verified
Staff member
Many moons ago, I used to run the firewall module only (credit to Umbra back then for suggesting). I still cant remember the reason why I stopped using SEP, since i had already access to McAfee products for Endpoint and other stuff.

Considering I have McAfee on one system and just rolled out EIS on another, I might do the switch to EIS for the spare system, keep McAfee Endpoint on my Son's laptop and give SEP a try (latest version) with AV module.

Thanks for sharing
 

Vitali Ortzi

Level 20
Verified
Many moons ago, I used to run the firewall module only (credit to Umbra back then for suggesting). I still cant remember the reason why I stopped using SEP, since i had already access to McAfee products for Endpoint and other stuff.

Considering I have McAfee on one system and just rolled out EIS on another, I might do the switch to EIS for the spare system, keep McAfee Endpoint on my Son's laptop and give SEP a try (latest version) with AV module.

Thanks for sharing
What I noticed is that resource usage from 14 to lastest 14.3 slowly got worse and worse used to be as light as Norton but not anymore unfortunately .
Anyway if you're used to MacAfee client you might feel underwhelmed from the lack of options in the client itself , a lot of stuff is hidden in the management server aka as SPEM.
As about the client it is slightly stronger then Norton (at least while playing with the options)
 

Soulbound

Moderator
Verified
Staff member
Forget about being underwelmed. 2 restarts and i still cant launch the GUI to begin with.
Searched online and seems like its a plague occasionally since 2014/2015

Also twice restart command was literally unresponsive, couldnt open any other program. had to force shut down.

Probably im just unlucky but I am not gonna waste anymore time with it.

McAfee aint really that heavy for me. It however starts to feel a bit heavy when I am running multiple EVE clients, but I never really excluded the processes/exe/folder (i should really).

And yeah, McAfee I can fully configure, either standalone client or via ePO deployment (i used to use ePolicy Orchestrator but then stopped since only one system at a time was using McAfee).

Shame really since SEP still uses a modified Sygate Personal Firewall to some extend.
 

Vitali Ortzi

Level 20
Verified
Forget about being underwelmed. 2 restarts and i still cant launch the GUI to begin with.
Searched online and seems like its a plague occasionally since 2014/2015

Also twice restart command was literally unresponsive, couldnt open any other program. had to force shut down.

Probably im just unlucky but I am not gonna waste anymore time with it.

McAfee aint really that heavy for me. It however starts to feel a bit heavy when I am running multiple EVE clients, but I never really excluded the processes/exe/folder (i should really).

And yeah, McAfee I can fully configure, either standalone client or via ePO deployment (i used to use ePolicy Orchestrator but then stopped since only one system at a time was using McAfee).

Shame really since SEP still uses a modified Sygate Personal Firewall to some extend.
Shame that Symantec basically bought it off and haven't added to much to it over the sygate Enterprise.

But yeah SEP is a really buggy program maybe even more than comodo XD
 

ak2901

New Member
Is there an easy way to upgrade to newer versions once they are released? On unmanaged client we have to do that manually IIRC but do we have to uninstall the current client first then install new or just run the new version setup.exe and will it upgrade?
Please anyone confirm.
 

JoyousBudweiser

Level 9
Verified
Is there an easy way to upgrade to newer versions once they are released? On unmanaged client we have to do that manually IIRC but do we have to uninstall the current client first then install new or just run the new version setup.exe and will it upgrade?
Please anyone confirm.
I have upgraded without uninstalling the previous version. Everything running fine, no issues till now.
 

Vitali Ortzi

Level 20
Verified
Is there an easy way to upgrade to newer versions once they are released? On unmanaged client we have to do that manually IIRC but do we have to uninstall the current client first then install new or just run the new version setup.exe and will it upgrade?
Please anyone confirm.
For updating the client you just need to download lastest client from cmoss.ru or update the client via the manager.
And uninstall isn't required to update the client
 

ak2901

New Member
Got rid of some bitcoin miners on my PC (maybe false positives), don't wanna bad rep any other AV but I was using emsisoft (since last year) and kaspersky since many years that wasn't able to detect those. I'll stick to this even if it is a but more intrusive.
 

ZeroDay

Level 29
Verified
Malware Tester
Got rid of some bitcoin miners on my PC (maybe false positives), don't wanna bad rep any other AV but I was using emsisoft (since last year) and kaspersky since many years that wasn't able to detect those. I'll stick to this even if it is a but more intrusive.
Have you got any details about the bitcoin miners? It may be easier to check if they are false positives or not.
 

ak2901

New Member
Have you got any details about the bitcoin miners? It may be easier to check if they are false positives or not.
Yes, I can post some images that I took.
1599900408592.png

1599900537009.png

1599900834554.png

The Remote IP is backtracked to my ISP and the application blocked was SYSTEM. Not sure what's happening here but I was using better discord (open source modification for discord) and a few JS plugins since a couple years and Symantec was the only one that flagged a couple files for it. Since I've removed better discord the notifications have stopped.

EDIT: Nevermind, I think it's not resolved yet even after a full scan and deletion of whatever PUPs and threats found. I still got same notification after about 24 hours. I don't know what to do now. I've also scanned with MBAM and HitmanPro, nothing found.
 
Last edited:

Vitali Ortzi

Level 20
Verified
Last edited: