קוד:
Name Symantec Endpoint Protection 14.0.3929.1200 macOS [k].dmg
Size 43.08 MB
Descriptions for Symantec Endpoint Protection
14.0.3929.1200 macOS
Name: Symantec Endpoint Protection
Version: 14.0.3929.1200
Mac Platform: Intel
OS Version: OS X 10.9 or later
Includes: K
Web Site: http://www.symantec.com/
Overview
Symantec Endpoint Protection � Proactively detect and block today�s most advanced threats with an
endpoint protection solution that goes beyond antivirus. Unrivaled Security � Stop advanced threats
with intelligent security!
Intelligent Endpoint Workshop
About the importance and function of each of the protection engines in Symantec Endpoint
Protection
The top 10 misconceptions about deploying advanced features in Symantec Endpoint
Protection and strategies for implementing them successfully
How Symantec Endpoint Protection forms a solid foundation for advanced threat protection
across multiple control points, including the endpoint, network, and email
How to gain more value from your existing Symantec Endpoint Protection implementation
Stop advanced threats with intelligent security
Last year, we saw 317 million new malware variants, with targeted attacks and zero-day threats at an
all-time high. Organizations are struggling to keep up with the rapidly evolving threats. Symantec
Endpoint Protection is designed to protect against advanced threats with powerful, layered protection
backed by industry leading security intelligence.
Network Threat Protection stops most threats before they can take up residence on the
machine
Insight reputation scoring accurately detects rapidly mutating malware and zeroday threats
SONAR� behavioral analysis stops malicious files designed to appear legitimate
Strong antivirus, antispyware and firewall protection eradicate known mass malware
Granular Control � Get extended protection, flexibility, and scalability
If you have multiple user groups or you have users across different locations, you need the flexibility
to set different security policies. You can proactively secure your ecosystem by using policy-based
system lockdown and application control. These features will allow you to have tighter controls for
employees handling confidential data.
Application Control monitors and controls applications behavior, including automated system
lockdown, and advanced whitelisting and blacklisting capabilities
External media control restricts and enables access to the hardware that can be used to
protect and increase productivity
Host Integrity detects unauthorized change, conducts damage assessment and ensures
endpoints are protected and compliant
Smarter Management � Single management across physical and virtual
Managing endpoint protection should be easy. Symantec provides multiple layers of protection
through a single high-powered client and management console across both physical and virtual
machines. We make it easy to deploy, update and manage your endpoint security across various
locations, user groups, and operating systems.
One solution protects Windows, Mac, Linux, virtual machines and embedded systems
Optimized for performance across physical, virtual and embedded machines
Single console provides a one stop shop for reporting, alerts, configuration and management
Enabled for remote deployment and client management
What�s New Version 14: Protection features
Intelligent Threat Cloud Service for client installation packages (Windows)
Version 14 includes three new sizes of client installation packages, based on which set of virus
definitions they include:
Standard client: Designed for typical installations where clients have access to the cloud or the
clients are version 12.1.6 and earlier. The standard client is 80% to 90% smaller than a dark
network client installation package and includes the most recent virus definitions only. After
installation, the client accesses the full set of virus definitions from the cloud.
Embedded client or VDI client: The embedded client replaces the reducedsize client that was
introduced in version 12.1.6. The embedded client is smaller than the standard client and also
includes the most recent virus definitions only. After installation, the client accesses the full set
of virus definitions from the cloud.
Dark network client: Installs a full set of virus definitions and keeps the definitions locally rather
than accessing them from the cloud. Use this client installation package if the client computers
are in networks with no access to the cloud
Generic Exploit Mitigation (Windows)
Generic Exploit Mitigation prevents common vulnerability attacks in typical software applications.
Generic Exploit Mitigation installs with intrusion prevention and includes the following types of
protection: Java exploit prevention, heap spray mitigation, and structured exception handling
overwrite protection (SEHOP). The protections apply to the specific applications that are listed in the
Intrusion Prevention policy. Symantec Endpoint Protection downloads the application list as part of
its LiveUpdate content. To see the list of applications, open an Intrusion Prevention policy and then
click Generic Exploit Mitigation.
SONAR/Auto-Protect
Enable Suspicious Behavior Detection option (Windows)
You can enable or disable suspicious behavior detection if SONAR is disabled. Therefore, you
can have behavior policy enforcement protection of applications on while SONAR scoring is
off.
Scan files on remote computers option (Windows, Linux)
You can disable the option for SONAR or AutoProtect to scan files on computers on other
networks. Disabling this option increases performance. However, you should keep this option
enabled as SONAR looks for worms such as Sality, which infects network drives. For
AutoProtect scans all files reduces and reduces the client computer�s performance, you can
enable the Only when files are executed option. To access these options, click Policies > Virus
and Spyware Protection policy > SONAR or AutoProtect.
Virus scan logic moved to Auto-Protect user mode
Auto-Protect user mode reduces kernel memory usage and provides greater system health. In rare
cases of crashes, the computer does not blue screen and is recoverable.
Emulator for packed malware
For Auto-Protect and virus scans, a new emulator improves scan performance and effectiveness by
at least 10 percent. This anti-evasion technique addresses packed malware obfuscation techniques
and detects the malware that is hidden inside custom packers.
Advanced Machine Learning (AML) on the endpoint for improved static detections
This new endpoint-based machine learning engine can detect malware based on static attributes.
This technology enables Symantec Endpoint Protection to detect malware in the pre-execution
phase, thereby stopping large classes of malware, both known and unknown. The AML engine works
with the Symantec real-time cloud-based threat intelligence to provide best-in-class protection with
low false positives.
Insight Lookup (Windows)
You can still enable or disable Insight Lookup for version 14 and legacy 12.1.x clients, but you
cannot set the sensitivity level or action settings. Instead, Insight Lookup uses internal settings
to optimize the scan because Download Insight detections are now completely handled by
realtime protection. The new Enable Insight Lookup option on the Scan Details tab replaces
the Insight Lookup tab in version 12.1.x. Open a Virus and Spyware Protection policy >
AdministratorDefined Scans, choose either scheduled scans or ondemand scans, and then
click Scan Details.
On standard and embedded/VDI clients, Insight Lookup now allows AutoProtect, scheduled
scans, and manual scans to look up both file reputation information and definitions in the
cloud. However, the dark network clients include the full set of definitions and do not use
Insight Lookup. You enable Insight Lookup in the Clients > Policies tab > External
Communications > Submissions tab.
Scheduled and on-demand scans support the %systemdrive% and %userprofile%
variables (Windows)
These scans let you select specific folders to be scanned rather than scanning all the files on the
Windows client computer. The %systemdrive% variable indicates the location where the Windows
operating system is installed. The %userprofile% variable corresponds to the user profile folders for
the users who are logged on. You can also exclude these folders from being scanned by using an
Exceptions policy.
Reports display an application�s hash value you can use to block applications
You can use the hash value instead of an application�s name to add to the policies that block
applications. The hash value is unique whereas an application name may not be. To find the hash
value, look in the Hash Type / Application Hash column in the following reports:
Risk reports: Infected and At Risk Computers; Download Risk Distributions; SONAR Detection
Results; SONAR Threat Distribution; Symantec Endpoint Protection Daily Status Report; and
Symantec Endpoint Protection Weekly Status Report
To view the Risk reports, click Reports > Quick Reports > Risk.
Home page > Activity Summary link
Client submissions and server data collection
You can enable Symantec Endpoint Protection to send information about detected threats and your
network configuration to Symantec. Symantec uses this information for additional analysis and to
improve the security features in the product.
Version 14 has several new types of client submissions that you can enable. You access these
options by clicking Clients > Policies tab > External Communications > Submissions tab >
More options.
The previously existing submission types are automatically submitted with the Send
anonymous data to Symantec to receive enhanced threat protection intelligence option. In
12.1.6.x and earlier, this option was labeled Let computers automatically forward selected
anonymous security information to Symantec.
You use the new Send clientidentifiable data to Symantec for custom analysis option if you
participate in a Symantecsponsored program to get recommendations specific to your security
network.
For server data collection, the Yes, I would like to help optimize Symantec�s endpoint security
solutions by submitting anonymous system and usage information to Symantec option is now
labeled Send anonymous data to Symantec to receive enhanced threat protection intelligence.
You access this option on the Admin > Servers > Edit Site Properties > Data Collection tab.
LiveUpdate downloads new types of content
Symantec Endpoint Protection Manager downloads additional types of content from LiveUpdate
servers:
Client security patches
Endpoint Detection and Response: Definitions that the Endpoint Detection and Response
(EDR) component uses to detect and investigate suspicious activities and issues on hosts and
endpoints.
Common Network Transport Library and Configuration: Definitions that the entire product uses
to achieve network transportation and telemetry.
LiveUpdate downloads new types of content
Symantec Endpoint Protection Manager downloads additional types of content from LiveUpdate
servers:
Client security patches
Endpoint Detection and Response: Definitions that the Endpoint Detection and Response
(EDR) component uses to detect and investigate suspicious activities and issues on hosts and
endpoints.
Common Network Transport Library and Configuration: Definitions that the entire product uses
to achieve network transportation and telemetry.
Symantec Endpoint Protection 14.0.3929.1200
ציטוט ההודעה
