Symantec Endpoint Protection 14.2.770.0

Symantec Endpoint Protection 14.2.770.0 | File Size: 101 MB /114 MB

The worlds most advanced single-agent endpoint security with prevention, detection and response, deception and adaptation. Symantec is positioned by Gartner as the highest in execution and furthest in vision in the Endpoint Protection Platforms Magic Quadrant

Only Symantec can secure your endpoints via one single agent to:
Beat crippling ransomware and unknown attacks with multilayered protection that combines signatureless and critical endpoint technologies.
Maximize protection and minimize false positives with advanced machine learning and behavioral analysis.
Block zero-day attacks that prey on memory-based vulnerabilities in popular applications with memory exploit mitigation.
Fine-tune your detection engines on the fly to optimize your security posture.

Phish the Phishers with Deception
Detect attackers by luring them into a decoy minefield.
Reveal their intent, tactics, and targets so security teams can pre-emptively adapt their security posture.
Set the trap as simply as flipping a switch.

Cage Your Vulnerabilities. Unleash Your Applications.
Auto-classify risk levels of all endpoint applications, whether or not they're in use.
Use application isolation to limit exploits.
Implement hardening in minutes with an intuitive cloud console.

Attack Your Stack to Kill Complexity
Detect and respond to threats anywhere by integrating SEP with network security infrastructure.
Built-in integration delivers prevention, Detection and Response (EDR), Deception, and Hardening with one single agent.
Use open APIs to coordinate with existing IT infrastructure for automation and orchestration.

Stronger, Faster, Lighter
Reduces bandwidth usage and definition file sizes by 70 percent compared to SEP 12.
Enables faster scanning times using our proprietary real-time cloud lookup.
Reduces IT resource use via automated updates to lower costs.

Release Notes:
Protection features
Intelligent Threat Cloud Service for client installation packages (Windows)
Version 14 includes three new sizes of client installation packages, based on which set of virus definitions they include:
Standard client: Designed for typical installations where clients have access to the cloud or the clients are version 12.1.6 and earlier. The standard client is 80% to 90% smaller than a dark network client installation package and includes the most recent virus definitions only. After installation, the client accesses the full set of virus definitions from the cloud.
Embedded client or VDI client: The embedded client replaces the reduced-size client that was introduced in version 12.1.6. The embedded client is smaller than the standard client and also includes the most recent virus definitions only. After installation, the client accesses the full set of virus definitions from the cloud.
Dark network client: Installs a full set of virus definitions and keeps the definitions locally rather than accessing them from the cloud. Use this client installation package if the client computers are in networks with no access to the cloud.

Generic Exploit Mitigation (Windows)
Generic Exploit Mitigation prevents common vulnerability attacks in typical software applications. Generic Exploit Mitigation installs with intrusion prevention and includes the following types of protection: Java exploit prevention, heap spray mitigation, and structured exception handling overwrite protection (SEHOP). The protections apply to the specific applications that are listed in the Intrusion Prevention policy. Symantec Endpoint Protection downloads the application list as part of its LiveUpdate content. To see the list of applications, open an Intrusion Prevention policy and then click Generic Exploit Mitigation.

Enable Suspicious Behavior Detection option (Windows)
You can enable or disable suspicious behavior detection if SONAR is disabled. Therefore, you can have behavior policy enforcement protection of applications on while SONAR scoring is off.
o Scan files on remote computers option (Windows, Linux)
You can disable the option for SONAR or Auto-Protect to scan files on computers on other networks. Disabling this option increases performance. However, you should keep this option enabled as SONAR looks for worms such as Sality, which infects network drives. For Auto-Protect scans all files reduces and reduces the client computers performance, you can enable the Only when files are executed option. To access these options, click Policies > Virus and Spyware Protection policy > SONAR or Auto-Protect.

Virus scan logic moved to Auto-Protect user mode
Auto-Protect user mode reduces kernel memory usage and provides greater system health. In rare cases of crashes, the computer does not blue screen and is recoverable.

Emulator for packed malware
For Auto-Protect and virus scans, a new emulator improves scan performance and effectiveness by at least 10 percent. This anti-evasion technique addresses packed malware obfuscation techniques and detects the malware that is hidden inside custom packers.

Advanced Machine Learning (AML) on the endpoint for improved static detections
This new endpoint-based machine learning engine can detect malware based on static attributes. This technology enables Symantec Endpoint Protection to detect malware in the pre-execution phase, thereby stopping large classes of malware, both known and unknown. The AML engine works with the Symantec real-time cloud-based threat intelligence to provide best-in-class protection with low false positives.

Insight Lookup (Windows)
You can still enable or disable Insight Lookup for version 14 and legacy 12.1.x clients, but you cannot set the sensitivity level or action settings. Instead, Insight Lookup uses internal settings to optimize the scan because Download Insight detections are now completely handled by real-time protection. The new Enable Insight Lookup option on the Scan Details tab replaces the Insight Lookup tab in version 12.1.x. Open a Virus and Spyware Protection policy > Administrator-Defined Scans, choose either scheduled scans or on-demand scans, and then click Scan Details.
On standard and embedded/VDI clients, Insight Lookup now allows Auto-Protect, scheduled scans, and manual scans to look up both file reputation information and definitions in the cloud. However, the dark network clients include the full set of definitions and do not use Insight Lookup. You enable Insight Lookup in the Clients > Policies tab > External Communications > Submissions tab.

Scheduled and on-demand scans support the %systemdrive% and %userprofile% variables (Windows)
These scans let you select specific folders to be scanned rather than scanning all the files on the Windows client computer. The %systemdrive% variable indicates the location where the Windows operating system is installed. The %userprofile% variable corresponds to the user profile folders for the users who are logged on. You can also exclude these folders from being scanned by using an Exceptions policy.

Reports display an applications hash value you can use to block applications
You can use the hash value instead of an application's name to add to the policies that block applications. The hash value is unique whereas an application name may not be. To find the hash value, look in the Hash Type / Application Hash column in the following reports:
Risk reports: Infected and At Risk Computers; Download Risk Distributions; SONAR Detection Results; SONAR Threat Distribution; Symantec Endpoint Protection Daily Status Report; and Symantec Endpoint Protection Weekly Status Report
To view the Risk reports, click Reports > Quick Reports > Risk.
Home page > Activity Summary link

Client submissions and server data collection
You can enable Symantec Endpoint Protection to send information about detected threats and your network configuration to Symantec. Symantec uses this information for additional analysis and to improve the security features in the product.
Version 14 has several new types of client submissions that you can enable. You access these options by clicking Clients > Policies tab > External Communications > Submissions tab > More options.
The previously existing submission types are automatically submitted with the Send anonymous data to Symantec to receive enhanced threat protection intelligence option. In 12.1.6.x and earlier, this option was labeled Let computers automatically forward selected anonymous security information to Symantec.
You use the new Send client-identifiable data to Symantec for custom analysis option if you participate in a Symantec-sponsored program to get recommendations specific to your security network.
For server data collection, the Yes, I would like to help optimize Symantec's endpoint security solutions by submitting anonymous system and usage information to Symantec option is now labeled Send anonymous data to Symantec to receive enhanced threat protection intelligence. You access this option on the Admin > Servers > Edit Site Properties > Data Collection tab.

LiveUpdate downloads new types of content
Symantec Endpoint Protection Manager downloads additional types of content from LiveUpdate servers:
Client security patches
Endpoint Detection and Response: Definitions that the Endpoint Detection and Response (EDR) component uses to detect and investigate suspicious activities and issues on hosts and endpoints.
Common Network Transport Library and Configuration: Definitions that the entire product uses to achieve network transportation and telemetry.

Release Notes

[Misafirler Kayıt Olmadan Link Göremezler Lütfen Kayıt İçin Tıklayın ! ]

System Requirements:
- Windows Vista, Windows 7, Windows 8/8.1, Windows 10, Windows Server 2008, 2012, 2016.


[Misafirler Kayıt Olmadan Link Göremezler Lütfen Kayıt İçin Tıklayın ! ]