Symantec Endpoint Protection

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Template:Short description Template:Good article Template:Use dmy dates Script error: No such module "Infobox".Template:Template other Script error: No such module "Check for unknown parameters".Script error: No such module "Check for conflicting parameters". Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.[1]

Version history

The first release of Symantec Endpoint Protection was published in September 2007 and was called version 11.0.[2] Endpoint Protection is the result of a merger of several security software products, including Symantec Antivirus Corporate Edition 10.0, Client Security, Network Access Control, and Sygate Enterprise Edition.[2] Endpoint Protection also included new features.[2] For example, it can block data transfers to unauthorized device types, such as USB flash drives or Bluetooth devices.[2]

At the time, Symantec Antivirus Corporate Edition was widely criticized as having become bloated and unwieldy.[1] Endpoint Protection 11.0 was intended to address these criticisms.[1] The disk footprint of Symantec Corporate Edition 10.0 was almost 100 MB, whereas Endpoint Protection's was projected to be 21 MB.[1]

In 2009, Symantec introduced a managed service, whereby Symantec staff deploy and manage Symantec Endpoint Protection installations remotely.[3] A Small Business Edition with a faster installation process was released in 2010.[4] In February 2011, Symantec announced version 12.0 of Endpoint Protection.[5] Version 12 incorporated a cloud-based database of malicious files called Symantec Insight.[5] Insight was intended to combat malware that generates mutations of its files to avoid detection by signature-based anti-malware software.[5] In late 2012, Symantec released version 12.1.2, which supports VMware vShield.[6]

A cloud version of Endpoint Protection was released in September 2016.[7] This was followed by version 14 that November.[8] Version 14 incorporates machine learning technology to find patterns in digital data that may be indicative of the presence of a cyber-security threat.[8] It also incorporates memory exploit mitigation and performance improvements.[9]

Features

Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features.[10] According to SC Magazine, Endpoint Protection also has some features typical of data loss prevention software.[11] It is typically installed on a server running Windows, Linux, or macOS.[12] As of 2018, Version 14 is the only currently-supported release.[13]

Endpoint Protection scans computers for security threats.[10] It is used to prevent unapproved programs from running,[10] and to apply firewall policies that block or allow network traffic.[14] It attempts to identify and block malicious traffic in a corporate network or coming from a web browser.[15] It uses aggregate information from users to identify malicious software.[11] As of 2016, Symantec claims to use data from 175 million devices that have installed Endpoint Security in 175 countries.[11]

Endpoint Protection has an administrative console that allows the IT department to modify security policies for each department,[10] such as which programs or files to exclude from antivirus scans.[11] It does not manage mobile devices directly, but treats them as peripherals when connected to a computer and protects the computer from any malicious software on the mobile devices.[11]

Vulnerabilities

In early 2012, source code for Symantec Endpoint Protection was stolen and published online.[16] A hacker group called "The Lords of Dharmaraja" claimed credit, alleging the source code was stolen from Indian military intelligence.[17] The Indian government requires vendors to submit the source code of any computer program being sold to the government, to ensure that they are not being used for espionage.[16] In July 2012, an update to Endpoint Protection caused compatibility issues, triggering a Blue Screen of Death on Windows XP machines running certain third-party file system drivers.[18] In 2014, Offensive Security discovered an exploit in Symantec Endpoint Protection during a penetration test of a financial services organization.[19] The exploit in the Application and Device control driver allowed a logged-in user to get system access.[19] It was patched that August.[19] In 2019, Ofir Moskovitch, a Security Researcher discovered a Race Condition bug which involves 2 Critical Symantec Endpoint Protection Client Core Components: Client Management & Proactive Threat Protection and directly results in Protection Mechanism Failure that can lead to a Self-Defense Bypass, aka "SEMZTPTN" - Symantec Endpoint Minimized Timed Protection.[20]

Reception

According to Gartner, Symantec Endpoint Protection 14 is one of the more comprehensive endpoint security products available and regularly scores well in independent tests.[9] However, a common criticism is that customers are "fatigued" by "near constant changes" in the product and company direction.[9] SC Magazine said Endpoint Protection 14 was the "most comprehensive tool of its type . . . with superb installation and documentation."[11] The review said EndPoint Protection had a "no-brainer setup and administration," but it does have a "wart" that support fees are "a bit steep."[11]

Forrester said version 12.1 was the most complete endpoint security software product on the market, but the different IT security functions of the software were not well-integrated.[21] The report speculated the lack of integration would be addressed in version 14.[21] Network World ranked Symantec Endpoint Protection sixth in endpoint security products, based on data from NSS Labs testing.[22]

References

<templatestyles src="Reflist/styles.css" />

  1. a b c d Script error: No such module "citation/CS1".
  2. a b c d Script error: No such module "citation/CS1".
  3. Script error: No such module "citation/CS1".
  4. Script error: No such module "citation/CS1".
  5. a b c Script error: No such module "citation/CS1".
  6. Script error: No such module "citation/CS1".
  7. Script error: No such module "citation/CS1".
  8. a b Script error: No such module "citation/CS1".
  9. a b c Script error: No such module "citation/CS1".
  10. a b c d Script error: No such module "citation/CS1".
  11. a b c d e f g Script error: No such module "citation/CS1".
  12. Script error: No such module "citation/CS1".
  13. Script error: No such module "citation/CS1".
  14. Script error: No such module "citation/CS1".Script error: No such module "Unsubst".Template:Cbignore
  15. Script error: No such module "citation/CS1".Script error: No such module "Unsubst".Template:Cbignore
  16. a b Script error: No such module "citation/CS1".
  17. Script error: No such module "citation/CS1".
  18. Script error: No such module "citation/CS1".
  19. a b c Script error: No such module "citation/CS1".
  20. Script error: No such module "citation/CS1".
  21. a b Script error: No such module "citation/CS1".
  22. Script error: No such module "citation/CS1".

Script error: No such module "Check for unknown parameters".

External links

  • Script error: No such module "Official website".Script error: No such module "Check for unknown parameters".

Template:Antivirus software Template:Symantec

Retrieved from "http://debianws.lexgopc.com/wiki143/index.php?title=Symantec_Endpoint_Protection&oldid=6366901"