Symantec Endpoint Protection features based on platform

Client protection features based on platform
Client protection features based on platform
Client feature
Windows
Mac
Linux
Virus and Spyware Protection
Yes
Yes
Yes
Network and Host Exploit Mitigation
  • Network Threat Protection (intrusion prevention and firewall)
  • Memory Exploit Mitigation (introduced as Generic Exploit Mitigation in 14)
Yes
  • Firewall (as of 14.2)
  • Intrusion prevention (as of 12.1.4)
    Intrusion prevention for the Mac does not support custom signatures.
No
Proactive Threat Protection
  • Application and Device Control
  • SONAR
Yes
Device Control only (as of 14)
No
Host Integrity
Yes
No
No
Other protections
  • System lockdown
  • Tamper Protection
Yes
No
No
Management features based on platform
Management features based on platform
Management feature
Windows
Mac
Linux
Deploy clients remotely from
Symantec Endpoint Protection Manager
  • Web link and email
  • Remote push
  • Save package
Yes
Yes
Yes (
Web link and email
,
Save package
only)
Run commands on clients from the management server
  • Scan
  • Update content
  • Update content and scan
  • Start Power Eraser analysis (as of 12.1.5)
  • Restart client computers
  • Enable Auto-Protect
  • Enable Network Threat Protection
  • Disable Network Threat Protection
  • Enable Download Insight
  • Disable Download Insight
  • Collect File Fingerprint List (as of 12.1.6)
  • Delete from Quarantine**
  • Cancel all scans**
  • Scan
  • Update content
  • Update content and scan
  • Restart client computers (hard restart only)
  • Enable Auto-Protect
  • Enable Network Threat Protection (as of 12.1.4)
  • Disable Network Threat Protection (as of 12.1.4)
  • Scan
  • Update content
  • Update content and scan
  • Enable Auto-Protect
Enable learned applications and Network Application Monitoring
Yes
No
No
Create locations and set security policies that apply by location
Yes
Yes
No
You can view the client's location by the command line, but the client does not automatically switch locations based on specific criteria.
Set restart options for clients
Yes
No
No
Quick reports and Scheduled reports
  • Audit
  • Application and Device Control
  • Compliance
  • Computer status
  • Deception (14.0.1)
  • Network and Host Exploit Mitigation
  • Risk
  • Scan
  • System
  • Computer status
  • Network and Host Exploit Mitigation
  • Risk
  • Scan
  • Audit
  • Computer status
  • Risk
  • Scan
  • System
Set size and retention options for logs that are maintained on the client computers
  • System
  • Security and risk
  • Security
  • Traffic
  • Packet
  • Control
  • System
  • Security and risk
  • Security
  • System
  • Security and risk
Password protecting the client
Yes
Uninstall the client (14.0.1)
No
Move clients to a different management server by running the SylinkDrop tool
Yes
Yes
No
Move clients to a different management server by redeploying a client package with the
Communication update package deployment
option
Yes
Yes
No
Configure client submissions of pseudonymous security information to Symantec
Yes
(12.1.4 and later)
The Submissions setting only controls antivirus detection information.
You can manually disable or enable intrusion prevention submissions on the clients.
No
Configure clients to securely submit pseudonymous system and usage information
Yes
No
No
Manage the external communication between the management server and the clients
Yes
For LiveUpdate only
No
Manage client communication settings
  • Management server lists
  • Communication mode (push or pull)
  • Set heartbeat interval
  • Upload learned applications
  • Upload critical events immediately
  • Set download randomization
  • Set reconnection preferences
  • Management server lists
  • Communication mode (push or pull)
  • Set heartbeat interval
  • Set download randomization
  • Set reconnection preferences
  • Management server lists
  • Communication mode (push or pull)
  • Set heartbeat interval
Configure clients to use private servers (12.1.6)
  • Endpoint Detection and Response server for Insight lookups and submissions
  • Private Insight server for Insight lookups
Yes
No
No
Automatically upgrade the
Symantec Endpoint Protection
client with AutoUpgrade
Yes
Yes (14)
No
Automatically uninstall existing third-party security software
Yes
No
No
Automatically uninstall a problem
Symantec Endpoint Protection
client
Yes (14)
No
No
Authentication for
Symantec Endpoint Protection Manager
log on
  • Symantec Endpoint Protection Manager authentication
  • Two-factor authentication (14.2)
  • RSA SecurID authentication
  • Directory authentication
  • Smart card (PIV/CAC) authentication (14.2)
Not applicable
Not applicable
**You can only run these commands when viewing logs in
Symantec Endpoint Protection Manager
.
AutoUpgrade differences based on platform
AutoUpgrade differences based on platform
Feature
Windows
Mac
Delta package
Standard and dark network clients receive a delta upgrade package that
Symantec Endpoint Protection Manager
generates. Embedded clients receive the full install package for an upgrade.
Mac clients always receive a full install package for upgrade.
Configuration options
Include a custom installation folder, and the option to uninstall existing security software.
Only for restart and upgrade. You cannot customize the installation folder. Installation logging always writes to
/tmp/sepinstall.log
.
Restart options after the upgrade completes in
Client Install Settings
Include an option to not to restart the Windows client computer.
Do not include an option to not restart. Mac client computers always restart after the upgrade completes.
Upgrade Clients with Package
wizard
You can modify the feature set on the Windows client.
You cannot modify the feature set on the Mac client.
Upgrades from an earlier version
You can upgrade to the latest version of
Symantec Endpoint Protection
from any earlier version, based on the supported upgrade path.
Not supported for an upgrade from version 12.1.6.x or earlier. For example, you cannot upgrade from 12.1.6.4 to 14 using AutoUpgrade.
Virus and Spyware Protection policy settings based on platform
Virus and Spyware Protection policy settings based on platform
Policy setting
Windows
Mac
Linux
Administrator-defined scans
  • Scheduled scans (Active, Full, Custom)
  • On-demand scans
  • Triggered scans
  • Startup scans
  • Retry missed scheduled scans
  • Randomized scheduled scans
  • Scheduled scans (Custom)
  • On-demand scans
  • Retry missed scheduled scans
  • Scheduled scans (Custom)
  • On-demand scans
  • Retry missed scheduled scans
Auto-Protect
  • Enable Auto-Protect
  • Scan all files
  • Scan only selected extensions
  • Determine file types by examining file contents
  • Scan for security risks
  • Scan files on remote computers (14)
  • Scan when files are accessed, modified, or backed up
  • Scan floppies for boot viruses, with the option to delete the boot virus or log it only
  • Always delete newly created infected files or security risks
  • Preserve file times
  • Tune scan performance for scan speed or application speed
  • Emulator for packed malware (14)
  • Enable Auto-Protect
  • Automatically repair infected files
  • Quarantine files that cannot be repaired
  • Scan compressed files
  • Scan all files
  • Scan only selected folders
  • Scan everywhere except in selected folders
  • Scan for security risks
Scan on mount, current clients:
  • Data disks
  • All other disks and devices
Scan on mount, legacy clients (12.1.3 and earlier):
  • Music or video disks
  • iPod players
  • Show progress during scan
  • Enable Auto-Protect
  • Scan all files
  • Scan only selected extensions
    (removed in 14.3 RU1)
  • Scan removable media
  • Scan for security risks
  • Scan files on remote computers
  • Scan when files are accessed or modified
  • Scan inside compressed files
Email scans
  • Microsoft Outlook Auto-Protect
  • Internet email Auto-Protect (removed in 14.2 RU1)
  • Lotus Notes Auto-Protect (removed in 14.2 RU1)
No
No
What to scan
  • Additional locations
  • Memory
  • Selected folders
  • Selected extensions
  • Storage migration locations
  • Files inside compressed files
  • Security risks
  • All or selected folders
  • Hard drives and removable drives
  • Files inside compressed files
  • All files
  • All or selected folders
  • Selected extensions
  • Files inside compressed files
  • Security risks
User-defined scans (client)
  • Active scan
  • Full scan
  • Custom scan of individual folders, files, and extensions
  • Full scan
  • Custom scan of individual folders and files
  • Full scan
  • Custom scan of individual folders and files
Define remediation actions for detections
  • Clean (only applies to malware)
  • Quarantine
  • Delete
  • Leave alone (log only)
The actions apply to categories of malware and security risks that Symantec periodically updates.
  • Repair infected files
  • Quarantine files that cannot be repaired
(14.3 MP1 and earlier)
  • Clean (only applies to malware)
  • Quarantine
  • Delete
  • Leave alone (log only)
Set actions to take while a scan is running
  • Stop the scan
  • Pause a scan
  • Snooze a scan
  • Scan only when the computer is idle
(12.1.4)
  • Stop a scan
  • Pause a scan
  • Snooze a scan before it begins
  • Snooze a scan that is in progress (through 12.1.6x only)
  • Scan only when the computer is idle
No
Download Insight
Yes
No
No
Insight lookups for threat detection
Yes
No
No
Bloodhound
Yes
No
No
SONAR
Yes
Scans of remote computers (14)
Suspicious Behavior Detection (14)
No
No
Early Launch Anti-Malware Driver
Windows 8 and later, and Windows Server 2012 and later
No
No
Power Eraser
Yes (12.1.5)
No
No
Endpoint Detection and Response enablement
Yes (12.1.6)
No
No
Shared Insight Cache
Yes
vShield-enabled (12.1.6 and earlier)
No
No
Virtual Image Exception
Yes
No
No
Firewall, Intrusion Prevention, and Memory Exploit Mitigation, settings based on platform
Intrusion Prevention policy settings based on platform
Policy setting
Windows
Mac (12.1.4)
Exceptions for intrusion prevention signatures
Yes
Custom exceptions are not supported for Browser Protection signatures.
Yes
Show or hide user notifications
Yes
Yes
Enable or disable excluded hosts
Yes
Yes
Custom IPS signatures
Yes
No
Enable or disable Network Intrusion Prevention
Yes
Yes
LiveUpdate updates IPS content
Yes
Yes
The management server updates IPS content
Yes
No **
Client package includes IPS
Yes
Yes
Network intrusion prevention
Yes
Yes
Browser intrusion prevention
Yes
  • Log-only mode (12.1.6)
No
Excluded hosts (network intrusion prevention)
Yes
Yes
**You can set up the Apache web server that installs with
Symantec Endpoint Protection Manager
as a reverse proxy for LiveUpdate content. See:
Memory Exploit Mitigation policy settings based on platform
Policy setting
Windows
Mac (12.1.4)
Memory Exploit Mitigation
Generic Exploit Mitigation (14 MPx)
Yes (14)
  • Fine-tuning false positives (14.0.1)
  • Custom applications (14.1, cloud only)
No
LiveUpdate policy settings based on platform
LiveUpdate policy settings based on platform
Policy setting
Windows
Mac
Linux
Use the default management server
Yes
No **
No **
Use a LiveUpdate server (internal or external)
Yes
Yes
Yes
Use a Group Update Provider
Yes
No
No
Enable third-party content management
Yes
No
No
Enable/disable definitions
Yes
Yes
No
Reduced-size definitions (12.1.6)
Yes
No
No
Run Intelligent Updater to update content
  • Virus and spyware definitions
  • SONAR (12.1.3 and later)
  • IPS definitions (12.1.3 and later)
Virus and spyware definitions
Virus and spyware definitions
LiveUpdate proxy configuration
Yes
Yes, but it is not configured in the LiveUpdate policy. To configure this setting, click
Clients
>
Policies
, and then click
External Communications Settings
.
Yes
LiveUpdate schedule settings
  • Frequency
  • Retry window
  • Download randomization
  • Run when computer is idle
  • Options for skipping LiveUpdate
  • Frequency
  • Download randomization
  • Frequency
  • Retry window
  • Download randomization
Use standard HTTP headers (12.1.6 and earlier)
Yes, by default
Yes, by default
Yes, by default
Client security patches
Yes (14)
No
No
Application control content
Yes (14.2)
No
No
** You can set up the Apache web server that installs with
Symantec Endpoint Protection Manager
as a reverse proxy for LiveUpdate content. See:
Network Traffic Redirection
policy settings based on platform
The Integrations policy is available as of version 14.0.1 MP1. The Integrations policy was renamed to the Network Traffic Redirection policy in 14.3 RU1 and to
Network Traffic Redirection
in 14.3 RU2.
Policy setting
Windows
Mac
Linux
PAC File method
  • Local Proxy Service
Yes
Yes
  • Supported for 14.2 RU2 and later.
No
Tunnel method  (14.3 RU1)
Yes, Windows 10 64-bit only
No
Exceptions policy settings based on platform
Exceptions policy settings based on platform
Policy setting
Windows
Mac
Linux
Server-based exceptions
  • Applications
  • Applications to monitor
  • Extensions
  • Files
  • Folders
  • Known risks
  • Trusted web domains
  • Tamper Protection exceptions
  • DNS or Host file change exceptions
  • Certificate (14.0.1)
  • Security risk exceptions for files or folders
  • Folders
  • Extensions
Client restrictions (Controls which restrictions end users can add on the client computer)
Yes
No
No
Device Control
differences based on platform
Application control runs on Windows computers only.
Device Control differences based on platform
Windows
Mac
Device control works based only on Class ID (GUID) and Device ID.
Device control works at the file system level. Volume-level tasks (such as those that can be performed via command line or Disk Utility) are unaffected.
Device control performs wildcard matches on Class ID or Device ID with the star character or asterisk (
*
).
Device control performs regular expression (regexp) matches, and are limited to the following specific operations:
  • .
    (dot)
  • \
    (backslash)
  • [set]
    ,
    [^Set]
    (set)
  • *
    (star character or asterisk)
  • +
    (plus)
The Hardware Device list includes many common device types by default.
You can choose from only five device types:
  • Thunderbolt
  • CD/DVD
  • USB
  • FireWire
  • Secure Digital (SD) Card
You do not use the Hardware Device list.
You can add additional custom devices to the Hardware Device list by Class ID or Device ID.
You cannot add additional custom devices.
Devices to block (or to exclude from blocking) are derived only from the Hardware Device list. The list includes those default common device types, as well as custom devices you may have added.
Devices to block (or exclude from blocking) are selected from the device types noted above. The vendor, model, and serial number can be left blank, or can be defined by regular expression (regexp) queries. You can use regular expressions to define a range of similar devices, such as from different vendors, model, serial number ranges, and so on.
You can add more than one device type at a time.
You can only add one device type at a time.
The actions to take are to block, or to exclude from blocking (allow).
The actions to take are to block, or to exclude from blocking (allow) with mount permissions.
The following mount permissions are supported:
  • Read only
  • Read and write
  • Read and execute
  • Read, write, and execute
You can customize the client notification for device control.
You cannot customize the client notifications for device control.