How 14.x
Symantec Endpoint Protection Manager
domain-enrolled cloud console features compare to on-premises
Symantec Endpoint Protection Manager

You manage policies in both the cloud console and the
Symantec Endpoint Protection Manager
(SEPM) when your
Symantec Endpoint Protection Manager
domain is enrolled.
Feature reference
Symantec Endpoint Protection Manager
Symantec Endpoint Security
Welcome
page
Home
page
The cloud console provides a guided first-time user experience to get you familiar with cloud console features
Home
page
Dashboard
page
The console dashboard shows detailed visibility into suspicious file detections.
The dashboard includes a Key Performance Indicator (KPI) bar as well as interactive widgets (charts) with drill-down detail.
Clients, client groups
When the device master option (
Manage Devices from the Cloud
) for the domain is enabled, you must use the cloud console to organize clients and client groups.
If you use the
Symantec Endpoint Protection Manager
, Active Directory, or you use third-party APIs to manage your devices, you should disable this option.
Devices, device groups
Managed from the
Symantec Endpoint Protection Manager
by default.
To manage these policies from the cloud, select the
Endpoint
>
Integration
>
Enrollment
>
Manage Devices from the Cloud
option. This option affects group creation or deletion and device move or deletion only. The feature works similarly to how Active Directory works with
Symantec Endpoint Protection Manager
.
You can view your devices and device groups in the cloud console. You cannot create a group in
Symantec Endpoint Protection Manager
when its domain is enrolled in the cloud and the device master option is enabled. When the device master option is enabled, the group structure is managed in the cloud.
No corresponding configuration.
Policy group
Policy inheritance
In
Symantec Endpoint Protection Manager
, you must disable policy inheritance if you want to directly apply a policy to a child group.
If you unenroll the domain, any MEM policies that you directly applied to child groups from the cloud console are applied to the child groups and their locations regardless of
Symantec Endpoint Protection Manager
inheritance settings.
Policy inheritance
In the cloud console, policy inheritance is always enabled. However, you can always directly apply policies to child groups to override the parent policy.
Monitor and Reports
pages
Alerts and Investigate
pages
You can filter views of alerts and events. Both views provide drill-downs that include enhanced details.
A default alert rule notifies the administrator when a specific alert is triggered. Role management provides a way to define which administrators receive alerts about relevant events.
You can view and edit predefined alert rules under
Alerts  > Alert Rules
.
Event views help you analyze events quickly to make decisions about how to tune policies in your environment. You can view events on the
Investigate page
Administrator roles
  • System administrator
  • Administrator (domain-based)
  • Limited administrator (policy based)
Cloud console administrators and
Symantec Endpoint Protection Manager
administrators are not linked in any way.
Administrator roles
  • Super Administrator
  • Domain Administrator
  • Limited Administrator
  • Viewer
Console timeout
The default is one hour. You can change the timeout.
Console timeout
You cannot change the timeout period. The timeout is 2 hours.
Heartbeat
option
Not available.
All policy changes happen in real time.
The following table displays which policies are available for a
Symantec Endpoint Protection Manager
enrolled in the cloud, as well as the minimum client version that supports each policy.
Version 14.0.1 and 14.1 are the same version; the 14.01 Windows client was released with a 14.1
Symantec Endpoint Protection Manager
.
Policy feature reference
Symantec Endpoint Protection Manager
Symantec Endpoint Security
Out-of-box policies
The following policies continue to be managed in
Symantec Endpoint Protection Manager
:
  • Firewall policy
  • Device Control
  • Intrusion Prevention policy
  • LiveUpdate policy
  • Host Integrity policy
  • Virus and Spyware Protection policy options other than Bloodhound, SONAR heuristics, Download Insight, and scan actions.
  • Application and Device Control
  • System Lockdown
Managed from the
Symantec Endpoint Protection Manager
by default.
To manage the following policies from the cloud, select the
Endpoint
>
Integration
>
Enrollment
>
Manage Policies from the Cloud
:
  • Intensive Protection policy
  • System policy (low-bandwidth option only)
  • Allow List policy
  • Deny List policy
  • MEM policy
The fully cloud-managed Symantec Endpoint Security manages additional policies that
Symantec Endpoint Protection
does not manage. See:
Download Insight, Bloodhound and SONAR settings in Virus and Spyware Protection policy
The following settings are not applicable to
Symantec Endpoint Protection
14.1 or later clients when the domain is enrolled in the cloud console:
  • Virus and Spyware Protection policy detection actions
  • Bloodhound settings
  • Download Insight sensitivity slider
  • Download Insight prevalence, first-seen, and intranet options
  • SONAR heuristic detection, SONAR aggressive mode, and SONAR suspicious behavior settings
These settings are still used for legacy clients and also for 14.1 or later clients and later if you unenroll the domain.
The default Intensive Protection blocking level is less aggressive than the most aggressive Bloodhound setting in a Virus and Spyware Protection policy. If your current policies specify Bloodhound at its highest level, you might need to increase the Intensive Protection level.
Intensive Protection policy
(14.0.1 or later)
Automatically applied to Windows clients after domain enrollment
Replaces some settings in Virus and Spyware Protection policies for Windows clients.
These clients use the Intensive Protection policy to replace certain existing settings in the Virus and Spyware Protection policy:
  • Bloodhound
  • SONAR heuristics
  • Download Insight options
  • Scan actions
However, clients still use their Virus and Spyware Protection policy for other options.
Exceptions policy
In
Symantec Endpoint Protection Manager
, there is a single Exceptions policy, which contains exclusions for many different items as well as exclusions for applications. The cloud console Allow List and Deny List policies appear as separate policies in
Symantec Endpoint Protection Manager
.
Items from the cloud console appear in the
Exceptions
policy >
Exceptions
list.
When the domain is enrolled, you can only create exceptions for the types that are not supported in the cloud console. See:
Allow List policy
(14.0.1 or later)
Any Allow List policy that you create in the cloud appears in
Symantec Endpoint Protection Manager
even if you unenroll the domain.
The cloud console includes a central list of items that are allowed or blocked so you can view all of these items in one place.
The Allow List policy was renamed from the Whitelist policy. in 14.3 RU1.
Exceptions policy
Deny List policies from the cloud console are not scan exceptions. However, denied items from the cloud console appear in the
Exceptions
list.
Deny List policy
(14.0.1 or later)
Any Deny List policy that you create the cloud appears in
Symantec Endpoint Protection Manager
even if you unenroll the domain.
You can configure exceptions in
Symantec Endpoint Protection Manager
or in the cloud console. The cloud console currently does not support the full range of exceptions.
The Deny List policy is a type of application control that uses the SONAR technology in
Symantec Endpoint Protection Manager
to enforce its rules. It does not use the application control driver in
Symantec Endpoint Protection Manager
.
The Deny List policy was renamed from the Blacklist policy. in 14.3 RU1.
No corresponding option.
Symantec Endpoint Protection Manager
shows low-bandwidth status. You can see whether or not the low-bandwidth option is enabled in
External Communications > Cloud Settings
.
Symantec Endpoint Protection Manager
also manages the LiveUpdate AML content that is required for low bandwidth to work.
System policy (low-bandwidth option)
(14.0.1 or later)
The System policy is a new policy in the cloud with no corresponding configuration in
Symantec Endpoint Protection Manager
. However, the low-bandwidth option requires low-bandwidth Advanced Machine Learning (AML) LiveUpdate content to be available on
Symantec Endpoint Protection Manager
for the policy to work.
Default is off.
Memory Exploit Mitigation (MEM) policy
When your domain is enrolled, you must use the cloud console to configure this policy.
Exploit Mitigation policy (MEM) policy
  • 14.0 or later for overall policy features.
  • 14.0.1 or later for per-technique configuration.
  • 14.2 RU1 for custom applications. You must have Application Isolation enabled. The client must have Application Hardening installed.
The policy options are comparable to the options in
Symantec Endpoint Protection Manager
.