Client features

As you transition from using an on-premises
Symantec Endpoint Protection
(SEP) 14.x to
Symantec Endpoint Security
(SES) Complete, you should be aware of some important terminology changes. The features are equivalent.
Product terminology changes
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Symantec Endpoint Protection client
Symantec Agent
client computers
devices
To find out more about how client features differ in each product, see the following topics:

Client installation packages/device discovery

You access most client installation features by selecting one of the following:
  • Symantec Endpoint Protection Manager
    :
    Admin
    >
    Install Packages
    >
    Client Install Settings
  • Symantec Endpoint Security
    :
    Settings
    >
    Installation Package
The endpoint software is called the
Symantec Endpoint Protection
client in
Symantec Endpoint Protection
and the Symantec Agent in
Symantec Endpoint Security
.
Client installation packages/device discovery: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Deployment
Deploy client installation package from
Symantec Endpoint Protection Manager
:
  • Save package
  • Remote push
  • Web link and email
Deploy the Symantec Agent from
Symantec Endpoint Security
:
  • Installation package creator: Creates a package that either installs directly or that you can deploy for installation. Similar to Save package.
    Installation package creator is not available for Linux.
  • Direct installation package: Downloads package components that install directly to the device (new to
    Endpoint Security
    ).
  • Invite users: Web link and email.
  • Push enrollment: Remote push.
    Push enrollment is not available for Mac and Linux.
For more information, see:
Installation type
  • Interactive
  • Silent
  • Show progress bar only
  • Interactive
  • Silent
  • Show progress bar only
Not available for Mac and Linux. By default, the installation is Silent.
Installation folder specification
  • Customizable installation folder.
  • Go to
    Client Install Settings
    .
  • Go to
    Show More
    >
    Advanced Options
    .
  • Options:
    • Install to the default installation folder.
    • Install to a custom installation folder.
Not available for Mac and Linux.
Custom feature sets
  • Go to
    Client Install Feature Set
    .
  • Options:
    • Full Protection for Clients
    • Full Protection for Servers
    • Basic Protection for Servers
For Windows workstations:
Symantec Agent protection features available for Windows workstations depend on activated products:
  • Malware Protection
  • Behavioral Analysis
  • Device Control
  • Intrusion Prevention
  • Exploit Protection
  • Firewall
  • Microsoft Outlook Auto-Protect
  • Application Control
  • Application Isolation
  • Active Directory Defense
  • Endpoint Detection and Response
  • Secure Connection
For Windows servers:
The
Protection settings for Windows servers
option is limited intentionally for servers only. Workstations ignore this setting. There is no plan for the granular settings that
Symantec Endpoint Protection Manager
has.
Full installation (same as
Full Protection for Servers
) includes:
  • Malware Protection
  • Behavioral Analysis
  • Device Control
  • Intrusion Prevention
  • Exploit Protection
  • Firewall
Server-optimized installation (same as
Basic Protection for Servers
) includes:
  • Malware Protection
For Mac:
Protection features available for Mac:
  • Malware Protection
  • Device Control
  • Intrusion Prevention
For Linux:
Protection features available for Linux:
  • Malware Protection
Virus definitions
Option to include virus definitions in installation package:
Go to
Client Deployment Wizard
>
New package
>
Content Options
.
Virus definitions in the deployment package are implemented but not supported.
Not available for Mac and Linux.
Restart type
For clients:
  • Forced
  • Delayed
  • No restart
  • Custom restart
Depending on the selection, the restart can be:
  • Immediately
  • At this time (or up to this time), on the next occurrence of this day, with time randomization
  • Go to
    Show More
    >
    Advanced Options
    .
  • Options:
    • No Restart
    • Immediate Restart: Same as Forced.
    • Delayed: Scheduled, up to this time, on the next occurrence of this day, with time randomization.
Not available for Mac and Linux.
More restart settings
For Forced, Delayed, and Custom types:
  • No prompt
  • Prompt with a countdown, X minutes
  • Prompt and allow snooze until X (not always available)
Other options, depending on restart type:
  • Hard restart
  • Restart immediately if the user is not logged in
  • Go to
    Show More
    >
    Advanced Options
    .
  • Options:
    • No prompt
    • Prompt with a countdown of X minutes
    • Prompt and allow user to delay restart until X
      - Restart message
Other:
  • Hard restart
  • Restart immediately if the user is not logged in
Not available for Mac and Linux.
Software removal options
For client:
  • Do not uninstall existing security software
  • Automatically uninstall existing third-party security software
  • Remove existing
    Symantec Endpoint Protection
    client software that cannot be uninstalled (Cleanwipe) (14)
  • Go to
    Show More
    .
  • Options:
    • Do not uninstall existing security software
    • Automatically uninstall existing third-party security software
    • Remove existing Symantec Agent software that cannot be uninstalled (Cleanwipe) (14)
Not available for Mac and Linux.
Reduced-size definitions
Supported.
Deprecated

Upgrade client software/AutoUpgrade

AutoUpgrade is not available on Mac and Linux devices. To upgrade the client software on a Mac or Linux device, you must reinstall a new client installation package.
Upgrade client software/AutoUpgrade: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Upgrades
To Automatically upgrade the client, use the Upgrade Clients with Package wizard.
  • Maintain existing client features when updating.
  • Select features (Full Protection for Clients, Full Protection for Servers, Basic Protection for Servers).
  • Install Settings (Default Standard client installation settings, Embedded or VDI, Dark Network).
  • Include new content types in the client installation package.
  • Upgrade schedule (From - to, Distribute upgrades over x days).
  • Notifications:
    • Notify users before an upgrade.
    • Notification message (use Default).
  • Allow users to postpone the upgrade process (max and minimum time).
No plans for templates. You can use scheduled scans only.
  • Maintain existing client features when updating: Deprecated
    Not needed. The client doesn't change features when updating. Instead, LiveUpdate downloads the feature difference.
  • Select features: Deprecated
    Not needed. The upgraded package uses the same features as in the client installation package.
  • Install Settings: Only the standard-size package is supported. There are no current plans for dark or embedded installations.
  • Include new content types in the client installation package: Not used. The cloud always uses LiveUpdate and no other method.
  • Upgrade schedule: The upgrade options are the same.
  • Notifications: Includes a standard but customizable message.
  • Allow users to postpone the upgrade process: Uses the Restart Type and Settings.
Updates
Select a server to download the installation package from.
  • Download from the management server
  • Download from the following URL
Uses LiveUpdate only, as the management server is not involved. Admin configures this in the
System policy
>
LiveUpdate Server & Schedule
section.
Restart options
  • The upgrade completes in Client Install Settings.
  • Virus definitions are installed on the client.
Includes an option to not restart the Windows client computer.
  • Immediate restart
  • No Restart
  • Scheduled Restart
Restart settings:
  • No prompt
  • Prompt with a countdown of x minutes
  • Prompt and allow user to delay restart until x
Latest versions
You can upgrade to the latest version of
Symantec Endpoint Protection
from any earlier version, based on the supported upgrade path.
Release channel (
Client Upgrade Settings
) moved to System policy with the following changes:
  • Previous release:
    This is the release before the current/latest release and is the most stable.
  • Latest release:
    Same as in the
    Symantec Endpoint Protection Manager
    , but not as stable as the
    Previous release
    .
  • Select a revision:
    Removed.
  • Prerelease:
    Changed (engine version). This is the beta version of the release and is the least stable.

Client management and general protection

Not yet available on Mac or Linux devices.
Client management and general protection: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Run commands on clients from the management server
  • Scan
  • Update content
  • Update content and scan
  • Start Power Eraser analysis
  • Restart client computers
  • Enable Auto-Protect
    Notify users before an upgrade.
  • Enable/Disable Network Threat Protection
  • Enable/Disable Download Insight
  • Collect File Fingerprint List
  • Delete from Quarantine**
  • Cancel all scans**
  • Scan
  • Update content
  • Restart
Control options
  • Server control
  • Client control
  • Mixed control
  • Mixed control: Deprecated.
  • Server control/Client control: The settings on these pages have mostly been removed because they are enabled by default and not visible to the user. A few settings are visible to the client user if the admin makes them visible. In each policy, these types of settings should be in
    User Interaction Settings
    .
Bandwidth settings
Low bandwidth mode (new in 14.1)
  • Go to
    System policy
    >
    General settings
    .
  • Options:
    • Run in low Bandwidth Mode
    • Allow the user to request an exception for a blocked event (only available if you have Application Control enabled)
Password protecting the client
  • Go to
    Clients
    >
    Policies
    tab.
  • Options:
    • Require a password to open the client user interface
    • Require a password to stop the client service
    • Require a password to uninstall the client
    • Require a password to import or export a policy and to import client communication settings
    • Apply password settings to non-inherited subgroups
    • Password/Confirm Password
  • Require a password to open the client user interface
  • Require a password to stop the client service
  • Require a password to uninstall the client
  • Require a password to import or export a policy and to import client communication settings
  • Apply password settings to non-inherited subgroups: Deprecated. Not needed. Groups use natural inheritance from cloud.
  • Password/Confirm Password
Management servers
  • Move clients to a different management server by running the SylinkDrop tool.
  • Move clients to a different management server by redeploying a client package with the
    Communication update package deployment
    option.
The cloud does not have management servers, but it does have domains. In both cases, use one of the following methods:
  • Move the client to another domain or a custom domain (rare case).
  • Use the FSD package by redeploying the client package or enrolling in a new domain.
Suspicious file submission
Configure client submissions of pseudonymous security information to Symantec.
Submit suspicious files pseudonymously to Symantec to enhance threat protection intelligence.
Enabled by default in the System policy for cloud managed devices.
Usage information submission
Configure clients to securely submit pseudonymous system and usage information.
Not available.
Management server/client communication
Manage the external communication between the management server and the clients.
  • Management server lists
  • Communication mode (push or pull)
  • Set heartbeat interval
  • Upload learned applications
  • Upload critical events immediately
  • Set download randomization
  • Set reconnection preferences
Deprecated because the management server is not used.
Upload critical events immediately
runs by default.
Private servers
Configure clients to use private servers.
  • Advanced Threat Protection server for Insight lookups and submissions
  • Private Insight server for Insight lookups
ATP was renamed to Endpoint Detection and Response (EDR).
Deprecated.
Proxy server
Supported.
A proxy server is used for:
  • Client installation and enrollment
  • LiveUpdate Server
Unmanaged detector
Supported.
Partial support.
Endpoint Security
includes on-demand detection of unmanaged devices, where the cloud looks for and finds unmanaged devices continuously. This feature is more advanced but not automatic.
Go to
Devices
>
Unmanaged Devices
.
User information
Set User Information Collection
Deprecated.

Mac Agent features

The Mac Agent is available in the cloud console only.
Mac Agent features: SES only
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Installation
Not supported.
  • Installation package creator: Creates a package that either installs directly or that you can deploy for installation. Similar to Save package.
  • Direct installation package: By default, installation is Silent. Customization is not available on Mac.
  • Customizable installation folder (Client Install Settings): Only for restart and upgrade. You cannot customize the installation folder. Installation logging always writes to
    /tmp/sepinstall.log
    .
For more information, see:
Policies
Not supported.
Available now:
  • Antimalware:
    • Scheduled scans (quick and full)
    • Turn on/off AutoProtect
    • Turn on/off behavioral analysis
    • Turn on/off Symantec early launch antimalware
    • Turn on/off Microsoft Outlook Auto-Protect
  • Intrusion Prevention:
    • Turn on/off Intrusion Prevention
    • Signature action exceptions
    • Turn on/off user notifications
Available soon:
  • Device Control
  • Firewall
  • Allow List
  • Deny List
  • Device commands (such as Run LiveUpdate, Scan Now, Quarantine)
For more information, see:

Linux Agent features

The Linux Agent is available in the cloud console only.
Linux Agent features: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Installation
Not supported.
The installation package creator creates a package that either installs directly or that you can deploy for installation. Similar to Save package. See:
Policies
Not supported.
  • Antimalware:
    • Intensity Level
    • Scheduled scans (quick and full)
    • Turn on/off AutoProtect
    • Turn on/off behavioral analysis
    • Turn on/off Symantec early launch antimalware
    • Turn on/off Microsoft Outlook Auto-Protect
  • Intrusion Prevention:
    • Turn on/off Intrusion Prevention
    • Signature action exceptions
    • Turn on/off user notifications
For more information, see:

Log settings for clients

Client log settings are only available in
Symantec Endpoint Protection
.
Log settings for clients: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Size and retention settings
Set size and retention options for logs that are maintained on the client computers:
  • Client Activity
  • System
  • Security and risk
  • Security
  • Traffic
  • Packet
  • Control
Not available yet.
Risk log settings
  • Delete acknowledge notifications after 30 days
  • Delete risk events after 60 days
  • Delete scan events after 30 days
  • Compress risk events after 7 days
  • Delete unacknowledged notifications after 30 days
  • Delete commands after 30 days
  • Delete EICAR events
No plans.