Quick reference for
Symantec Endpoint Protection
-managed versus
Symantec Endpoint Security
-managed features in ICDm

Symantec Endpoint Security
provides security on Windows, Mac, Linux, and mobile devices across the following attack phases: pre-attack, attack, breach, and post attack. You manage all Symantec Endpoint Security features in the Integrated Cyber Defense Manager (ICDm) cloud console.
Comparison between on-premises
Symantec Endpoint Protection
and
Symantec Endpoint Security
features
Feature
On-premises-managed (SEP)
Partially cloud-managed (hybrid) (SEP)
Fully cloud-managed (
Symantec Endpoint Security
Complete)
Comments
Agent platform support
Workstation (Windows/macOS)
iOS/Android
√**
On-premises deployment and management do not include Windows 10 S Mode, iOS, or Android.
**Protected by Mobile Security
Windows Server (Server/Linux)
Policies
Attack Prevention
Antimalware policy
√**
**Called Virus and Spyware Protection policy
Exploit Protection policy
√**
**Called MEM policy
Host Integrity policy
Intensive Protection policy
√**
**Part of Antimalware policy
Network Integrity policy
√**
**Enable Device Protection
Web and Cloud Access Protection policy > Tunnel method based on VPN (formerly Full traffic redirection)
√**
**Enable Device Protection
Web and Cloud Access Protection policy > PAC File method (formerly Web traffic redirection)
√*
√*
√**
*Called Network Traffic Redirection policy
**Enable Device Protection
Attack
Breach assessment
√+
Active Directory Threat Defense
Application Control
  • App Control policy
√*
√*
√**
* Partial support
**Enable App Control and App Isolation
Application Isolation
  • Browser Isolation policy
  • Office Isolation policy
  • PDF Renderer Isolation policy
  • Platform policy
  • Trusted Updater policy
**
√**
**Enable App Control and App Isolation
Device Control policy
√**
**On roadmap: User-based policy assignment using Active Directory security groups
Breach Prevention
Firewall policy
Intrusion Prevention policy
√**
**On roadmap: Custom IPS signatures
Deception
Active Directory Security
Content Analysis
Auto-managed policies
**
**On roadmap
Response and Remediation
Detection Response (FDR) policy
**√
Endpoint Detection and Response is currently in preview mode for select customers.
**Enable Endpoint Detection and Response
Behavioral forensics
**√
**Enable Endpoint Detection and Response
Threat Hunting and rapid response
**√
**Enable Endpoint Detection and Response
Expert SOC Investigator
**√
Threat Hunting
Threat Hunting Center
√ (Add-on)
Managed Services
Threat Hunting Service
√ (Add-on)
Product Integrations
ICDx
**
**On roadmap
Other policies
Deny List policy
√**
**Called Exceptions policy
Allow List policy
√**
**Called Exceptions policy
Low bandwidth mode
**
√**
**Part of the System policy
System policy
√*
√**
*Multiple policies and settings
  • **Includes settings for LiveUpdate, proxy configuration, agent auto-upgrade, Tamper Protection, client restart, client password
  • **Also called Device Integrity
  • **On roadmap: ability to lock content version, modern efficient content distribution
Client Commands
Run LiveUpdate
Run Quick Scan
Run Full Scan
Run PowerEraser
**
**On roadmap
Disable AutoProtect
*
*Deprecated
Disable Download Insight
*
*Deprecated
Audit Logs
Object, user, timestamp
Policy versioning with rollback
Audit events
APIs
API to access policy content JSON
**
**On roadmap
API to access event data
Console Login Authentication Methods
Local
LDAP
Active Directory
Smart cards (PIV/CAC)
Two-factor authentication (2FA): VIP
2FA: RSA
2FA: Active Directory
2FA: SAML
Client Deployment
Downloadable installation package to deploy using third-party software delivery tools
Discover and deploy
√*
√*
√**
* Called unmanaged client detector
** Called discovery agent
Option to include/exclude content in installation package
**
**On roadmap
Add-ons require additional licensing.
+On-premises management only. Requires an installation of
Symantec Endpoint Protection
version 14.1 and later.
Hybrid features that are managed from the cloud.
More information