Академический Документы
Профессиональный Документы
Культура Документы
Documentation version: 1
Legal Notice
Copyright 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo, LiveUpdate, and Norton are trademarks
or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical Supports
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base.
The Technical Support group works collaboratively with the other functional areas
within Symantec to answer your questions in a timely fashion. For example, the
Technical Support group works with Product Engineering and Symantec Security
Response to provide alerting services and virus definition updates.
Symantecs support offerings include the following:
A range of support options that give you the flexibility to select the right amount
of service for any size organization
Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers software upgrades
Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
Premium service offerings that include Account Management Services
For information about Symantecs support offerings, you can visit our website at
the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and support contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Protection features
Intelligent Threat Cloud Service for client installation packages (Windows)
Version 14 includes three new sizes of client installation packages, based on
which set of virus definitions they include:
Standard client: Designed for typical installations where clients have access
to the cloud or the clients are version 12.1.6 and earlier. The standard client
is 80% to 90% smaller than a dark network client installation package and
includes the most recent virus definitions only. After installation, the client
accesses the full set of virus definitions from the cloud.
Embedded client or VDI client: The embedded client replaces the
reduced-size client that was introduced in version 12.1.6. The embedded
client is smaller than the standard client and also includes the most recent
virus definitions only. After installation, the client accesses the full set of virus
definitions from the cloud.
Dark network client: Installs a full set of virus definitions and keeps the
definitions locally rather than accessing them from the cloud. Use this client
installation package if the client computers are in networks with no access
to the cloud.
See How Symantec Endpoint Protection uses the Intelligent Threat Cloud
Service.
See About Windows client installation packages.
Generic Exploit Mitigation (Windows)
Generic Exploit Mitigation prevents common vulnerability attacks in typical
software applications. Generic Exploit Mitigation installs with intrusion prevention
and includes the following types of protection: Java exploit prevention, heap
spray mitigation, and structured exception handling overwrite protection
Release notes 8
What's new in Symantec Endpoint Protection 14
(SEHOP). The protections apply to the specific applications that are listed in
the Intrusion Prevention policy. Symantec Endpoint Protection downloads the
application list as part of its LiveUpdate content. To see the list of applications,
open an Intrusion Prevention policy and then click Generic Exploit Mitigation.
See Using Generic Exploit Mitigation.
SONAR/Auto-Protect
Enable Suspicious Behavior Detection option (Windows)
You can enable or disable suspicious behavior detection if SONAR is
disabled. Therefore, you can have behavior policy enforcement protection
of applications on while SONAR scoring is off.
Scan files on remote computers option (Windows, Linux)
You can disable the option for SONAR or Auto-Protect to scan files on
computers on other networks. Disabling this option increases performance.
However, you should keep this option enabled as SONAR looks for worms
such as Sality, which infects network drives. For Auto-Protect scans all files
reduces and reduces the client computer's performance, you can enable the
Only when files are executed option. To access these options, click Policies
> Virus and Spyware Protection policy > SONAR or Auto-Protect.
See Adjusting SONAR settings on your client computers.
Instead, Insight Lookup uses internal settings to optimize the scan because
Download Insight detections are now completely handled by real-time
protection. The new Enable Insight Lookup option on the Scan Details
tab replaces the Insight Lookup tab in version 12.1.x. Click the Virus and
Spyware Protection policy > Administrator-Defined Scans, choose either
scheduled scans or on-demand scans, and then click Scan Details.
See Changes to Insight Lookup settings for Endpoint Protection 14.
See Customizing administrator-defined scans for clients that run on Windows
computers.
See How Symantec Endpoint Protection uses Symantec Insight to make
decisions about files.
On standard and embedded/VDI clients, Insight Lookup now allows
Auto-Protect, scheduled scans, and manual scans to look up both file
reputation information and definitions in the cloud. However, the dark network
clients include the full set of definitions and do not use Insight Lookup. You
enable Insight Lookup in the Clients > Policies tab > External
Communications > Submissions tab.
See Understanding server data collection and client submissions and their
importance to the security of your network.
See About Windows client installation packages.
To view the Risk reports, click Reports > Quick Reports > Risk.
Home page > Activity Summary link
System requirements
Symantec Endpoint Protection includes the following additional support:
Component Requirement
Microsoft Edge
Mozilla Firefox 5.x through 49.0.1
Google Chrome through 54.0.x
The installation wizard now displays the available hard drive space for local drives,
but not the hard disk space for USB thumb drives or disc drives. The wizard does
not let you install the management server unless the computer meets the minimum
system requirements. The installation proceeds if the computer meets the
recommended system requirements. The recommended minimum hard drive space
the management server needs on a system drive is 40 GB. On an alternative drive,
the management server needs 15 GB (system drive) and 25 GB (installation drive).
For more information on hard drive space requirements, see:
Release notes, new fixes, and system requirements for all versions of Endpoint
Protection
See Installing Symantec Endpoint Protection Manager.
Symantec Endpoint Protection Manager installs with the HTTPS protocol
When you install Symantec Endpoint Protection Manager for the first time, it uses
the HTTPS protocol by default to communicate between the management server
and the clients. If you upgrade from an earlier version, Symantec Endpoint Protection
Manager retains the protocol from the earlier version. For the upgrades that use
HTTP, you can create a new management server list that uses HTTPS and switch
to the list in the Communications Settings dialog box.
See Configuring a management server list for load balancing.
While you wait for the installation wizard to create the embedded database, a
progress bar shows how far the installation has progressed.
See Configuring Symantec Endpoint Protection Manager after installation.
Reset the embedded database password
If you forget or want to change the embedded database password, run the
Management Server Configuration Wizard and reconfigure the management server.
On the Windows Start menu, click All Programs > Symantec Endpoint Protection
Manager > Symantec Endpoint Protection Manager Tools > Management
Server Configuration Wizard.
See Reinstalling or reconfiguring Symantec Endpoint Protection Manager.
See Changing the password for an administrator account and the embedded
database.
The name of the Welcome page changed to the Getting Started page.
The Getting Started page displays a list of required tasks to perform before you
install for the first time or upgrade:
Run LiveUpdate now: LiveUpdate has run on Symantec Endpoint Protection
Manager and downloaded at least one set of valid virus definitions. Or,
LiveUpdate has connected to a Symantec Endpoint Protection client and
downloaded at least one set of valid virus definitions.
Activate your product: The license needs to be valid and cannot be either
over-deployed, a trial version, upgrade, invalid, or expired.
Install the client software on your computers: At least one Symantec
Endpoint Protection client needs to be connected to the management server.
The Home page > Security Status pane also indicates whether or not a
minimum of one client is installed.
Release notes 14
What's new in Symantec Endpoint Protection 14
The Getting Started page reappears until all the required tasks are completed.
Then a Do not show this page again check box appears at the bottom of the
screen. You can redisplay the Getting Started page in the Help menu.
See Logging on to the Symantec Endpoint Protection Manager console.
Client installation
Client Deployment Wizard
The Client Deployment Wizard has the following upgrades to make it easier to
install the clients:
The command to open the Client Deployment Wizard has changed from
Add a client to Install a client. You access the wizard by clicking either the
Clients pane > Tasks, or by clicking the Help menu > Getting Started >
Required tasks > Install the client software on your computers.
See Installing clients with Save Package.
The Client Install Settings dialog box has the following new options:
Remove existing Symantec Endpoint Protection client software that
cannot be uninstalled uninstalls an existing Symantec Endpoint
Protection client when other installation methods do not work. Only use
this feature to remove corrupted or malfunctioning installations of the
Symantec Endpoint Protection client.
See About the Symantec Endpoint Protection client preinstall removal
feature.
Do not uninstall existing security software is the default setting, which
you use if you do not need to uninstall any security software from the
client computer.
The wizard uninstalls more third-party security products.
See Third-party security software removal in Endpoint Protection.
You access these options either through the Client Deployment Wizard or
through the Admin > Install Packages > Client Install Settings dialog box.
See Configuring client packages to uninstall existing security software.
In the Select Group and Install Feature Sets pane of the wizard, the Include
all content in the client installation package option has changed to Include
virus definitions in the client installation package. The meaning of the check
box is clearer. This option is in the Admin > Install Packages > Export a Client
Install Package dialog box. This option replaced the Select option.
See Exporting client installation packages.
Preferred mode options removed
Release notes 15
What's new in Symantec Endpoint Protection 14
The preferred mode options have been removed because the wizard installs
the clients in computer mode by default. You can change the mode to user
mode, but Symantec recommends that you continue to use computer mode.
See Switching a Windows client between user mode and computer mode.
The overview page for an administrator account displays the following options:
Password Verification Attempt Threshold displays the number of logon
attempts administrators can make with an invalid password before Symantec
Endpoint Protection Manager locks them out. Failed Password Verification
Attempts displays the number of failed logon attempts an administrator
made.
The Test Account option on the Authentication tab has changed to Check
Account. This option checks whether the administrator account name exists
in the connected Active Directory server or the LDAP server.
See Checking the authentication to a directory server.
Client features
Device control (Mac)
You can now configure a Device Control policy for Mac clients. Device control
controls the use of removable devices, such as USBs and FireWire. The policy
supports permissions for reading, writing, and executing, and supports devices
based on the type, make, model, or serial number.
See Allowing or blocking devices on client computers.
AutoUpgrade (Mac)
You can automatically update the Mac client from Symantec Endpoint Protection
Manager.
See Upgrading client software with AutoUpgrade.
Security patches for the client (Windows)
You can now download and install security fixes for Windows clients using
LiveUpdate, a Group Update Provider, or the management server. This option
lets customers receive security fixes as easily as they receive virus definition
updates. To download the security fixes to a management server, make sure
that the option is enabled for the site. To download the security fixes to the
clients, use the Download security patches to fix the vulnerabilities in the
latest version of the Symantec Endpoint Protection client option in a
LiveUpdate Settings policy.
See Downloading content from LiveUpdate to the Symantec Endpoint Protection
Manager.
See Downloading security patches to Windows clients.
Troubleshooting client crashes (Windows)
If the client crashes or behaves abnormally, a new component collects
information about the client and reports it to a Symantec server. Symantec can
use this information to better understand the cause of the crash, and improve
Release notes 17
What's new in Symantec Endpoint Protection 14
the product. To enable this option, click Admin > Servers > Edit Site Properties
> Data Collection tab, and make sure that Let clients send troubleshooting
information to Symantec to resolve product issues faster is checked.
See Enabling the management server to send information to Symantec about
a client that crashed.
Symantec Endpoint Protection client drivers for the Windows 10 Device
Guard (Windows)
Windows 10 includes a new feature that is called Device Guard that lets you
lock down devices against new and unknown malware variants as well as
advanced persistent threats (APTs). Device Guard uses hardware technology
and virtualization to isolate hypervisor-related functions from the rest of the
Windows operating system.
API references
Symantec Endpoint Protection Manager includes a set of REST APIs that connect
to and perform Symantec Endpoint Protection Manager operations from
Symantec Advanced Threat Protection (ATP). You use the APIs if you do not
have access to Symantec Endpoint Protection Manager. The documentation is
located in the following places:
On the Symantec Endpoint Protection Manager server at the following
address, where SEPM-IP is the IP address of the Symantec Endpoint
Protection Manager server:
https://SEPM-IP:8446/sepm/restapidocs.html
Product guides for all versions of Symantec Endpoint Protection
The API for remote monitoring and management (RMM) includes a new
command, assignQuarantinePolicy. This command assigns a policy to one
or more of the group's Quarantine locations.
In addition, the RMM API documentation folder was renamed from
Tools\Integration to Tools\WebServicesDocumentation.
The semapisrv service listens for API commands for the Symantec Endpoint
Protection Manager.
Tools
The tools in this list are located in the installation file that you download from
FileConnect in the \Tools folder, unless otherwise noted.
What are the tools included with Symantec Endpoint Protection?
DeviceInfo (Mac)
Release notes 18
What's new in Symantec Endpoint Protection 14
The DeviceInfo tool lets you obtain the device vendor, model, or serial number
for a specific device on the Mac client to use in Device Control policies. The tool
is located in the \Tools\DeviceInfo folder.
TLS to Microsoft SQL Server database support
Symantec Endpoint Protection Manager communicates with the SQL Server
over an encrypted channel by default. The SetSQLServerTLSEncryption.bat
tool lets you disable or enable TLS encryption between the management server
and the Microsoft SQL Server communication. As of version 14, it can be used
with the management server installations that are configured to use the Microsoft
SQL Server database. You access the tool from <installation
directory>\Program Files (x86)\Symantec\Symantec Endpoint
Protection Manager\Tools.
Tools\CentralQ folder. You can still use the Central Quarantine tool, but you
can only download it from a previous version of Symantec Endpoint Protection.
See Configuring clients to submit quarantined items to a Central Quarantine
Server or Symantec Security Response.
Documentation
You can review a new Quick Start Guide, which describes how to get Symantec
Endpoint Protection installed and running immediately. Use this method if you
have fewer than 500 clients with a default installation.
Symantec Endpoint Protection Quick Start Guide
Version 14 does not include a Getting Started Guide. Instead, see the Getting
Started chapter of the Symantec Endpoint Protection Installation and
Administration Guide for a customizable installation. This chapter includes the
same topics that used to be in the Getting Started Guide.
Product guides for all versions of Symantec Endpoint Protection
Upgrade information
This section contains information about upgrading to the current release of the
product.
or the security patches. To get the 14 client installation packages, you must manually
import them on the Admin pane > Install Packages tab.
Importing client installation packages into Symantec Endpoint Protection Manager
To get the version 14 security patches, however, you must copy the patches from
the installation file you downloaded from FileConnect.
To copy security patches to a version 14 management server
1 After you download and extract the Symantec Endpoint Protection full
installation file from FileConnect, copy the contents of the \SEPM\Packages
folder to the SEPM-install\tomcat\packages folder.
SEPM-install represents the Symantec Endpoint Protection Manager installation
path.
2 In the SEPM-install\bin folder, run upgrade.bat.
Client information
This section contains information about the Symantec Endpoint Protection client
for Windows, Mac, or Linux.
The Help topic "Risk logs and reports" does not specify that under Additional
Settings, Scheduled scan includes all of the scheduled scan types: Active Scan,
Full Scan, or Custom Scan
These corrections are slated to appear in a future version of Symantec Endpoint
Protection.
Component Requirements
Web browser The following browsers are supported for web console access to Symantec Endpoint
Protection Manager and for viewing the Symantec Endpoint Protection Manager Help:
Microsoft Edge
Note: The 32-bit version Windows 10 does not support web console access on the
Edge browser.
See Cannot access Symantec Endpoint Protection Manager Web Console with the
Edge browser on Windows 10 (32-bit) on page 23.
Microsoft Internet Explorer 11
Mozilla Firefox 5.x through 49.0.1
Google Chrome 54.0.x
Database The Symantec Endpoint Protection Manager includes an embedded database. You may
instead choose to use a database from one of the following versions of Microsoft SQL
Server:
Component Requirements
Component Requirements
For example, if Microsoft SQL Server is installed on the Symantec Endpoint Protection
Manager server, the server should have a minimum of 8 GB available.
Hard drive when installing With an embedded database or a local SQL Server database:
to the system drive
40 GB available minimum (200 GB recommended) for the management server and
database
With a remote SQL Server database:
Hard drive when installing With an embedded database or a local SQL Server database:
to an alternate drive
The system drive requires 15 GB available minimum (100 GB recommended)
The installation drive requires 25 GB available minimum (100 GB recommended)
With a remote SQL Server database:
Note: If you use a SQL Server database, you may need to make more disk space
available. The amount and location of additional space depends on which drive
SQL Server uses, database maintenance requirements, and other database settings.
Component Requirements
See Symantec Endpoint Protection client for Windows Embedded system requirements
on page 30.
Operating system (server) Windows Server 2008 (32-bit, 64-bit; R2, SP1, and SP2)
Windows Small Business Server 2008 (64-bit)
Windows Essential Business Server 2008 (64-bit)
Windows Small Business Server 2011 (64-bit)
Windows Server 2012
Windows Server 2012 R2
Windows Server 2012 R2 update for April 2014
Windows Server 2012 R2 update for August 2014
Windows Server 2016
Browser Intrusion Browser Intrusion Prevention support is based on the version of the Client Intrusion
Prevention Detection System (CIDS) engine.
For more information, see Supported browsers for Browser Intrusion Prevention in Endpoint
Protection.
Release notes 28
System requirements for Symantec Endpoint Protection
Table 1-5 Symantec Endpoint Protection client for Windows hardware system
requirements
Component Requirements
Processor 32-bit processor: 1 GHz Intel Pentium III or equivalent minimum (Intel Pentium 4 or
equivalent recommended)
64-bit processor: 2 GHz Pentium 4 with x86-64 support or equivalent minimum
Note: Itanium processors are not supported.
Hard drive Disk space requirements depend on the type of client you install, which drive you install
to, and where the program data file resides. The program data folder is usually on the
system drive in the default location C:\ProgramData.
Available disk space is always required on the system drive, regardless of which installation
drive you choose.
Hard drive system requirements:
Table 1-6 describes the hard drive system requirements when Symantec Endpoint
Protection is installed to the system drive.
Table 1-7 describes the hard drive system requirements when Symantec Endpoint
Protection is installed to an alternate drive.
Note: Space requirements are based on NTFS file systems. Additional space is also
required for content updates and logs.
Table 1-6 Symantec Endpoint Protection client for Windows available hard
drive system requirements when installed to the system drive
Standard With the program data folder located on the system drive:
395 MB*
With the program data folder located on an alternate drive:
Table 1-6 Symantec Endpoint Protection client for Windows available hard
drive system requirements when installed to the system drive
(continued)
Embedded / VDI With the program data folder located on the system drive:
245 MB*
With the program data folder located on an alternate drive:
Dark network With the program data folder located on the system drive:
545 MB*
With the program data folder located on an alternate drive:
Table 1-7 Symantec Endpoint Protection client for Windows available hard
drive system requirements when installed to an alternate drive
Standard With the program data folder located on the system drive:
System drive: 30 MB
Program data drive: 350 MB
Alternate installation drive: 150 MB
Embedded / VDI With the program data folder located on the system drive:
System drive: 30 MB
Program data drive: 200 MB
Alternate installation drive: 150 MB
Release notes 30
System requirements for Symantec Endpoint Protection
Table 1-7 Symantec Endpoint Protection client for Windows available hard
drive system requirements when installed to an alternate drive
(continued)
Dark network With the program data folder located on the system drive:
System drive: 30 MB
Program data drive: 500 MB
Alternate installation drive: 150 MB
Component Requirements
Table 1-8 Symantec Endpoint Protection client for Windows Embedded system
requirements (continued)
Component Requirements
Hard drive The Symantec Endpoint Protection Embedded / VDI client requires the following available
hard disk space:
These figures assume that the program data folder is on the system drive. For more
detailed information, or for the requirements of the other client types, see the Symantec
Endpoint Protection client for Windows system requirements.
See Symantec Endpoint Protection client for Windows system requirements on page 27.
The Enhanced Write Filter (EWF) and the Unified Write Filter (UWF) are not supported.
The recommended write filter is the File Based Write Filter (FBWF) installed along with
the Registry Filter.
For more information, see Symantec Endpoint Protection support for Windows
Embedded.
See Supported virtual installations and virtualization products on page 33.
Release notes 32
System requirements for Symantec Endpoint Protection
Component Requirements
Hard drive 500 MB of available hard disk space for the installation
Component Requirements
For a list of supported operating system kernels, see Supported Linux kernels for Symantec
Endpoint Protection.
Graphical desktop You can use the following graphical desktop environments to view the Symantec Endpoint
environments Protection for Linux client:
KDE
Gnome
Unity
Release notes 33
System requirements for Symantec Endpoint Protection
Table 1-10 Symantec Endpoint Protection client for Linux system requirements
(continued)
Component Requirements
Note: Symantec Endpoint Protection no longer ships with Small Business Edition,
which reached end of life (EOL) in May 2015. Small Business Edition 12.1.x
customers can upgrade to Symantec Endpoint Protection, or they can use a tool
to migrate to the cloud-based Symantec Endpoint Protection Small Business Edition.
For more information, see Migrating to Symantec Endpoint Protection Small Business
Edition.
Mac client
The following versions of Symantec Endpoint Protection client for Mac can upgrade
directly to 14:
12.1.4013.4013 - Release Update 4 (RU4)
12.1.5337.5000 - Release Update 5 (RU5)
12.1.6168.6000 - Release Update 6 (RU6)
12.1.6465.6200 - Release Update 6, Maintenance Patch 2 (RU6 MP2)
12.1.6867.6400 - Release Update 6, Maintenance Patch 4 (RU6 MP4)
12.1.7061.6600 -Release Update 6, Maintenance Patch 6 (RU6 MP6)
Note: The Symantec Endpoint Protection client for Mac was not updated for 12.1.3,
12.1.6 MP1 / MP1a, 12.1.6 MP3, and 12.1.6 MP5.
Linux client
The following versions of Symantec Endpoint Protection client for Linux can upgrade
directly to 14:
12.1.5337.5000 - Release Update 5 (RU5)
12.1.6168.6000 - Release Update 6 (RU6)
12.1.6608.6300 - Release Update 6, Maintenance Patch 3 (RU6 MP3)
12.1.6867.6400 - Release Update 6, Maintenance Patch 4 (RU6 MP4)
Release notes 36
Where to get more information
Manuals and documentation English: Product guides for all versions of Symantec Endpoint Protection
updates
Other languages:
Spanish
French
German
Italian
Brazilian Portuguese
Korean
Japanese
Chinese (simplified)
Chinese (traditional)
Russian
Includes knowledge base articles, product release details, updates and patches,
and contact options for support.
Training SymantecTV
For free online technical training.
Symantec Education Services
Access the training courses, the eLibrary, and more.