Symantec Endpoint Protection 11.0 Maintenance Release 2: What’s new

Symantec Endpoint Protection 11.0Maintenance Release 2: What’s new

Updated 11th April 2008

Optional Footer Information Here 2

Agenda

New features and improvements11

Resolved product issues22

Other points to be aware of33


New features and improvements


New features and improvements:New platform support

• Windows 2008 support (inc Server Core)SEP client only (32 and 64bit)

• Windows Vista SP1 supportSEP client only (32 and 64bit)


New features and improvements:Less resource usage / Lighter footprint

Symantec Endpoint Protection Manager• Use less RAM for Console, Server and Embedded DB

– approx 256mb• Now less disk space

– approx 2GB

Symantec Endpoint Protection client• Now less disk space

– approx 400mb

Optional Footer Information Here

New features and improvements: Manager Installation > Create sys admin

6


New features and improvements: Manager Installation > Choose config

* This dialog will only appear with a new SEPM install, not an upgrade *


New features and improvements: Manager Installation > Simple

Automatically configures the following:• Embedded database chosen• Site name set to ‘My Site’• Admin-specified password used for DB and encryption also• 3 content revisions stored

8

Please note: By default a SEPM will download 3 new certified AV/Antispyware content updates per day, therefore storing 3 content revisions would mean SEP client content could only be out of date by 1 full day before a full update would be downloaded.


New features and improvements: Manager Installation > Advanced


New features and improvements: Manager Installation > Advanced

Content revisions stored, for each option chosen:• Less than 100: 3• Between 100 and 500: 3• Between 500 and 1000: 10• More than 1000: 30

10

Please note: By default a SEPM will download 3 new certified AV/Antispyware content updates per day, therefore storing 3 content revisions would mean SEP client content could only be out of date by 1 full day before a full update would be downloaded.


New features and improvements: Manager Installation > DB choice


New features and improvements: Manager Installation > DB choice

Re embedded DB option now supporting 5000 computers:• Increased so that customers in the range of 1000-5000 were

not forced to purchase SQL licenses.• No further DB optimisation has been implemented, BUT:

– Lab testing has proven the embedded DB can adequately scale beyond 5000 managed computers, even out-performing MS-SQL in environments with small numbers.

– A product issue has been resolved whereby the embedded DB would not reclaim freed up space, therefore would continue to grow indefinitely.

12


New features and improvements: Manager Installation > Summary


New features and improvements: Console Homepage

Latest content versions now show on homepage for both Symantec’s public Liveupdate server and the local SEPM:


New features and improvements: Content revision control via the console

Number of content revisions stored is now configurable via the console.

Please note: If you choose ‘Simple’, this will set the stored content revisions to 3.

If you choose ‘Advanced, then:• Less than 100: 3 revisions• Between 100 and 500: 3 revisions• Between 500 and 1000: 10 revisions• More than 1000: 30 revisions

If you upgraded the SEPM, the previously configured setting will be preserved (10 by default preMR2).


New features and improvements: Delta generation CPU usage control

• The mdef25builder will now, by default, never use more than 50% of available CPU cycles.

• This is configurable by adding the following parameter to the conf.properties file:– scm.delta.cpu.usage

• The advantage is less impact on the SEPM when deltas are being created– Be aware though that this also means the process will take longer to complete

the required delta generation task.

16


New features and improvements: More responsive console experience

* Not installed by default, optional component on CD3 *• The IIS 6.0 FastCGI extension improves the performance of

the Home, Monitors, and Reports pages of the console.• Is standard component to ship with Windows 2008.• Documentation also provided on CD3 detailing setup steps.• Symantec provides full support for the SEPM with the

successful installation of the FastCGI extension.

17


New features and improvements: Template AV/Antispyware policies

• Default (Balanced), High Security, High Performance.• All specifics documented in product admin manual (p394)

18


New features and improvements: Template Application Control policies

Further template policies added in MR2:

19


New features and improvements: Automatic AV/Antispyware exclusions

• SEP 11.0, when released, already set automatic exclusions for MS Exchange 2003 and 2007.

• Now, MR2 will add automatic exclusions for:– SEPM embedded database and transactional logs– Active Directory database, transactional logs and working files

• Following Microsoft best practice recommendations

20


New features and improvements: Granular Device Control

• Devices can now be identified by any means– Type, Brand, Model, Serial Number

• Tool provided on CD3 to verify Device IDs (DevViewer)

• Some Device ID examples:– SanDisk Micro Cruzer - USBSTOR\

DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\0002071406&0

– Apple iPod - USBSTOR\DiskApple___iPod____________1.62\4&3656B0&0

– Hitachi IDE Hard Drive - IDE\DISKHTS541060G9SA00_________________________MB3IC60H\4&14AA9DA8&0&0.0.0

21



22



23


New features and improvements: Other updated included components

• Liveupdate Administrator 2.1.2 (MR2)– Now supports Vista SP1 and Windows 2008

• Symantec Antivirus for Linux 1.0.4 (MR4)• Network Access Control 11.0.2 (optional additional purchase)

– Now includes Microsoft NAP support and Peer-to-Peer enforcement

24


Resolved product issues


Resolved product issues:Performance

• Fixed port leaks on SEPM server• Optimized disk space usage of embedded database• Fixed excessive disk space used by antivirus logs on

SEPM• Fixed excessive disk space use by LiveUpdate on SEP

client• Reduced length of accelerated heartbeat on SEP client to

optimize communication between SEPM and SEP client


Resolved product issues: Functionality and usability

• Resolved inconsistent scanning of files on SEP client• Improvements to SEPM console home page include all

charts displayed properly, all agents and agent status appear correctly

• Fixed site and agent replication issues• Fixed ClientRemote Utility• Optimized creation of group folders so that they can be

created in a timely manner• Optimized performance of Active Directory synchronization

to avoid database deadlocks• Minimized boot time on SEP client by optimizing Symantec

processes during startup


Resolved product issues: Communication and connectivity

• Addressed issues whereby SEP clients connecting to a SEPM over slow network links could saturate the line when retrieving content updates

• Addressed issues with SEP client communicating with SEPM behind a firewall with NAT or after changing the remote console port

• Addressed issue with SEP clients management being blocked by Checkpoint VPN client connections


Other points to be aware of


Other points to be aware of:SEP client cached installs have moved

* Now also compressed to save disk space *


Other points to be aware of:Default AV/Antispyware policy overwrite

• MR2 changes the default AV/Antispyware policy so that an ActiveScan doesn’t occur each time new definitions are loaded (which occurs 3 times a day by default):

• This change means that if you install MR2 over an existing pre MR2 SEPM, the default AV/Antispyware policy will be overwritten.

• It is recommended, if you wish to keep this default AV/Antispyware policy, please make a copy of it or rename it before upgrading to MR2.


Other points to be aware of:MR2 client will not be available via LU

• Due to a defect in SEPM, pre-MR2 releases of SEPM cannot download MR2 LiveUpdate Packages.

• Customers will have to download SEPM via FileConnect. – Since new SEPM will already contain MR2 SEP client packages, it

will be unnecessary for administrators to use LiveUpdate to download the MR2 client packages.

• Once administrators have MR2 SEPM release in their environment, they can use LiveUpdate to download future client packages (to be determined... either MR2 MP1 or MR3) that will be available via LiveUpdate.


Other points to be aware of:How to shrink the embedded DB

• There is a product issue preMR2 whereby the embedded DB would continue to grow indefinitely.

• This was caused by the SEPM not successfully periodically reclaiming freed up space.

• If you have upgraded the SEPM to MR2, some steps can still be followed to reclaim this space:

Note: Technical Support can assist with this procedure as needed.

1. Via DOS prompt, navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\

2. Run command dbunload -c "uid=dba;pwd=dba_password" –ar3. Restart the SEPM service.


&ANSWERSQUESTIONS

Thank you!

Symantec Endpoint Protection 11.0 Maintenance Release 2: What’s new

Documents

Transcript of Symantec Endpoint Protection 11.0 Maintenance Release 2: What’s new