Hello and welcome to another episode of Web
Informant dot tv. I am David Strom, you host
and reviewer. Today we are looking at version
12 of Symantec's Endpoint Protection Small
Business Edition. It is a powerful protective
application that can secure your small network
and we are looking at its main console that
shows you the current overall status, what
endpoints are being managed, and whether any
threats have been detected
This product is geared towards small businesses
that don't have a lot of IT depth or experience,
and it installs quickly and is very simple
to set up. It includes its own Web server
and doesn't require that your network be running
Active Directory, or even a Windows file server,
although it can leverage these pieces. It
automatically sets up a series of protective
policies, groups of computers, and rules for
protecting your endpoints and your network.
Here we are looking at the default groups
screen.
There are two major pieces to the product:
a management server called the Symantec Protection
Center that can install on just about any
Windows server Ð as long as it isn't running
Vista; and the client piece that provides
the protection, which we are looking at here,
which runs on Vista along with older Windows
versions.
This is not just an anti-virus product, but
incorporates three other main technologies
to keep your PCs from being compromised: a
desktop firewall that can beef up Windows'
own puny attempts in that area, proactive
threat protection that handles unknown and
zero day attacks, and a sophisticated collection
of intrusion prevention tactics that we'll
get to in a moment.
Once you install the server, which took us
about five minutes, you next bring up the
Client Installation Wizard that you see here.
It is very simple. There are three different
choices for the installation: -- to create
an executable setup file, send an email link
that points to the setup so that each end
user can perform their own installation, or
push the installation with no user interruption
or action, using the admin login on the end
user''s PC.
After the client has been installed, the protective
features are automatically enabled and there
is nothing more to do. It is that simple.
The value in this product is its simple reports
that can keep you current with what is happening
on your network without burying you in copious
logs with every event. Go to the Reports
/ Scheduled Reports tab and you can see a
daily and weekly status report that are set
up by default. If you want more, click on
the Add button and you can select from four
different canned reports and schedule it to
run at a certain frequency
What happens when you hit an infected Web
site, or try to download a virus? Here you
see a warning message that pops up on the
client side PC. There are also summary statistics
that are displayed over on the console as
well.
One of the things I liked about the product
was that the reporting portion of the management
console is remotely accessible, which is great
for VARs and consultants that need to manage
the machine from afar, you just bring up your
Web browser and the IP address and you will
see this screen in your browser.
[show IE doing remote monitoring from port
9090]
Another thing is that the product has a lot
going on under the covers but doesn't intrude
with a lot of annoying dialogs to the individual
end users like some personal firewalls. Here
we are looking at the Zone Alarm firewall
and what happens when we bring up IE and Google,
it peppers us with a lot of allow or block
questions.
The difference is notable with Symantec's
product Ð there isn't anything for the end
user to do, they are just being protected
as they go about their business and no annoying
dialogs either.
Going back to the management console, here
we see the list of threat signatures that
come turned on for the intrusion prevention
module (we get there by going to IP policy,
then exceptions, then add an exception to
our policy). When we took this video, we had
more than 1600 threats catalogued and there
is a convenient link to the threat database
on Symantec's Web site.
Another thing is that there is a free 30-day
trial with unlimited licenses to the full
product. The software is very competitively
priced, with client licenses ranging between
$35- $45 each, and between $16-$20 if you
are using any non-Symantec AV products, making
this software a very good deal indeed. Finally,
there is a series of screens that will show
your licensing profile Ð clicking on that
link on the main console will bring up this
information.
There is also a different version of the SEP
product with more options for larger enterprise
installations that include removable device
controls and the ability to lock users from
installing any new applications.
What are things I didn't like? I wish the
default was to replace the standard Windows
firewall with the Symantec version, which
is much more capable because the Microsoft
firewall doesn't block any outbound traffic,
and these days with the level of phishing
and blended attacks that can be a big security
weakness. Here we are looking at the various
firewall rules that you can enable and customize
(go to Policies/Firewall, add a policy, then
go to Firewall rules and select the particular
policy)
Another drawback is that the product is Windows-only:
it would be nice to have something that works
on Macs too. Thanks for watching Web Informant
dot tv. This is David Strom, feel free to
email me comments to david at strom dot com.