本帖最后由 驭龙 于 2015-5-23 15:59 编辑
SEP 12.1.6官方发布文档:
https://support.symantec.com/en_US/article.HOWTO111067.html
下载地址见此贴:
http://bbs.kafan.cn/thread-1701554-1-1.html
先上功能变化内容:
Feature changes:
◦Windows Embedded platform support
◦Reduced-size definitions for Windows clients
◦Integration with Symantec Advanced Threat Protection: Endpoint (ATP: Endpoint)
◦Command to collect file fingerprint lists for a group
◦Ability to reduce bandwidth usage when downloading definitions to clients
◦Aggressive scan mode
◦Auto-compile for Symantec Endpoint Protection client for Linux
◦Content Distribution Monitor tool for reporting
Protection features
•Integration with Symantec Advanced Threat Protection: Endpoint (ATP: Endpoint)
ATP: Endpoint is an on-premises virtual appliance that detects advanced threats on endpoints in your network. ATP: Endpoint delivers actionable data so that you can quickly analyze and respond to the threats. You can select threats to block and add them to the ATP: Endpoint policy. When ATP: Endpoint sends the policy to the Symantec Endpoint Protection Manager, read-only file fingerprints from ATP: Endpoint appear in the system lockdown configuration. You can also configure Symantec Endpoint Protection Manager client groups to use ATP: Endpoint for reputation queries and submissions.
See Configuring client groups to use private servers for reputation queries and submissions.
•System lockdown enhancements
Collect file fingerprint lists for system lockdown for a group of clients
You can run a new command from the management console to collect file fingerprints for all the applications that a group of client computers run. The best time to use this method is to add file fingerprints to whitelists. Another common use of this command is to create a list of whitelisted applications for a master image for a Windows Embedded device. In the console, click Clients, right-click a group, and click Run a command on the group > Collect File Fingerprint List.
The blacklist mode is automatically enabled in 12.1.6. You do not have to edit the conf.properties file to enable it.
See Configuring system lockdown.
See Running commands on client computers from the console.
•Reduce bandwidth usage when downloading virus and spyware definitions to clients
When too many clients simultaneously request full definition downloads from the management server, Symantec Endpoint Protection helps to prevent network overloads. If the management server downloads full definitions only rather than deltas, you can specify that clients get deltas from a LiveUpdate server instead. You can also block clients from downloading full definitions from the management server. You can also receive an alert if too many clients request full downloads from the management server.
See Mitigating network overloads for client update requests.
•Aggressive scan mode
If Windows client detects a large number of viruses, spyware, or high-risk threats, an aggressive scan mode engages automatically. The scan restarts and uses Insight lookups. You can pause or cancel the scan when it is in aggressive mode. However, you cannot configure the aggressive scan mode in either the Virus and Spyware Protection policy or the client.
•Auto-compile for Symantec Endpoint Protection client for Linux
The Symantec Endpoint Protection client installer for Linux can now auto-compile the Auto-Protect kernel module. The installer takes this action when the operating system kernel is not compatible with the precompiled Auto-Protect kernel modules.
谷歌机器翻译:
保护功能
•与赛门铁克高级威胁防护集成:端点(ATP:端点)
ATP:端点是一个内部部署虚拟设备,检测到您的网络中的终端高级威胁。 ATP:端点提供可操作的数据,让您可以快速分析和对威胁作出反应。您可以选择的威胁来阻止,并把它们添加到ATP:端点策略。当ATP:端点发送策略与赛门铁克端点保护管理器,只读从ATP文件指纹:端点出现在系统锁定的配置。您也可以配置Symantec Endpoint Protection Manager中的客户群体使用ATP:端点的信誉查询和提交。
请参阅配置客户群体使用专用服务器进行信誉查询和提交。
•系统锁定增强
收集系统锁定文件指纹列表的一组客户端的
您可以从管理控制台运行一个新的命令收集文件指纹为所有一组客户端计算机上运行的应用程序。使用这种方法的最佳时间是指纹文件添加到白名单。另一种常见使用此命令是创建白名单的应用程序的列表,用于Windows嵌入式设备主映像。在控制台中,单击客户端,右键单击一个组,然后单击运行命令该组>收集文件指纹列表。
黑名单模式在12.1.6自动启用。您没有编辑conf.properties文件来启用它。
请参阅配置系统锁定。
看到从控制台客户端计算机上运行命令。
•下载的病毒和间谍软件定义为客户降低时,带宽使用
当太多的客户同时请求全高清下载从管理服务器,赛门铁克端点保护有助于防止网络过载。如果管理服务器下载完整的定义,只而不是增量,可以指定客户端获得增量从LiveUpdate服务器代替。您还可以阻止用户从网上下载完整的定义从管理服务器。如果有太多客户要求完全下载从管理服务器也可以收到警报。
见缓解网络过载的客户端更新请求。
•进取扫描模式
如果Windows客户端检测到大量的病毒,间谍软件或高风险的威胁,一个积极的扫描模式会自动启动。扫描重新启动,并使用洞察查找。您可以暂停或取消扫描时,它在主动模式。但是,你不能在任何的病毒和间谍软件防护策略或客户端配置激进扫描模式。
•自动编译的Symantec Endpoint Protection for Linux客户端
赛门铁克Endpoint Protection客户端安装程序的Linux现在可以自动编译自动防护内核模块。安装程序会完成这个动作时,操作系统的内核是不是与预编译自动防护内核模块兼容。
另外再说一个变化,那就是IPS体系已经升级到14系,好强大的进步呀。
The following table lists the supported browser versions for Browser Intrusion Prevention. Support is based on the version of the Client Intrusion Detection System (CIDS) engine that the client uses.
For example, if your Symantec Endpoint Protection client is 12.1.3 (RU3), but the CIDS engine displays as version 14.1.2, the supported browsers are those on the CIDS 14.1.2 row. |
[复制链接]
发表于 2015-5-23 11:08:21
楼主
发表于 2015-5-23 12:16:32
支持支持
发表于 2015-5-23 13:35:55