Antivirus Symantec

[Kanisha Marchant]

SymantecEndpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.[2]

The first release of Symantec Endpoint Protection was published in September 2007 and was called version 11.0.[3] Endpoint Protection is the result of a merger of several security software products, including Symantec Antivirus Corporate Edition 10.0, Client Security, Network Access Control, and Sygate Enterprise Edition.[3] Endpoint Protection also included new features.[3] For example, it can block data transfers to unauthorized device types, such as USB flash drives or Bluetooth devices.[3]

At the time, Symantec Antivirus Corporate Edition was widely criticized as having become bloated and unwieldy.[2] Endpoint Protection 11.0 was intended to address these criticisms.[2] The disk footprint of Symantec Corporate Edition 10.0 was almost 100 MB, whereas Endpoint Protection's was projected to be 21 MB.[2]

In 2009, Symantec introduced a managed service, whereby Symantec staff deploy and manage Symantec Endpoint Protection installations remotely.[4] A Small Business Edition with a faster installation process was released in 2010.[5] In February 2011, Symantec announced version 12.0 of Endpoint Protection.[6] Version 12 incorporated a cloud-based database of malicious files called Symantec Insight.[6] Insight was intended to combat malware that generates mutations of its files to avoid detection by signature-based anti-malware software.[6] In late 2012, Symantec released version 12.1.2, which supports VMware vShield.[7]

A cloud version of Endpoint Protection was released in September 2016.[8] This was followed by version 14 that November.[9] Version 14 incorporates machine learning technology to find patterns in digital data that may be indicative of the presence of a cyber-security threat.[9] It also incorporates memory exploit mitigation and performance improvements.[10]

Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features.[11] According to SC Magazine, Endpoint Protection also has some features typical of data loss prevention software.[12] It is typically installed on a server running Windows, Linux, or macOS.[13] As of 2018, Version 14 is the only currently-supported release.[14]

Endpoint Protection scans computers for security threats.[11] It is used to prevent unapproved programs from running,[11] and to apply firewall policies that block or allow network traffic.[15] It attempts to identify and block malicious traffic in a corporate network or coming from a web browser.[16] It uses aggregate information from users to identify malicious software.[12] As of 2016, Symantec claims to use data from 175 million devices that have installed Endpoint Security in 175 countries.[12]

Endpoint Protection has an administrative console that allows the IT department to modify security policies for each department,[11] such as which programs or files to exclude from antivirus scans.[12] It does not manage mobile devices directly, but treats them as peripherals when connected to a computer and protects the computer from any malicious software on the mobile devices.[12]

In early 2012, source code for Symantec Endpoint Protection was stolen and published online.[17] A hacker group called "The Lords of Dharmaraja" claimed credit, alleging the source code was stolen from Indian military intelligence.[18] The Indian government requires vendors to submit the source code of any computer program being sold to the government, to ensure that they are not being used for espionage.[17] In July 2012, an update to Endpoint Protection caused compatibility issues, triggering a Blue Screen of Death on Windows XP machines running certain third-party file system drivers.[19] In 2014, Offensive Security discovered an exploit in Symantec Endpoint Protection during a penetration test of a financial services organization.[20] The exploit in the Application and Device control driver allowed a logged-in user to get system access.[20] It was patched that August.[20] In 2019, Ofir Moskovitch, a Security Researcher discovered a Race Condition bug which involves 2 Critical Symantec Endpoint Protection Client Core Components: Client Management & Proactive Threat Protection and directly results in Protection Mechanism Failure that can lead to a Self-Defense Bypass, aka "SEMZTPTN" - Symantec Endpoint Minimized Timed Protection.[21]

According to Gartner, Symantec Endpoint Protection 14 is one of the more comprehensive endpoint security products available and regularly scores well in independent tests.[10] However, a common criticism is that customers are "fatigued" by "near constant changes" in the product and company direction.[10] SC Magazine said Endpoint Protection 14 was the "most comprehensive tool of its type . . . with superb installation and documentation."[12] The review said EndPoint Protection had a "no-brainer setup and administration," but it does have a "wart" that support fees are "a bit steep."[12]

Forrester said version 12.1 was the most complete endpoint security software product on the market, but the different IT security functions of the software were not well-integrated.[22] The report speculated the lack of integration would be addressed in version 14.[22] Network World ranked Symantec Endpoint Protection sixth in endpoint security products, based on data from NSS Labs testing.[23]

Norton *anything is usually their home/personal brand so Norton Antivirus would be for personal usage at home. Symantec is usually their corporate branding. So Symantec Antivirus (Corporate Edition) SAVC would be their server based product for business.

Corporate type antivirus solutions are usually server based - the server pushes updates to the clients and monitors who is protected, who isn't, who has updated, who hasn't, who is soing risky stuff...

For home use there will alawys be flame wars as to who is "better." Currently MSE appears to be a relatively light weight (doesn't bog your system down) and decent solution. One of the reasons people hate Norton was that it SEVERELY slowed your system down though recent versions have been better. They were also known for going into your system and sometimes crashing and then refusing to uninstall - you had to really dig it out with special uninstall tools. Again recently they've been better. Note that MSE is changing - their new versions are coming out and they will include more features. How this will affect, no one really knows. Also note that they are free if you have a machine certified as genuine, otherwise they will turn off.

The difference between Norton and Symantec Antivirus today is in how the definitions are sent out. Norton Antiviurs gets its lists directly from Symantec (company) while Symantec Antiviurs is usually managed by a business's internal IT department.

Historically, Symantec used to also be a lot more resource friendly than Norton which was very resource intensive. Recently, with Norton Antivirus 2010 and 2011, its resource usage is significantly better, and user experience wise, the difference probably only lies with the user interface.

Symantec Data Loss Prevention (DLP) frequently writes to several common directories. Some antivirus solutions may view this behavior like a virus or security threat and may interfere with DLP processes - having unexpected results.

Most of the Oracle files to be excluded are located in these directories, but additional files are located in other directories.

Use the Oracle Enterprise Manager (OEM) to check for additional files and exclude their directories from antivirus scanning.

Note: Symantec does not recommend that you exclude individual binaries from antivirus applications. The names and locations of binary files may change with new software releases and patches. Additionally, we also create and place files in directories like drop, drop_pcap, etc. Since we do not know what the file names will be, we must exclude the entire directory.

LabVIEW has some history of strange interactions with Symantec antivirus. I found one case in our service request history with similar symptoms where they were using a timed loop on a Windows machine with Symantec. Because the timed loop modifies thread priorities and does some other stuff on the backend, Symantec AV really didn't like it and it caused CPU spikes. The issue was somewhat resolved by replacing the timed loops with regular while loops. If you have timed loops, this may be something to consider.

Sorry, In rereading my post I realize my wording implied I was developing on the server, but actually the development is on a workstation and we are just saving files to a new server running server 2016, The server is new, old server was running server 2003, but we were also saving all our labview code locally (for the past 10 years), and then just making periodic backups (sometimes). The idea is to save everything to the new server to insure periodic backups, as it was not happening consistently when things were being saved on the workstation.

The Symantec antivirus does seem to be slowing everything down and I thought it was the source of some labview save issues, but those have now seemed to have resolved with repair of some dependency files being relinked. But it still is taking up to 50% CPU, so I think there is some tweaking of the virus program, perhaps some exclusions, that will need to be done. Just wondering if anyone else had run into similiar issues and had recomendations. Thanks for taking time to reply.

Thanks for the input, I don't think we are using any timed loops in our application, but is good to know for reference. Because we don't have control over what antivirus software is installed our deployed systems by customers at their sites, we'll have to just watch for any problems to develop with running the built applications.

3a8082e126