Symantec Endpoint Protection
Symantec Endpoint Protection review
Impressive protection, but we had occasional problems communicating with the cloud service
While some business anti-malware suites rely on a control console on your local network, either in the form of a dedicated program or an administrator-accessible tab within the desktop client, others favour a web-based hosted model. This makes sense, given that almost all malware relies on the internet to propagate itself and – similarly – most anti-malware tools rely on live online reputation information to identify potential threats.
Symantec’s Endpoint Protection for small businesses is a cloud-connected anti-malware defence system which consists of two parts: the desktop Endpoint Protection client and the web-based Symantec.cloud hosted control interface. The web interface is immediately friendly and informative. It’s easy to add new computers simply by logging into the interface from the client PC and downloading the installer, which is customised to ensure that it associates the PC with the right control group. Alternatively, you can download a redistributable package for your users to install or send email download invitations. No further configuration at the client end is required once it’s been installed, which is excellent for companies that trust their users to run files to install the software they need, but don’t want to burden them with having to configure it.
The client is compatible with Windows XP, Vista, 7 and 8, as well as Windows Server 2003 and 2008. Mac OS X and Android devices can also be managed via Symantec.cloud. The Windows client is really simple, as most of its configuration options are only available via the web control interface, which also means that your users can’t mess with any important settings. It displays your protection status, lists which modules are active and tells you whether or not the program is currently connected to the Symantec.cloud service. Even if the connection is down, basic features still work. You won’t benefit from Symantec’s reputation-based defence, but as the most likely reason for the cloud connection to fail is because your internet connection is down, you’re not likely to encounter many zero-day threats. Users can start scans and view quarantined threats, detected risks and other activities logs, but that’s about it; the program’s defensive behaviour is mostly controlled via the master web interface.
Your main Symantec.cloud page shows you an overview of the health of the computers it’s protecting, a summary of its recent defensive activity and the status of your services, including the remaining length of your licence, the number of systems which can be associated and the number which are active. Tabs along the top of the screen provide closer control of different elements of the service. The Computers tab lets you view all the PCs associated with the account; this is also where you can add extra groups, so you can apply different levels of control to different groups of users. You can set up which modules are active for each group in the Policies tab.
Protection modules include elements that you’ll probably want to leave at their default settings, such as virus and spyware protection and SONAR real-time threat detection for unknown security threats, although you may want to exclude locations such as network shares and removable drives from virus scans. Browser protection provides your uses with integrated defence against web-based threats via browser plugins for Internet Explorer, Firefox and Chrome, while Safe Surfing alerts users to potential threats by analysing search results while Download Intelligence gives users similar reputation information in a variety of chat, email and peer-to-peer clients. When it comes to applying different protection settings to different groups, you’re most likely to want to modify firewall rules. It’s worth noting that content filtering isn’t available as a feature of Symantec Endpoint Protection – you’d have to upgrade to Protection Suite for that.
There is a downside to Symantec’s cloud-based service. At times, we experienced delays both when attempting to access parts of the web interface, including the all-important policies configuration screen, and when the clients’ scanners were analysing malicious programs by sending back information to the Symantec cloud. However, with an overall protection score of 98, Symantec Endpoint Protection provides excellent defence against malicious software. It was only compromised in two instances and also performed well in our false positive test, blocking just two of our benign programs. This indicates that it’s much less oversensitive to potential threats than many of its small business oriented rivals.
Symantec Endpoint Protection doesn’t have all the features of some of its rivals, but it has a great web interface and – at £80 ex VAT for 5 licences – doesn’t cost too much. However, occasional delays when connecting to Symantec’s cloud services meant that Kaspersky Small Office Security was more reliable and more accurate in our tests, as well as having a wider range of features.
ANTI-VIRUS PROTECTION RESULTS
Protection Score
This graph is a straight percentage of the threats that were either blocked immediately, or neutralised on a further system scan. Each product lost marks if it was allowed to be compromised. With 100 threats per bit of software, each percentage point counts as one bit of malware.
False positive score: blocked
This graph is a straight percentage showing how many bits of legitimate software were blocked. We didn’t include any scores for warnings here. With 100 bits of software, each percentage point counts as a single legitimate application. On this graph lower scores are better.
Protection Rating (weighted)
Our protection ratings, scored out of 300, award products extra points for completely blocking a threat, while removing points when they are compromised by a threat. We awarded three points for defending against a threat, one for neutralizing it and deducted five points every time a product allowed the system to be compromised. The best possible score is 300 and the worst is -500. The reason behind this score weighting is to give credit to products that deny malware any opportunity to tamper with the system and to penalize heavily those that fail to prevent an infection.
Total Accuracy Rating (weighted)
Our total accuracy rating combines the scores from the Protection Rating and adds scores for weighted False Positive ratings. Each product scores one point for each legitimate program it lets through. We deducted points if a program was warned about and more points if it was blocked. All deductions were based on a program’s prevalence, so the more popular the application, the more points that were deducted. For example, blocking Skype is worse than blocking the Vuze BitTorrent client. In this graph, there is a maximum possible score of 400 and a minimum of -1,000.
Details | |
---|---|
Price | £80 |
Details | www.symantec.co.uk |
Rating | **** |
Symantec Endpoint Protection review
Internet security SoftwareImpressive protection, but we had occasional problems communicating with the cloud service