Symantec Endpoint Protection (SEP) Review

ATP provides quite a good overview of how threats have spread within the company

What is our primary use case?

Antivirus solution for a global company with approximately 34,000 endpoints.                                

How has it helped my organization?

  • Rather simple management
  • Easy to deploy with medium maintenance.
  • I believe to get the full benefits of Symantec Endpoint Protection, Symantec ATP is required. It provides quite a good overview of how threats have spread within the company.

What is most valuable?

  • SEP, the entire suite of components, provides good endpoint protection.
  • The IPS function (with no firewall needed to be installed in the SEP client) is quite good.
  • The risk tracer, which can be enabled with the firewall installed, is also quite good.       

What needs improvement?

  • SONAR could be improved. The false/positive rate is a little high.
  • The firewall could be a little more "flexible". For example, it would be convenient if the firewall was allowed to "turn off" for hotspot environments.
  • I find the documentation on to be not very updated. It seems like Symantec focuses more on their product than on documentation.
  • My personal opinion is that Symantec has too many WS.Reputation.1 detections, which could cause important computers to malfunction.
  • In a large environment with a significant amount of GUP's, it would be neat, if the client could "detect" the GUP in its own subnet. The client has some built-in intelligence at this point, but it does not seem to work properly. In an environment with many locations, whereas many of them have little bandwidth capacity (and no local datacenter), the LiveUpdate policy can end up becoming rather complicated.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email