Symantec Endpoint Security Reviews

Antivirus solution for a global company with approximately 34,000 endpoints.                                

• Rather simple management
• Easy to deploy with medium maintenance.
• I believe to get the full benefits of Symantec Endpoint Protection, Symantec ATP is required. It provides quite a good overview of how threats have spread within the company.

• SEP, the entire suite of components, provides good endpoint protection.
• The IPS function (with no firewall needed to be installed in the SEP client) is quite good.
• The risk tracer, which can be enabled with the firewall installed, is also quite good.       

• SONAR could be improved. The false/positive rate is a little high.
• The firewall could be a little more "flexible". For example, it would be convenient if the firewall was allowed to "turn off" for hotspot environments.
• I find the documentation on Symantec.com to be not very updated. It seems like Symantec focuses more on their product than on documentation.
• My personal opinion is that Symantec has too many WS.Reputation.1 detections, which could cause important computers to malfunction.
• In a large environment with a significant amount of GUP's, it would be neat, if the client could "detect" the GUP in its own subnet. The client has some built-in intelligence at this point, but it does not seem to work properly. In an environment with many locations, whereas many of them have little bandwidth capacity (and no local datacenter), the LiveUpdate policy can end up becoming rather complicated.

Endpoint Protection and Advanced Threat Protection (ATP) with Endpoint Detection and Response (EDR). One of the best solutions that I have ever tried.

Great solution for a company like mine. 

I like Symantec Endpoint Solution quite a lot. I hope it continues improving over time.

ATP is really impressive, and with EDR, it is the best solution I have ever known.

• Resources
• Front-end
• User experience

The Symantec Endpoint Manager is very difficult to use and extremely old.

Very well done, Symantec.

SEPM is a product for anti-virus security. It provides endpoint security for all client machines. It protects the client machines from malware or ransom attacks.

• Support
• Scalability
• Flexibility

It keeps our machines up-to-date with the definitions of the current zero day attacks, which happens in real-time scenarios. It protects our data and the clients' data, which can be secured by using this product.

I am happy to say that the Symantec comes into the picture where the issues are reported from the product, it might be a product bug or it might be a product defect. The product engineer works on this and the latest upgrade has it built into the peer cost, where we can upgrade our involvement and support our clients again.

So, we were having a problem in Version 14, where the client machines used to go into the health state and once it restarted, and never came back again. But as far as one of the defaults, this was reported and not an issue in new versions of Symantec 14 and SEMP 2. Apparently, this is works well for now, and we are happy with this.

It is a stable product.

The scalability of the product is good to where it has had the effect of increasing the workload by adding more machines, so I should have a good scaled back-up for this supporting both lines.

I would rate them a 10 out of 10. They supply good support and have a good knowledge. 

We did have a previous solution. They are all equal in giving the definitions on a timely routine, but the bandwidth extent was an issue for me. This is why we changed to Symantec.

Everything was straightforward. Nothing was complex. The installation was very user-friendly, where the engineer from Symantec had helped us to migrate this product from the older version to the newer version of Symantec.

What we have paid for this product is good value for the work and the services that they are providing to us.

We were going through the multiple products out on the market and we chose Symantec, because we had proposed multiple products to the client and the client had chosen Symantec for these two perspectives: One is for the best service and support, which Symantec provides, and the other is the pricing, which was a constraint for our client.

If you have a good involvement and maybe your clients are not connected to a domain, you can use this product. This is one advantage of this product, where you can use the product for protecting your machines. 

You need to keep track of the definitions and releases on a daily basis. This is one of the disadvantages.

• Central management
• Group update points (GUPs): They are valuable when throttling new updates through a slower WAN.

• Reduced burden of responding to alerts.
• Granular security lets lower level techs triage issues as they come in.

• Reporting without Altiris should be improved. 
• More cloud-based functionality, but that seems happening going forward. 
• It should have hypervisor level AV protection for VMs, so you do not need a client on the systems.

Five years supporting it.

Random issues with the apps. The built in firewall is tricky sometimes to get an app working in it.

No, I have not. I have always found Symantec Endpoint Protection (SEP) to be scalable.

SONAR/Auto-Protect feature and Generic Exploit Mitigation: Can detect and prevent attacks that are exploring common software vulnerabilities. It monitors suspicious files that have behavior actions on memory, network, etc. The console and admin features are the main qualities.

In a large environment, it is a challenge to manage what areas can have specific rights or functions enabled or disabled, considering their needs. SEP had the opportunity to integrated Microsoft Active Directory structure into the SEP Admin console. Based on that, it was easier for me to apply specific policies for different business areas with different users. For instance: Enable USB rights only for C-level users/Disable SONAR feature for marketing team considering their needs.

Reports: It would be nice to have customized reports integrated on the main console with no additional DB server or BI server. Vulnerabilities: A vulnerability scan integrated with SEP would be important for the admin to understand the risk level they are facing and how to protect themselves...

Reports: SEP has built-in, on the console, many pre-configured reports
however, in a complexed environment, customers may would need customized
reports other than already provided by the console. In this case, it´s
possible to achieve them using an external data base and server. It would
be nice have a possibility to create customized reports without an external
server and data base, on the same SEP Admin console.

Vulnerabilities: It would be nice have on the SEP Admin console a feature
to measure the environment risk level using an OS and application
vulnerability scan where the administrator can analyze the risk, mitigate
the main risks, prioritized them and, over a Path Manager, correct them if
possible.

We have used this solution for six or seven years.

We had some issues during deployment. When doing a 40.000 McAfee migration nodes for SEP, I have faced challenges removing specific MacAfee features where SEP has no supportability. Compared to other vendors, like Kaspersky, they have scripts to remove all anti-virus solutions in the market before installing KL AV. And it is 100% possible to automate the job over the KL console.

Another challenge was customize all best practices vs. best protection for the company vs. not creating any performance impact on the customer.

Technical support is good. You can open tickets over international numbers, emails, or the website. If you open a ticket in your time-zone, you will work with a technical support representative in your local language. Otherwise, it will be in English.

We used Kaspersky and Bitdefender. We switched due to the company reputation, negotiation terms, commercial benefits, and technical results on the PoC.

The implementation was through a Symantec reseller. Considering the environment complexity, it is important to always plan, test, correct all errors, plan again, and attack departments with low risks, learn with the errors, adjust the plan, and move forward to next department.

Migrating a platform for a different one, most of the time, has a higher cost. However, considering the impact, risk , downtime, and principally, the low support quality provided that the oldest solution provided, were the main reason to start look forward for a newer one. These were the main reason that I migrated to Symantec. After a year of augmenting many open tickets and find internal customer satisfaction was really low, we convinced the board that it was time to migrate before having a huge impact for the business and company reputation.

Regarding the licensing, it was important negotiate a long contract to get a more attractive price, including advanced support in case of crisis.

Always try to include hours for the project in the budget. Always look for a specialized reseller who the vendor recognizes through a certified and approved reseller.

It is easy to implement and very stable. The AV device control and HIPS are very impressive. Just implement it and it's done. No troubleshooting efforts are required to make the policies work.

No overhead of troubleshooting after installation makes it my favourite.

It's a nice product. I think Symantec should work more precisely on minimizing database size and the live update size.

We have been recommending this product to our clients for about five years already.

No deployment is very simple.

Stability issues are very rare. It's a very stable product.

We have not encountered any issues with scalability.

Customer Service is the best.

I would give technical support a rating of 10/10. I love the way they support clients.

We do system integration and we have expertise in most products, but there is nothing like Symantec.

It was very simple to implement and very easy to use as well.

We have in-house team.

Yes,I would not name any :)

Just go through the implementation guide or some YouTube videos and the IT team can do it.

It's a single-agent installation with many features including

• wireless protection
• application control
• antivirus control.

Previously scans were taking a long time, hours or even a day. But nowadays, when the product scans, the time taken is only 15 to 20 minutes for a full scan. This is the main improvement, because it no longer affects the day-to-day work of users.

There was an administrative feature, which was available in the previous version, which has been removed. We would like that feature to be added again, because it helps the customer in many ways, and it's a very user-friendly feature.

Eight-plus years.

Stability is dependent on environment. It may not always be stable, because of environment. For example, there could be an issue in some environment, but in another environment there would not be an issue.

There are no limitations.

Eight out of 10.

From the start we have been using the same product.

It was straightforward.

We were evaluating other products, but according to this product's technology and the support, in these areas we thought that Symantec would be the right product.

One piece of advice I can give is, because in some environments it could behave properly, and in some environments it may not behave, you need to test it first, and then purchase.

I think that this product is very user-friendly. It has many technologies which can be easily accessed and available. There are many features. And there is a complete knowledge base article which is published to the public, so everyone has access to it.

• Fast deployment, even for highly distributed companies with centralized IT management using a distributed architecture.
• Intuitive management GUI, and very easy to learn.
• Excellent intrusion prevention features.

It has been a time saver for operational and reporting tasks related to Key Security Controls.

SEP provides visibility into threats and security incidents.

SEP can improve on virus detection, especially on zero-day threats.

Five years.

No. After finishing the product customizations, it worked as expected.

Not at all. Actually, it is far more scalable than other similar products.

The technical support is acceptable.

No.

It was a very fast deployment using the client detection features and a transparent Active Directory integration.

Trend Micro and Kaspersky.

I would advise to choose this product because it is very easy to deploy, has a performant host IPS and antivirus engine, and it provides a key source for security metrics.