Symantec Endpoint Protection review
While some business anti-malware suites rely on a control console on your local network, either in the form of a dedicated program or an administrator-accessible tab within the desktop client, others favour a web-based hosted model. This makes sense, given that almost all malware relies on the internet to propagate itself and - similarly - most anti-malware tools rely on live online reputation information to identify potential threats.
Symantec's Endpoint Protection for small businesses is a cloud-connected anti-malware defence system which consists of two parts: the desktop Endpoint Protection client and the web-based Symantec.cloud hosted control interface. The web interface is immediately friendly and informative. It's easy to add new computers simply by logging into the interface from the client PC and downloading the installer, which is customised to ensure that it associates the PC with the right control group. Alternatively, you can download a redistributable package for your users to install or send email download invitations. No further configuration at the client end is required once it's been installed, which is excellent for companies that trust their users to run files to install the software they need, but don't want to burden them with having to configure it.
The client is compatible with Windows XP, Vista, 7 and 8, as well as Windows Server 2003 and 2008. Mac OS X and Android devices can also be managed via Symantec.cloud. The Windows client is really simple, as most of its configuration options are only available via the web control interface, which also means that your users can't mess with any important settings. It displays your protection status, lists which modules are active and tells you whether or not the program is currently connected to the Symantec.cloud service. Even if the connection is down, basic features still work. You won't benefit from Symantec's reputation-based defence, but as the most likely reason for the cloud connection to fail is because your internet connection is down, you're not likely to encounter many zero-day threats. Users can start scans and view quarantined threats, detected risks and other activities logs, but that's about it; the program's defensive behaviour is mostly controlled via the master web interface.
Your main Symantec.cloud page shows you an overview of the health of the computers it's protecting, a summary of its recent defensive activity and the status of your services, including the remaining length of your licence, the number of systems which can be associated and the number which are active. Tabs along the top of the screen provide closer control of different elements of the service. The Computers tab lets you view all the PCs associated with the account; this is also where you can add extra groups, so you can apply different levels of control to different groups of users. You can set up which modules are active for each group in the Policies tab.
Protection modules include elements that you'll probably want to leave at their default settings, such as virus and spyware protection and SONAR real-time threat detection for unknown security threats, although you may want to exclude locations such as network shares and removable drives from virus scans. Browser protection provides your uses with integrated defence against web-based threats via browser plugins for Internet Explorer, Firefox and Chrome, while Safe Surfing alerts users to potential threats by analysing search results while Download Intelligence gives users similar reputation information in a variety of chat, email and peer-to-peer clients. When it comes to applying different protection settings to different groups, you’re most likely to want to modify firewall rules. It's worth noting that content filtering isn't available as a feature of Symantec Endpoint Protection - you'd have to upgrade to Protection Suite for that.