This describes the new features for the 14.3 RU2 release.
Protection Features
Third-party application developers can protect their customers from dynamic script-based malware and from non-traditional avenues of cyberattack. The third-party application calls the Windows AMSI interface to request a scan of user-provided script, which is routed to the Symantec Endpoint Protection client. The client responds with a verdict to indicate on whether or not the script behavior is malicious. If the behavior is not malicious, then the script execution proceeds. If the script’s behavior is malicious, the application does not run it. On the client, the Detection Results dialog box displays a status of "Access Denied." Examples of third-party scripts include Windows PowerShell, JavaScript, and VBScript. Auto-Protect must be enabled. This functionality works for Windows 10 and later computers.
How the Antimalware Scan Interface (AMSI) helps you defend against malware
Antimalware Scan Interface (AMSI)
Symantec Endpoint Protection Manager
The Symantec Endpoint Protection remote console now supports Java 11 instead of Java 8. To access the remote console, open a supported web browser and type the following address in the address box: http://SEPMServer:9090/symantec.html and download new remote console package. Follow the instructions mentioned. The previous version of the Symantec Endpoint Protection Manager remote console is no longer supported.
Logging on to Symantec Endpoint Protection
You can configure one of the Symantec Endpoint Protection Managers on the site as a master logging server to forward logs to the syslog server. If the master logging server goes offline, a second management server takes over and forwards logs to the syslog server. When the master logging server comes back online, it resumes forwarding the logs.
Configuring a failover server for external logging
The Integrations policy has a new option for WSS Traffic Redirection, Enable LPS Custom PAC file. This option lets you replace the default PAC file that is hosted by the LPS server on the client with a custom PAC file. The custom PAC file solves compatibility issues with third-party applications that do not work with a local proxy server listening on the loopback adapter.
Support for the Microsoft SQL Server 2019 database.
The antivirus scan process now uses a separate service from the main non-security service. This new scan process brings more efficient memory usage, continual protection, and less dependency on issues with the main service.
Endpoint Protection 14.3 scan process separation
The database schema includes new columns as part of a feature for a future release. (AGENT_SECURITY_LOG_1, AGENT_SECURITY_LOG_2, SEM_AGENT tables)
The Rest API has the following fields in the /sepm/api/v1/computers API response JSON to call and download the Computer Status report: quarantineStatus, quarantineCode, wssStatus, pskVersion.
Upgraded the following third-party components to newer versions: Apache Tomcat, Boost C++ Libraries, cURL, Jackson-core, jackson-databind, Jakarta Activation, Java, logback, Microsoft JDBC Driver for SQL Server, OpenSC, OpenSSL, Spring Security, spring-framework, sqlite.
To enroll the Symantec Endpoint Protection Manager domain in the cloud console, you must first get the enrollment token through the Symantec Endpoint Security console. Previously, you got the enrollment token by clicking Get Started on the Cloud page.
Client and platform updates
The Windows client supports Windows 10 20H1 (Windows 10 version 2004)
The Linux client now supports Ubuntu 18.04, RHEL 8, and CentOS 8.
The AppRemover tool was updated to a newer version. The AppRemover tool removes third-party applications before you can install the Windows client. For more information on which applications it removes, see: Third-party security software removal in Endpoint Protection 14.3
Features Removed
The following notifications no longer show the Risk severity and Risk type fields: Risk Outbreak, Single Risk Event, New Risk Detected.
Download: x64 Client Win:
SEP_v14.3.4615.2000_RU2_x64_Client_EN.exe - AnonFiles
Download: x32 Client Win:
SEP_v14.3.4615.2000_RU2_x32_Client_EN.exe - AnonFiles
Protection Features
Third-party application developers can protect their customers from dynamic script-based malware and from non-traditional avenues of cyberattack. The third-party application calls the Windows AMSI interface to request a scan of user-provided script, which is routed to the Symantec Endpoint Protection client. The client responds with a verdict to indicate on whether or not the script behavior is malicious. If the behavior is not malicious, then the script execution proceeds. If the script’s behavior is malicious, the application does not run it. On the client, the Detection Results dialog box displays a status of "Access Denied." Examples of third-party scripts include Windows PowerShell, JavaScript, and VBScript. Auto-Protect must be enabled. This functionality works for Windows 10 and later computers.
How the Antimalware Scan Interface (AMSI) helps you defend against malware
Antimalware Scan Interface (AMSI)
Symantec Endpoint Protection Manager
The Symantec Endpoint Protection remote console now supports Java 11 instead of Java 8. To access the remote console, open a supported web browser and type the following address in the address box: http://SEPMServer:9090/symantec.html and download new remote console package. Follow the instructions mentioned. The previous version of the Symantec Endpoint Protection Manager remote console is no longer supported.
Logging on to Symantec Endpoint Protection
You can configure one of the Symantec Endpoint Protection Managers on the site as a master logging server to forward logs to the syslog server. If the master logging server goes offline, a second management server takes over and forwards logs to the syslog server. When the master logging server comes back online, it resumes forwarding the logs.
Configuring a failover server for external logging
The Integrations policy has a new option for WSS Traffic Redirection, Enable LPS Custom PAC file. This option lets you replace the default PAC file that is hosted by the LPS server on the client with a custom PAC file. The custom PAC file solves compatibility issues with third-party applications that do not work with a local proxy server listening on the loopback adapter.
Support for the Microsoft SQL Server 2019 database.
The antivirus scan process now uses a separate service from the main non-security service. This new scan process brings more efficient memory usage, continual protection, and less dependency on issues with the main service.
Endpoint Protection 14.3 scan process separation
The database schema includes new columns as part of a feature for a future release. (AGENT_SECURITY_LOG_1, AGENT_SECURITY_LOG_2, SEM_AGENT tables)
The Rest API has the following fields in the /sepm/api/v1/computers API response JSON to call and download the Computer Status report: quarantineStatus, quarantineCode, wssStatus, pskVersion.
Upgraded the following third-party components to newer versions: Apache Tomcat, Boost C++ Libraries, cURL, Jackson-core, jackson-databind, Jakarta Activation, Java, logback, Microsoft JDBC Driver for SQL Server, OpenSC, OpenSSL, Spring Security, spring-framework, sqlite.
To enroll the Symantec Endpoint Protection Manager domain in the cloud console, you must first get the enrollment token through the Symantec Endpoint Security console. Previously, you got the enrollment token by clicking Get Started on the Cloud page.
Client and platform updates
The Windows client supports Windows 10 20H1 (Windows 10 version 2004)
The Linux client now supports Ubuntu 18.04, RHEL 8, and CentOS 8.
The AppRemover tool was updated to a newer version. The AppRemover tool removes third-party applications before you can install the Windows client. For more information on which applications it removes, see: Third-party security software removal in Endpoint Protection 14.3
Features Removed
The following notifications no longer show the Risk severity and Risk type fields: Risk Outbreak, Single Risk Event, New Risk Detected.
Download: x64 Client Win:
SEP_v14.3.4615.2000_RU2_x64_Client_EN.exe - AnonFiles
Download: x32 Client Win:
SEP_v14.3.4615.2000_RU2_x32_Client_EN.exe - AnonFiles