What needs improvement with Symantec End-user Endpoint Security?

I would like to be able to migrate to the cloud so that the end-users outside the company offices don't need a VPN to connect to the Symantec server to update the policies. They should be able to connect to the admin center directly through the internet to get updated policies. There is some integration issue with the other security appliances or tools. Other hardware, firewall, or Network Detection and Response (NDR) solution vendors are not willing to integrate with Symantec. They only mention products from other vendors such as CrowdStrike and Carbon Black. Symantec is not there. Symantec should work on integration with products from other security vendors.

I'd like to see a full anti-ransomware solution because there are some anti-ransomware functionalities that would assist us if they were included in the solution.

We have issues when we install in older systems, such as Windows 7, it's difficult to carry out the set up on these systems.

Some vendors are starting to give Symantec Endpoint Security a run for their money. Even Symantec's basic DLP features are getting to a point where they're good enough for some organizations' endpoint security needs. The company should be anticipating this. It might be a good idea to introduce some additional features to Symantec Endpoint Security.

It can maybe send notifications when there is an update and everything is successful.

Since the acquisition by Broadcom, we are no longer receiving the proper support. Otherwise, we had no specific point points while using this solution. This product would be improved with the inclusion of EDR functionality.

We've had some issues with the performance. There have been some minor hiccups. Now it's better. Initially, it had some issues, not for all, but some of the systems only. We had applied a fix that was released in the 14.1 version. By 14.2 they fixed the issue. Ever since we applied 14.2, it's good. During the scanning time, it could be less intrusive for the users. Right now, it's not exactly working quietly in the background. Technical support could be more responsive.

The console in general could be improved. There are two consoles. There's an on-prem console and a hosted console, but the on-prem console doesn't do the product justice — it's a bit cumbersome. It could use more feature parity between what is offered with their on-prem console as well as their hosted console.

The reporting could be improved.

The platform itself can be improved as there's no way to track how infections get into the organization. You're just notified if there is an instance. Still, there's no way to actually determine a workflow of how it actually came in, how it was executed, and how it was distributed within the enterprise if indeed it did migrate or propagate through. It would be really good if they had a proactive feature to isolate the node with the agent on the endpoint when it sees some type of erroneous behavior and knock it off the network. Then it can't probably get onto another node. You can usually do that with a policy setting. It'll also help if they give us more of an explanation of what the malware tries to do once it's on the network. For example, if it's trying to call home to a specific IP or domain. We can use that information to beef up the firewall rules. Case in point, we had an issue where we had a machine that was affected. It immediately tried to find other machines on that network segment with the same vulnerability to infect that particular node. There was no way to lock that node down immediately when you see something out of the ordinary.

The Sandboxing and ATP functionality does not integrate very well, improving this would be helpful. Additionally, having a single console that allows interaction with other security products would be great. A lot of people have moved to their homes because of the pandemic and this has made endpoint security a crucial part of our protection against threats. Having full integration is very important for all the hardware to work together. If there is any strange network behaviour, all the hardware should work the first time to bring the security flaw forward to be actioned and solved. This only can happen if there are proper communication and integration with other hardware products.

It would be perfect if it is capable of detecting or checking ransomware.

We are not satisfied with this solution. It needs a lot of improvements. It doesn't detect the most recent malware and unknown threats. With most of the users working from home these days, there is also a need for some extra security layer. That's why we are thinking of going for a better solution that will take care of all of our endpoints and work from home situation. Symantec also has to work on EDI technology. Vendors like Palo Alto and Cisco are coming with their own intelligence and cloud infrastructure in which unknown threats are regularly watched and monitored, and they are reported to the admin.

It wasn't a very good solution overall, which is why we ended up replacing it. Most organizations are choosing a next-gen antivirus, one that's based on artificial intelligence. Symantec Endpoint Protection was one of those legacy products that have been around forever. Symantec was a spinoff from Norton. Norton Antivirus was one of the very first antiviruses to come out in the 1980s. Symantec was very highly rated at one point in its life. It never really caught on to the new trends and antivirus protection. And so it still relied on things like a database of virus signatures that would need to get downloaded and then files would be checked for those signatures. Modern antiviruses don't do that. They're based on behavior. They're based on intelligence algorithms. They're honed by artificial intelligence and machine learning from data collected all over the world. And so for that reason, the next-gen antiviruses are much more efficient at detecting viruses. They also take up a lighter load on the computer. Next-generation is behavior-based detection rather than signature-based detection. Symantec tried to be a hybrid between the two. It had a behavior-based component called SONAR, however, it was still mostly a signature-based software antivirus application. For that reason, you can never keep up with all the mutations and viruses, and you can't keep up with malicious behavior that isn't based on viruses. Things like downloaded PowerShell scripts, things that computers can do with the components that they already have without needing to put any virus on the computer. A lot of malicious attacks, government-backed attacks, don't use any kind of foreign software. They take advantage of vulnerabilities within existing operating systems like Microsoft Windows or the various versions of Linux or the Mac operating system. They don't need to put additional software on the computer to compromise them. That, in a nutshell, is why we switched to a next-gen antivirus. Next-gen antiviruses have probably been around for about five or six years. Some of the old companies made the transition to them seamlessly. Symantec didn't. It remained wedded to the old technology and that made it, you could say, a has-been.

I think Symantec, like many of its competitors, doesn't have comprehensive built-in reporting. The product keeps improving, but reporting and alerting is not keeping pace, and these are critical.

The solution is very difficult to uninstall. There isn't really a way to uninstall the product at all, which is quite a headache. It's also complicated to upgrade the product. They need to make these aspects much easier. Sometimes the solution will just randomly stop working. I'm not sure why this happens. The licensing aspects of the solution could be improved. I haven't used the product for about five or six months at this point, so it's hard to say which features they are missing and new items may have been added since then.

I think it's a good product but we've had some problems with their support and service. From the beginning of this year, I haven't been able to reach their support. Last year, the support wasn't bad but this year I wanted to renew their license, but I can't reach anybody from their company. We don't have any plans to replace them but we haven't been able to renew a license. Sometimes there is a conflict with Windows 10 updates. There is a Windows server or Windows workstation startup after installing the new Windows update. We contacted Microsoft and they said the device caused an issue.

We have had some problems with the Symantec solution. The problems were bad enough that I was compelled to start to research into other products. The biggest issue was the whitelisting feature. The Symantec software has a feature that detects certain things as malicious and it takes care of the issue. It is supposed to do that. Sometimes the things it flags are not real issues — they are essentially false positives. Sometimes there are things we want it to let through that it would otherwise flag. We put these things on a whitelist so they get allowed. We were having a problem keeping a particular file on the whitelist. It was an EXE and Symantec kept flagging it even when it was whitelisted. To fix the issue, we had to do in-house software development. We had to run some extra code. The process was not smooth and, in the long run, it basically did not work. The support by Symantec on the issue was of no further help and it remained a problem. A feature that seems to be missing from Symantec is reporting on external devices. For example, if a remote user gets a virus on their computer and they are accessing our system, I want to know. The Symantec agent should be checking this in the cloud and informing us that a particular end-user got a virus. I should get a report or alert somehow. The computer in question should be isolated — or something like that — to mitigate the potential of the threat. Instead, nothing happens. The enterprise product that we have now does not have that feature. Maybe Symantec has that feature implemented in other products, but I do not know about it. Maybe it is not there at all or maybe it is some type of cloud feature. But the end result is I have looked for the solution in the product, can not find it, support did not inform me that it can be resolved, and we are essentially left with a vulnerability. That is really not acceptable.

I'm not sure if the solution can improve that much more. Right now, for me, I'm asking the question "How does Defender stack up against the product we're paying for?" Defender comes with Windows 10 and we have Windows 10 throughout our environment. With that being free, we're asking ourselves why we would pay for another solution that's sort of redundant. I know they were just bought out by Broadcom and there have been some difficulties with Broadcom as far as getting license renewals, etc. Mostly, due to the fact that it's confusing, even for the vendor, people are turned off by it. The vendors are telling us that it can take weeks for them to get a renewal quote, nevermind the actual renewal. I've actually had to call Symantec myself because my vendor said "Well, we're going to try it, but it's going to take weeks to get an answer from them." In the end, it was internally expedited and I got the answer the next day, however, that's an exception, not the rule. I know a number of people that have left just because of the fact that when Broadcom first bought them, and their licensing ran out, the company provided a temporary license and then another instead of dealing with a proper license. One had to argue for another renewal or for them to promise to give them the proper license in the third month. He finally got it, however, it took three months of begging. That doesn't seem right.

This solution is resource-heavy. It uses up a lot of memory and a lot of disk space. It demands a lot of resources. There have been improvements with Windows 10 and it's not as problematic. The firewall capabilities did not seem to do what the documentation claimed it should do. Port control is one of the things that this solution does do, but it does it on a higher level. When I say port control, it's things like USB ports that can be used to plug things in. For example, if you plug in a wired mouse or a wireless mouse then you want the flexibility to be able to do that. It should be able to identify that it is a mouse and let you use it. By the same token, if you plug in a 1 TB external hard drive, that should be shut down unless it is one of your hard drives. The only way to detect that would be to have units with their own serial number and the system programmed in such a way that it would recognize it. Seagate for example has many external drives. They have serial numbers on those drives, and we don't want to just set it up for use by any Seagate drive. We want our external drives to be used, only. We don't want to have to go purchase Seagate drives to have it work. We want them to get it from us, that we know works, and have them return it to us. I would like to see a check-in system where you can log which specific drives your staff can access and what they cannot access.

They are lacking the visibility that you get in a heuristical, next-generation AI product. In the next release, I would like to see any of the features the next generation antivirus and GAV products have, especially the heuristical and the behavioral analysis. It looks at the behavior of the endpoint, and that is how it identifies something that is not to your normal pattern of working.

It needs to die. In my opinion, Symantec was a really great security company, 10, 15 years ago. They went out, they bought all the great tools and then they never did anything with them. So they've just fallen behind and there's nothing that's going to work now to bring them back up the date that's going to regain user confidence. In order to improve, I would like to see active remediation tools, where I can connect to systems and do things directly on the system without having to leave the tool.

They lack the visibility you get in a heuristical, artificial, AI type of product, like a next-gen antivirus. They lack the visibility of what's happening that your next-gen solutions offer.

The issue is, as per our road-map, we are moving forward with Azure together with the SCCM and the Defender. So actually, Symantec will be retired in another year. That is our overall strategy.

Managements' number one item on the "Wish List" would have to do with the real-time scan of external media inserted into any client. A secondary concern is software compatibility with other important networked tools: WSUS, Desktop Central, etc, without a large number of exception rules.

It is only available to use on computers with higher-end specs. I think the software should be compatible with all versions of all computers, even earlier models. This would allow all clients to be included, which is important for those who cannot afford to buy the latest computers.

I would really like some of the features that are available in Kaspersky Enterprise to be available in the client version of this solution. In the next release of this solution, I would like to see more to do with malware, encryption technology, and controlling mobile devices. I would like to be able to protect my wireless equipment at that level.

Reporting in this solution needs improvement. The product could be improved if it repeated data, and if it showed that data better in the analytics.

The device control level and application control level should improve. I am finding a lot of issues when I block the devices, like a printer or scanner. In the classes of the devices for the application control, the most important issue is the hashing. Nowadays all the vendors, like Cisco firewalls, are detecting threats with the hashes. Symantec has this option that we can block them always by the hashes but the problem is that sometimes Symantec detects these hashes and is not consistent. These two parts should improve. The rest is always awesome. These two parts are very critical because I found a problem in application and device control. Symantec Endpoint has a perfect agent. It's going to be how many agents you can combine in resources. In the new releases, if they create a single agent to improve the control incrementally, it would be better. If you want to deploy ATP, you should have a separate event. You have to install separate events. With Symantec Endpoint Protection, any other protection should be installed, then configure the warnings. It does not ask for any new agent to install on the client machine. A single agent is enough. Symantec will get a lot of popular support from the industry because people don't like to install agents. For the ATP, you have to install separate events. For the Endpoint, you have to install separate events. If you install all the separate events, it is a huge load on a Windows machine. People start complaining. If Symantec wants to improve, they should have a single event for all their products, like ATP, DLP, and Endpoint Protection.

The Centralized Management could be improved. The deployment is very limited. They can improve on reporting as well. If they can improve threat incident analysis, that would be great. The solution itself is pretty comprehensive at this stage, and the features that we would like to be added to these are available as separate purchases, so I wouldn't that there's anything new that I need in there, they probably covered all the bases at this stage.

The reporting function definitely has room for improvement. If Symantec can provide us with the overall API for accessing and reporting, that would be great. The reporting function needs to be more user-friendly in general. I think we have too much technical level reporting, I think it would be better to have more user and usage types of reporting. I would like to see in the next release focus more on unusual behavior so that we can know how the end results are behaving and if they are in the clear. They should also provide users with some sort of training videos, for how to use the solution.

The pricing is a little bit more expensive than other competitors, if you compare it to Kaspersky, for example, or McAfee. The detection and response can always be improved.

Sometimes the interface can be a bit cumbersome, and maybe the help features. If you're not charged with administering the product and you don't do it every day it can sometimes be difficult to remember how to do the simple basic things, so some type of help or guidance for your most regular or frequent tasks would be good. Something similar to what the product called Serviceaid has. I also think that the website itself should be improved. They have so many products that when you actually look on their website and you look for helpful guidance you just tend to get lost because they seem to have so much going on. So, basically, a bit more intuitive help and guidance features, as well as more intuitive service information. Some type of solution for mobile devices would be good. For mobile devices, it's drawing from a Windows-based client, so for many core clients for OSX and Linux machines, those OS could be integrated directly. There's no client for mobile devices except for IOS and Android devices.

The overall quality of the product needs to be improved because with the last session we had several issues with new versions. Also, the solution needs better protections.

Better communication and coordination with Microsoft would help to prevent delays that are frequent when operating system updates are released. As it is now, when a new build from Microsoft comes out, we get warnings to say that certain applications are not compatible. We sometimes just have to wait until a new version of this solution is released in order for it to work properly. One of the problems is that Microsoft releases updates often, and sometimes they don't tell anybody. This can lead to the whole configuration being corrupted. I would like to see a hybrid version of this solution that covers both in-house and cloud-based servers.

This solution needs better compatibility with services and applications.

If we install a client's software in our location, such as Microsoft Office or Adobe reader, we would like to have these endpoints protected.

This latest version upgrade/migration over the last year has been atrocious. There have been numerous support issues and calls with Sr. VPs at Symantec, who were always understanding about the problems, but the product has proven unreliable to install and manage. The protection itself seems as solid, but if devices are losing their licensing without notice for no reason, it's only a matter of time before they become compromised. The bottom line is that when it comes to management, reliability of management, reporting, alerting, installation, and licensing, if these don't work reliably you can't trust the product's security capability.

We must have complete dissolution with advance care protection but we are finding out that we need more Symantec technical specialists. We have identified a need to hire at least one more technical specialist familiar with Symantec to improve our solutions capabilities. Additionally, an endpoint detection response feature would be great but not with an additional license, it should be included as an additional feature. We have identified this as a solution that our customers are very interested in, but they don't want to purchase additional subscriptions.

We have talked to Symantec about a feature that is lacking. Any external device which is inserted into a computer should be subject to an auto-scan policy, to automatically scan it before accepting the device. Let's say I have a pen drive and there is a Trojan virus for which the signature is not updated. If the signature is not updated, then the system should automatically scan and understand that there is a foreign file and it should be blocked immediately. That is the one feature that I feel is missing. They need to make it more user-friendly, so that when anyone puts in a USB stick it will be scanned, popping up any problems before it is used. This is a feature they need to work on, in my opinion.

About four years back, Symantec's signature was very heavy and their signature patch was around 200MB or 300MB files.

The mobility solution should be improved. You need to separately purchase mobile, like a smartphone with Android and so on, you need to buy it separately with SAP, for example. It would be better for the user to use the same solution with all devices, even laptops, desktops, server and so on. They should also use the same endpoints for mobile devices. There are a few negative points. They should separate the feature for each separate solution for mobile devices. The second one is about the price, it's expensive. Finally, the third would be the complexity of implementation.

* Device encryption status and coding off of said status. * Better inherent checks against duplicate IDs.

I think the CPU dependency should be enhanced. In addition, some device control features are in need of enhancements.

* An easier management portal * Setting up and managing profiles was overly complex * An easier cloud management portal would be appreciated.

A good improvement would be altering the console in the console manager. Sometimes we need to add and improve the security to access to the console because the indicators and we can take management activities into the console, and it's, nice to have to improve the security access to the console.

In the future, I think there should be a sandboxing feature. Some of the most used endpoint protection does not include sandboxing. We cannot rely on URL filtering or IP repetition. Sometimes attacks can pass through the firewall. In addition, this product must be compatible with a VMware environment. Because most of our server has VMware. It seems that its not working very well with VMware. Finally, they need to do some effort to make it a little bit sly. They have to make some improvement in order to not make the computer slow during all of the backend scanning.

It would be nice to be able to manage the endpoints a bit further. A valuable attribute would be the management of software inventory, software deployment, and third-party software deployment. I would like to see the ability to deploy and delete unlicensed software. Many users try to install what they shouldn't, so that would be really useful. What would be really great would be to have the ability t manage those applications that you don't need to install to run. Those are a nightmare for companies, for mine as well. Applications like BitTorrent and unsupported browsers, all of those. Even with decreased user privileges, they are still able to run, so that's a big area to focus on in the future.

I would like to see even more customization, the possibility to do whitelisting. It needs to be a little bit more liberal on whitelisting, even to use the name if needed, instead of hashes.

I would like to see fileless attack protection. Also, the version could be lighter.

I would like to see improvements in the anti-virus and the device control features. Anti-Virus: I would like to see Symantec improve the ant-virus to stop and detect Ransomware and email attachments. Symantec is weak with Ransomware. I would like to see the anti-spam for Outlook improve the scanning and blocking of attachments. Device control: I would like to see an improvement in the USB control, because it sometimes creates a conflict with USB printers.