4 New features and improvements: New platform support Windows 2008 support (inc Server Core)SEP client only (32 and 64bit)Windows Vista SP1 support
5 New features and improvements: Less resource usage / Lighter footprint Symantec Endpoint Protection ManagerUse less RAM for Console, Server and Embedded DBapprox 256mbNow less disk spaceapprox 2GBSymantec Endpoint Protection clientapprox 400mb
6 New features and improvements: Manager Installation > Create sys admin
7 New features and improvements: Manager Installation > Choose config * This dialog will only appear with a new SEPM install, not an upgrade *
8 New features and improvements: Manager Installation > Simple Automatically configures the following:Embedded database chosenSite name set to ‘My Site’Admin-specified password used for DB and encryption also3 content revisions storedPlease note: By default a SEPM will download 3 new certified AV/Antispyware content updates per day, therefore storing 3 content revisions would mean SEP client content could only be out of date by 1 full day before a full update would be downloaded.
9 New features and improvements: Manager Installation > Advanced
10 New features and improvements: Manager Installation > Advanced Content revisions stored, for each option chosen:Less than 100: 3Between 100 and 500: 3Between 500 and 1000: 10More than 1000: 30Please note: By default a SEPM will download 3 new certified AV/Antispyware content updates per day, therefore storing 3 content revisions would mean SEP client content could only be out of date by 1 full day before a full update would be downloaded.
11 New features and improvements: Manager Installation > DB choice
12 New features and improvements: Manager Installation > DB choice Re embedded DB option now supporting 5000 computers:Increased so that customers in the range of were not forced to purchase SQL licenses.No further DB optimisation has been implemented, BUT:Lab testing has proven the embedded DB can adequately scale beyond 5000 managed computers, even out-performing MS-SQL in environments with small numbers.A product issue has been resolved whereby the embedded DB would not reclaim freed up space, therefore would continue to grow indefinitely.
13 New features and improvements: Manager Installation > Summary
14 New features and improvements: Console Homepage Latest content versions now show on homepage for both Symantec’s public Liveupdate server and the local SEPM:
15 New features and improvements: Content revision control via the console Number of content revisions stored is now configurable via the console.Please note: If you choose ‘Simple’, this will set the stored content revisions to 3.If you choose ‘Advanced, then:Less than 100: 3 revisionsBetween 100 and 500: 3 revisionsBetween 500 and 1000: 10 revisionsMore than 1000: 30 revisionsIf you upgraded the SEPM, the previously configured setting will be preserved (10 by default preMR2).
16 New features and improvements: Delta generation CPU usage control The mdef25builder will now, by default, never use more than 50% of available CPU cycles.This is configurable by adding the following parameter to the conf.properties file:scm.delta.cpu.usageThe advantage is less impact on the SEPM when deltas are being createdBe aware though that this also means the process will take longer to complete the required delta generation task.
17 New features and improvements: More responsive console experience * Not installed by default, optional component on CD3 *The IIS 6.0 FastCGI extension improves the performance of the Home, Monitors, and Reports pages of the console.Is standard component to ship with Windows 2008.Documentation also provided on CD3 detailing setup steps.Symantec provides full support for the SEPM with the successful installation of the FastCGI extension.
18 New features and improvements: Template AV/Antispyware policies Default (Balanced), High Security, High Performance.All specifics documented in product admin manual (p394)
19 New features and improvements: Template Application Control policies Further template policies added in MR2:
20 New features and improvements: Automatic AV/Antispyware exclusions SEP 11.0, when released, already set automatic exclusions for MS Exchange 2003 and 2007.Now, MR2 will add automatic exclusions for:SEPM embedded database and transactional logsActive Directory database, transactional logs and working filesFollowing Microsoft best practice recommendations
21 New features and improvements: Granular Device Control Devices can now be identified by any meansType, Brand, Model, Serial NumberTool provided on CD3 to verify Device IDs (DevViewer)Some Device ID examples:SanDisk Micro Cruzer - USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_2033\ &0Apple iPod - USBSTOR\DiskApple___iPod____________1.62\4&3656B0&0Hitachi IDE Hard Drive - IDE\DISKHTS541060G9SA00_________________________MB3IC60H\4&14AA9DA8&0&0.0.0
22 New features and improvements: Granular Device Control
23 New features and improvements: Granular Device Control
24 New features and improvements: Other updated included components Liveupdate Administrator (MR2)Now supports Vista SP1 and Windows 2008Symantec Antivirus for Linux (MR4)Network Access Control (optional additional purchase)Now includes Microsoft NAP support and Peer-to-Peer enforcement
26 Resolved product issues: Performance Fixed port leaks on SEPM serverOptimized disk space usage of embedded databaseFixed excessive disk space used by antivirus logs on SEPMFixed excessive disk space use by LiveUpdate on SEP clientReduced length of accelerated heartbeat on SEP client to optimize communication between SEPM and SEP client
27 Resolved product issues: Functionality and usability Resolved inconsistent scanning of files on SEP clientImprovements to SEPM console home page include all charts displayed properly, all agents and agent status appear correctlyFixed site and agent replication issuesFixed ClientRemote UtilityOptimized creation of group folders so that they can be created in a timely mannerOptimized performance of Active Directory synchronization to avoid database deadlocksMinimized boot time on SEP client by optimizing Symantec processes during startup
28 Resolved product issues: Communication and connectivity Addressed issues whereby SEP clients connecting to a SEPM over slow network links could saturate the line when retrieving content updatesAddressed issues with SEP client communicating with SEPM behind a firewall with NAT or after changing the remote console portAddressed issue with SEP clients management being blocked by Checkpoint VPN client connections
30 Other points to be aware of: SEP client cached installs have moved * Now also compressed to save disk space *
31 Other points to be aware of: Default AV/Antispyware policy overwrite MR2 changes the default AV/Antispyware policy so that an ActiveScan doesn’t occur each time new definitions are loaded (which occurs 3 times a day by default):This change means that if you install MR2 over an existing pre MR2 SEPM, the default AV/Antispyware policy will be overwritten.It is recommended, if you wish to keep this default AV/Antispyware policy, please make a copy of it or rename it before upgrading to MR2.
32 Other points to be aware of: MR2 client will not be available via LU Due to a defect in SEPM, pre-MR2 releases of SEPM cannot download MR2 LiveUpdate Packages.Customers will have to download SEPM via FileConnect.Since new SEPM will already contain MR2 SEP client packages, it will be unnecessary for administrators to use LiveUpdate to download the MR2 client packages.Once administrators have MR2 SEPM release in their environment, they can use LiveUpdate to download future client packages (to be determined... either MR2 MP1 or MR3) that will be available via LiveUpdate.
33 Other points to be aware of: How to shrink the embedded DB There is a product issue preMR2 whereby the embedded DB would continue to grow indefinitely.This was caused by the SEPM not successfully periodically reclaiming freed up space.If you have upgraded the SEPM to MR2, some steps can still be followed to reclaim this space:Note: Technical Support can assist with this procedure as needed.Via DOS prompt, navigate to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\Run command dbunload -c "uid=dba;pwd=dba_password" –arRestart the SEPM service.