Windows XP Embedded Support in Symantec Endpoint Protection 12.1 vs. Sygate Symantec Endpoint Protection 5.1

book

Article ID: 177434

calendar_today

Updated On:

Products

Endpoint Protection for Windows XP Embedded Endpoint Protection

Issue/Introduction

How does the Sygate Symantec Endpoint Protection (SSEP) for Windows XP Embedded 5.1 product compare with the full release of Symantec Endpoint Protection (SEP) 12.1?  What are the benefits of one product over the other?

Resolution

The Symantec Endpoint Protection client has been fully supported on the Windows XP Embedded (XPe) platform since SEP 11 MR2.  All features of SEP, including antivirus, will function normally. However, there are three important caveats:

  1. There are minimum XPe OS module requirements (that may be heavy for certain embedded environments)
    a. Internet Explorer 6, TCP/IP Networking, COM Base, IP Security Services, NDIS, NDIS User-mode I/O Driver, and OLE Dialog Interfaces.
  2. This will have the standard SEP client footprint in terms of disk, RAM, CPU, etc. (which is very heavy for certain embedded environment, especially in terms of disk space)
  3. SEP does not use the Embedded APIs that allow operation in conjunction with the write filter feature, so it would have to be disabled


SSEP for Windows XP Embedded 5.1 (XPe Agent) is a purpose-built agent for Windows XP Embedded that has a much smaller footprint (especially disk) and supports the write filter. There are, however, three important limitations of which administrators should be aware:

  1. SSEP for Windows XP Embedded 5.1 clients are not compatible with the management components of SEP (the Symantec Endpoint Protection Manager).  They cannot be managed from the SEPM or receive their content updates from it.
  2. At present, the SSEP for Windows XP Embedded 5.1 product updates its AV definitions once per week.  Customers who wish to see this improved can vote for the corresponding Connect Forum Idea (enhancement request) Increase Frequency of Updates: SEP for Windows XP Embedded
  3. This product is expected to reach its End of Service Life (EOSL) on 15 October 2016.



Threats targetting Point-of-Sale devices (which often use embedded versions of Windows) are not uncommon.  These devices must be secured well.  Additional information can be found in Secure Your Point-of-Sale System and the Security Response blog POS malware: Potent threat remains for retailers.