The latest versions of Symantec Endpoint Security (SES) and Symantec Endpoint Protection (SEP) have feature parity with the WSS Agent, via the Web and Cloud Access Protection feature (tunnel redirection method), with some minor exceptions which are covered here. This information applies to both Windows and macOS versions of SES.

Symantec Endpoint Security (SES).

Symantec Endpoint Protection (SEP).

Cloud SWG.

WSS Agent.

SEP / SES Limitations Compared to WSS Agent

Since SES and SEP are installed and managed via the Integrated Cyber Defense Manager (ICDM) and the Symantec Endpoint Protection Manager (SEPM), respectively, some of the install-time options available to WSS Agent must be set by ICDM or SEPM policy.

Supported Install-time Options on SES and SEP

• • MCU=1
    • MCU stands for Multiple Concurrent Users and is useful for devices that will host sessions for more than one user at the same time, such as a VDI (virtual desktop infrastructure) server
    • In SES and SEP, this feature is called "Per-process traffic identification"
  • AU=unauthenticated
    • Allows SAML authentication to be enabled on one device at a time to for “slow roll” purposes

Unsupported Install-time Options on SES and SEP

The other install-time options that are supported on WSS Agent but not on SES or SEP:

• • TPE=0
    • Disable tamper protection on just the local machine
  • AU=<arbitrary string> 
    • Set the assigned user to any arbitrary string
  • MACHINE_CONFIG=<OPTIONS>
    • Set "sticky" configurations that override portal settings like fail mode, block IPv6, etc., for just the local machine
  • CUSTOM_CONFIG=<OPTIONS>
    • Set configuration options at install time - these can be achieved on WSS Agent by running wssad -p <OPTIONS> after install