Overall Satisfaction with Symantec Critical System Protection
We are using Symantec Critical System Protection as an advanced endpoint protection product on some critical systems. We would like to expand the product to any system on which we would like to implement "whitelist" products. Critical System Protection is a product that whitelists certain behaviors and does not allow any other behaviors on a protected system after a profile is locked. This helps with systems that are static that an organization would like to make sure does not change in any way. This product is not recommended for fluid systems such as user workstations because the administrative burden of keeping the profiles would be very difficult for small teams to accommodate.
- Prevents exploits, unwanted executables, registry changes, and system file changes
- Can allow exceptions for software vendors such as Microsoft or Adobe
- Prevents lateral movement with certain network rules configured
- Can record file changes
- Tuning takes a very long time
- Turning the product on or off can take time
- When an action is prevented by CSP, there is no pop up or notification, making this a burden for server administrators
- Great protection for unchanging systems
- We have comfort that the protected systems are safe from intrusion
- Excellent price
Symantec Critical System Protection (CSP) is very well suited for environments that do not change such as point of sale systems and critical servers. This product is spectacular at protecting end of life operating systems when supporting legacy software prevents upgrades. When security updates are no longer available, CSP will prevent exploits and other malware from taking advantage. This product is not well suited for systems that require a lot of changes. For one, it does not notify when a change has been blocked by CSP, causing some server administrators to waste many hours chasing a phantom technical problem when turning off CSP could have solved it right away. Also, profiling takes time so systems that constantly change would need hundreds of exceptions made.