Why you don't use Symantec Endpoint

Hyper-MeHyper-Me Banned Posts: 2,059
Yesterday one of our clients SBS08 box went down. The odd thing is, everything on that box was accessible and working fine (websites, Sharepoint, Exchange, etc) except for shared folders. You could connect to the shares from a non-domain PC but any domain joined PC would lock up and have to be hard reset. I almost pulled my hair out trying to find the issue, and MS Small Busines support (first time ive ever used it) was clueless as well.

To make a long story short, after many hours i discovered that Symantec Endpoint active file system protection had malfunctioned and apparently started blocking incoming requests to open a file share. A whole day of productivity lost due to an crappy AV product.

Comments

  • hypnotoadhypnotoad Banned Posts: 915
    I believe it. Sorry for your troubles man.

    We recently dropped it in favor of AVG, when SEP wasn't detecting much (hardly anything). Also dropped backupexec in favor of DPM and got rid of Ghost. We have many many reasons why we did this...I'm sure they're similar to your reasons.
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I disable that service in the services panel. I had selected "not enabled" in the control panel and discovered it was still blocking ports.

    Discovered this while troubleshooting Linux-Windows DC connection issues.
  • undomielundomiel Member Posts: 2,818
    Sadly I've discovered that several A/V products still interfere with OS operations even after being turned off and having their services disabled. Symantec and Kaspersky and VIPRE are the ones that jump to mind most readily.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • brad-brad- Member Posts: 1,218
    What version of SEP?
  • bertiebbertieb Member Posts: 1,031 ■■■■■■□□□□
    I admit that I don't always agree with what you say Hyper-Me but I completely agree with you here. We have no end of problems with SEP all the way through to RU6 which has done a rather good job of breaking things that were not broken in the first place. If you use SEP Manager, when it next breaks have a dig into the various config files and you will see that the descriptions and comments in there are choc-a-block full of spelling mistakes - I swear that in RU3 one of the files had a comment saying something along the lines that the next four lines of code were for temporary development and test purposes only, yet they were still there in the final release.......... it doesn't inspire any confidence as far as their testing and quality processes go.

    My team has been on the phone to Symantec Support about this wretched product more than we have for HP/DELL/MS/Cisco and VMware support combined. Unfortunately it's on a client system we inherited via an outsourcing deal and we won't be able to suggest changing it for the foreseeable future.

    I'm not saying that any AV product is perfect but this one really has caused far more 'silly' and time consuming issues than it should have. I'll be happy to throw this on the dung heap for sure :D
    The trouble with quotes on the internet is that you can never tell if they are genuine - Abraham Lincoln
  • it_consultantit_consultant Member Posts: 1,903
    I got tired of cleaning viruses that Suckpoint protection was letting through so we switched to Vipre which I was initially unimpressed with. Then we went 6 months without a virus. It wasn't that people weren't getting viruses, Vipre would scan them (on the daily scan) and clean them and nobody was the wiser.

    On one some malicious DNS entries were left over and I had to ask "Did this computer have a virus" and the user says "Oh yeah, vipre popped up and said something a couple of days ago". Sure as hell, it had removed 294 instances of viruses the day before.

    Mcafee sucks, Symantec sucks, IMHO AVG sucks too.

    Vipre is good, Sophos is excellent, and the beta of Forefront protection is very good as well.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    We're finding SEP a/v and a/s protection is solid as long as you're not 64-bit or newer than 2003. The more you deviate from that (adding features, going x64, or newer OS) the more problems we find.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • subl1m1nalsubl1m1nal Member Posts: 176 ■■■□□□□□□□
    Reading this does not surprise me. I've had to fix a bunch of weird SEP issues in the past.

    I was a consultant a few months back. I hated SEP (and we sold it). It was always a pain in the ass explaining to a client how they got infected or why they have such lousy performance. I've been on the phone with symantec a bunch of times. The truth is, their scanning engine is not built to handle the type of new malware floating around. SEP is very dependent on signatures. The new stuff out is polymorphic, meaning the signatures change ever time. SEP does have heuristics built in, but they suck.

    I've switch my current empolyer over to Vipre and have been satisfied. No viruses, no weird issues, no performance issues. Great product. I also hear Sophos is good.
    Currently Working On: 70-643 - Configuring Windows Server 2008 Applications Infrastructure

    Plans for 2010: MCITP:EA and CCNA
    70-648 - Done
    70-643 - In progress
    70-647 - Still on my list
    70-680 - Still on my list

    www.coantech.com
    www.thecoans.net
    www.facebook.com/tylercoan
    www.twitter.com/tylercoan
    www.linkedin.com/users/tylercoan
  • it_consultantit_consultant Member Posts: 1,903
    I'm glad I am not the only one who went to Vipre. I was nervous about it because Windows 7 things that its not active when it is, so we get an annoying error message. Although, like I said before, not one virus clean in six months. Thats pretty good.
Sign In or Register to comment.