Symantec Endpoint Protection RU 6 Released

Release Notes

http://service1.symantec.com/suppor...2c62c4ee0e697aae882573b000034ded?OpenDocument

 

Thx I like the changelog Indeed a nice product

 

I beg to differ - unless they've got rid of the Java+Apache+Tomcat nonsensical absolutely unusable management GUI plus have done major fixes to the product design (such as, not allowing the databases to grow to many GiB size all the time so that it doesn't eat all the RAM and CPU power on quadcore servers); last time I checked was some 3 servicepacks ago and it was still buggy bloatware several orders of magnitude worse compared to nice slim stuff like their v9 was. They've managed to fix their end-user products and the bloatware team apparently was relocated to the enterprise department.

 

I still find it rather odd that although it is a Server product the Proactive Defense Module won't work on either Server OS'es or 64 bit machines.

Also, check the Symantec forums to see how much malware this product allowed to get through.

 

Well, I'd strongly advise anyone to not touch this product even w/ 10ft pole.

My absolute administrator's nightmare started w/ install - which was impossible to finish, due to bug in SW and incorrect documentation. It simply refused to create the databases on dedicated MSSQL server instance. Took a few days to figure that out. Promptly reported to their forum and not fixed even 3 update rollups later, despite being confirmed by multiple users.

Then, the setup agonia started. The GUI is horrible, unintuitive, extremely slow and buggy (all Java, allegedly this was an "improvement" b/c unlike the standard nice lean Windows Management Console snap-in in previous versions, this was portable. Read - write once, debug everywhere. Mentioning that it didn't run on Linux anyway is pretty needless, I guess.)

After that, it actually worked for a few days... with huge slowdown on all clients (about on par with the worst NAV/NIS bloatware versions Symantec managed to produce). Lots of complaints from all users on which we testdrived this. Took disabling a lot of functionality (including the Proactive Defense Module mentioned one post above) to make it barely usable on pretty fast workstations. Anyway, we didn't give up yet.

Then, after about two weeks, the management backend/frontend has become practically unusable, any action there would take a minute or so on quad-core Xeon w/ 4 gigs of RAM, which wasn't running pretty much anything else but this SEP plus a couple of small DBs used by ~10 users. Well... fired up Total Commander, browsed to the directory where the MSSQL DBs reside - and found that the SEP DBs have grown to well over 2 gigabytes within two weeks. The ingenious design stored ALL definition updates there, without any maintenance and purging of unneeded stuff. Worse yet, the GUI didn't bundle any such functionality. A couple of weeks later, Symantec managed to produce (top secret, on request only) ad-hoc tool to wipe the junk from the DBs. It didn't work very well anyway, plus the issues w/ obnoxious DB size growth persisted of course. Even 2 update rollups later, the bug still unfixed.

Things started to go downhill pretty fast. We've discovered that the clients are dropping off the server (getting detached) for no valid reason, pretty much randomly. That of course meant they were no longer receiving definition updates. To make it work, you'd have to configure those as standalone, unmanaged clients which would update directly from Symantec servers. Needless to say, pretty much defeats the entire point of centrally managed security suite. There was a tool provided on installation CDs which could be used to repair the client's association with the server. Alas, that tool again didn't work in most cases. So, the only solution was a full uninstall and reinstall of SEP client on the affected workstations.

Now, that uninstall is notoriously something that never worked w/ Symantec products at that time. Of course, that includes this "enterprise grade" AV solution. Oh well, you'd think - no problem, lets download a cleaner tool from their web. Oh, what a mistake, my friend. There is no such thing available anywhere for download. Again, it's available on request only, and that request may take anything from a few days to next to never to get processed. At that time, their support forum was basically flooded with the cleaner tool requests, yet Symantec refused to make it public, stating that making it available would make their "enterprise grade" product vulnerable to malware authors.

Finally, some nice guy PMed me a link to "warez" download of their top-secret removal tool... It's called SCS CleanWipe. I opened the ZIP file, and I must admit I now fully understood why they refuse to make it public. It's a totally unorganized mess of batch files which call some custom made EXEs, plus bunch of REG files as well. It didn't do a good job, but made it possible to at least do the uninstall/reinstall cycle on the affected clients. Uh.

Well... after many more bugs and issues discovered, reported and never fixed, things became even much worse... yeah, we thought it wasn't possible already, but oh well, it was. The server backend itself ceased functioning and required a full reinstall every week or so. Mind you that it takes about two hours to uninstall and reinstall that thing, with many reboots, then to redeploy the configuration to clients, then to fix their server association yet again, because despite following the docs on preserving the configuration, it plain didn't work.

At that point, we already became furious about this enormous piece of junk Symantec has produced. Meanwhile, problem reports and user-supplied workarounds/solutions were being routinely censored on Symantec forums, presumably to prevent even bigger PR disaster than this product already has been for Symantec. Users were getting banned as well, and all their posts subsequently deleted. That included all those posts with workarounds and fixes for the buggy SEP behemoth. All gone from the forum. I managed to get myself banned as well finally.

Their phone support is outsourced somewhere to India and is basically completely useless. It doesn't get you anywhere mostly, at least not until you've made quite a few escalations of the issues and managed to get someone from their Canadian branch on the phone. Then you waste couple of hours and quite a bit of money going thru all the steps they have in their KB already and which you have obviously tried before paying for internation calls.

So, after several months we have wasted weeks worth of time of sysadmins on this SEP saga. Couple of update rollups have been released, yet lots of major bugs still unfixed, including the ones pasted above. So, that was about it. We demanded a full refund for this horrible product. Well... to make long story short, after several weeks we didn't get anywhere wrt refund. The suggestion was to downgrade to SEP10. We refused. It wasn't until I sent them a translated draft of an article describing the experience with their product and support and basically saying that either the money arrives back to our account within 10 days or it's going to press (local mutation of Computerworld). This finally worked as a wake-up call for Symantec. They refunded us.

We switched to NOD32 back then and are still with it, extremely happy after this Symantec nightmare. To sum it up - this has been absolutely the worst experience with any enterprise-grade security solution we've had for years. From then on, we refuse to buy anything from Symantec.

My advice: Caveat emptor!

 

while i agree, most people would setup a test environment of computer and see how well it works, then decide to wait until more RU's come.

it just like Windows Service packs.

you didnt do that did you? most IT people would.

 

This pretty much was a test environment. The thing has never been fully deployed on the clients - just the selected users for testing) plus it was a dedicated server for this testing. SEP never made it into production use here. It's kinda impossible to get reasonable feedback without at least some real users (not sysadmins) getting their hands on it and telling you their experience. We still feel sorry for the victims of the testing, but they saved many other users from the horrible experience.

Anyway, the product at it was shipped originally was completely unfit for purpose (alpha-like state pretty much) and still horribly buggy after 3 RUs. See, people don't spend big bucks for their security suite so that it would sit uselessly on a bunch of testing computers and waiting for years until the vendor makes the product usable. This is just ridiculous, esp. considering the pricing of the product. They've completely ruined it, people liked the v9, it was very light and simple and all; then v10 came, seemed a bit sluggish and bloated already so we decided to skip. And then this v11 nightmare came. I really strongly suspect that they've indeed moved all those folks responsible for the NIS/NAV bloat to the enterprise dept. of Symantec, because a change like this is just plain inexplicable.

 

i do agree, but running SEP unmanaged its a stable product.

as for the managed they do need to fix issues.

 

Well... the standalone client, stable - mostly yeah (some components though never worked properly for us, such as restricting access to removable devices etc.); but a big resource hog.

Whatever, the purpose we wanted this for was exactly the opposite - have all the stuff centrally managed, with the exception of selected mobile users and their laptops. Absolutely couldn't make it, we'd get all insane should this continue for couple more weeks. What a shame.

 

yeah its sad.

give CIS4 a try they offer managed with 5 free clients.


YES i know it comodo, but they are getting a ton better at prevention and version 4.1 the AV will be a ton stronger.

 

Have lots of small companies clients running Symantec Endpoint Protection 12 SBE and never had issues with both managed or unmanaged clients .
What are those things with the managed clients they need to fix ? What do you mean ?

 

Perhaps re-read this post? If you don't think the described issues (and many others) need fixing, then oh well... perhaps send a job application to Symantec

 

Well , I can't comment on your specific problems because I wasn't there at that time . I have never had such problems with SEP installations so far. Most are SEP12 which uses Apache . You mentioned SQL - perhaps yours is SEP11.

I have contacted Symantec business support on behalf of client just once in the previous month and they were very fast . This was Basic Maintanace level (the lowest possible) and they contacted us in 5 minutes time . The request was processes fast.

I'll follow your advise

 

Well, SEP11 uses Apache + Tomcat + Java + DB backend (which can be either the embedded stuff or MSSQL). Looks like they haven't learnt and still using this in v12 then. Yuck.

 

I have to disagree about Cleanwipe. Using it with the registry sweep option enabled did a fine job removing the product.

My only complaint is that it still left the trojans, worms, etc that SEP11 blissfully ignored.