4

I'm the IT manager at an animal shelter in Upstate New York. We have a Windows network with about 50 desktops running Windows XP Pro. We used to use CA eTrust Antivirus, but that product didn't work too well (too many infections got through). About six months ago, we switched to using Symantec Antivirus Corporate Edition ver. 10.1.8.8000.

If anything, the Symantec product is even worse. The last six weeks in particular have been very bad -- we've had about seven or eight PCs get hit with those malware infections that masquerade as antivirus software. In most of those cases, Symantec didn't even flag the malware at all.

So... what gives with the Symantec Antivirus? As far as I can tell, it's installed correctly and downloading updated definitions nightly.

I can upgrade to Symantec Endpoint Protection for $220 (we get non-profit pricing), but I don't want to do it if it's not going to be significantly better.

Any advice? Should I switch to something else entirely?

Thanks!

hmallett
  • 2,425
  • 14
  • 26
Alex C.
  • 121
  • 5

4 Answers4

7

We were happy users of Symantec Anti Virus Corp for years, that is until Endpoint Protection came along. Slowed our computers down so that they were largely unusable. These were computers that ran SAV just fine.

So about a year ago, we migrated our machines to ESET and their NOD32 product. While the management console can be kind of daunting, we've been very happy with the desktop client.

So short answer, I would NOT 'upgrade' to EndPoint Protection...

I also found what I wrote here:

Having been a huge proponent of Symantec Enterprise products in the past, we recently dumped them in favor of ESET and their NOD32 line.

The Symantec Enterprise products suffered the same bloatware syndrome that their consumer product line has with the latest iteration and it bogged our machines down. No longer is it Symantec Antivirus, but rather, Symantec Endpoint Protection.

I've found the NOD32 clients to be extremely fast and have a smaller footprint then their Symantec counterparts. Having said this, the Administrators console can be a bit daunting compared to Symantec's, but once you get used to it, it works.

GregD
  • 8,713
  • 1
  • 23
  • 35
  • 1
    GregD, I recently went through exactly the same scenario. SEP was a huge pain. ESET NOD32 is a delight to work with. – Nic Mar 11 '10 at 21:51
  • 1
    On a side note, one of the best things you can do as an anti-malware practice, is take away admin rights from your users and exploit group policies to lock IE down. – GregD Mar 11 '10 at 21:53
  • @GregD -- thanks for the tips. I did try to take away admin rights, but that caused problems with some of the installed software not running afterwards (Business Objects and Kodak EasyShare, for example). What do you recommend for locking-down IE? I actually use ESET NOD32 on my home PC. Haven't had any trouble. I'll have to see how much it costs. – Alex C. Mar 11 '10 at 22:04
  • 2
    I don't have the exact GP in front of me at the moment. It seems to me that I removed the ability to download and took away the security tab so it couldn't be modified. I also baby-sat their sites for awhile and added some of them to the trusted zone to get around some of the tightening up that I did. As for admin rights, I've found that most of the programs that don't run right without admin rights, boils down to registry access. If you can use a tool to find out what registry keys are being accessed with those programs, it makes it easier to take away admin rights. – GregD Mar 11 '10 at 22:09
  • @GregD: Same experience here re: SEP. SAV worked well and was generally alright. SEP was *HORRIBLE*. I question if they even beta tested the thing, what w/ the complete loss of network connectivity issues that it caused on server and client computers at several of our Customer sites (ahh, the "tiefer2" driver... >sigh<). The product is crap. If genocidal zombie terrorists asked me to recommend an anti-virus solution I wouldn't even recommend it to them. – Evan Anderson Mar 23 '10 at 02:21
  • @Alex C.: I'd second GregD's statement about removing local Administrator rights. Spend the time fighting through the issues and you'll reap rewards later. Tools like "Process Monitor" and "LUA Buglight" can help you out. You'll be much happier once you've gotten your users running under unprivileged accounts. – Evan Anderson Mar 23 '10 at 12:33
3

For three years, I was a happy SAV 9 and 10 user. Had it deployed across 150 seats. No issues. Then when the renewal time came, I installed SEP 11.

A few months later, after several painful manual cleanup sessions, I was finally able to get rid of it, and all our desktops and servers received a fresh install of Kaspersky Antivirus. Made everyone crazy happy - it felt like we did hardware refresh across the whole company. And it cost us about a third per seat compared to Symantec products.

Max Alginin
  • 3,284
  • 14
  • 11
2

We have Symanted Endpoint Protection deployed to approximately 1500 PCs with no issues. Virus infections went to practically zero, but there are a handful that it does not get (mostly malware, as you found with SAV it's not that great, but SEP does a better job).

LiveUpdate frequently fails, but that's a configuration issue on our end (proxying the updates) that we are working to resolve.

Unlike SAV, I have found that SEP rarely performs the "total Symantec fuckup" which takes out all TCP connections on 80 and 443. This means less troubleshooting and reinstalling the aplication.

We had some mixed feelings about putting in SEP because one of the larger issues was malware and it's not that capable of removing it. We found after installing SEP on a computer that had malware SEP would not remove it, but on PCs that have SEP installed beforehand they do not get malware.

If your PCs are capable of running it I would highly recommend it.

The PCs are mostly 3.0GHz Celerons with 512MB of RAM, 40GB 5400 RPM IDE HDD. If you are strapped for performance, change File System AutoProtect to "Scan on Modify" rather than "Scan on Access".

ta.speot.is
  • 842
  • 5
  • 9
0

Know this is a late reply but wanted to chime in. We have been a SAV CE 10.x shop for some time and have used SAV CE since before it was SAV (Intel). We were hesitant to go to Symantec Endpoint due to some issues with the early release.

We are presently rolling out SEP RU5 and have to say it has been pretty smooth. Only a few minor issues with the add-in for Outlook. We have done both the upgrade and manual installs from the console and all went well.

Management seems much more granular and overhead on thesystems is reduced.

Overall, we are very pleased.

Dave M
  • 4,494
  • 21
  • 30
  • 30