Hey Paul,
I have already sent you the support case number details via PM when I made my first post. I'm not privy to the internal defect number unfortunately. The defect is where the SEP manager, throughout many areas of the interface and reporting, does not distinguish between Windows Server 2008 endpoints, and Windows Server 2008 R2 endpoints. It's like saying Vista and 7 are the same OS. This bug existed in the 12.1 beta, was there when the product shipped, and actually got worse with the release of RU2.
That's a shame about RU4. :( I interpreted the acronym of SEPM in the release notes to stand for SEP Manager as it normally does, and not "SEP for Mac".
In relation to your comments on policies for scheduled scans, in the enterprise field that is untrue, particularly when our endpoints (both workstations and servers) operate under controlled SOE design. I can only assume it's a limitation on the way the SEP Agent scans are configured/created, in that it has no ability to be passed plain text details via policy (such as locations and filenames, etc.), and then translate these to the target file system the policy is applied to?
The example I give on why this is needed and possible to define, is as follows:
For performance & stability best practices on certain types of applications, exclusions from Auto-Protect are required. Some examples, MS SQL, Oracle, Exchange, Lotus Domino, IIS, Citrix, JDE, SharePoint, the list goes on. Effectively any solution that has high amount of disk I/O activities.
From a security perspective most of our customers agree to our process of mitigating this exclusion risk via regular scheduled scans of just these particular directories, files (read: executables), and/or file extension types that we exclude from Auto-Protect.
It's possible with McAfee’s VSE, as well as obsolete CA solutions from the last decade. Unfortunately this has never been possible with recent Symantec solutions. Both SEP 11 and 12.1 are limited to nine pre-determined selections, and SAV 10 had even less options.
The reason it is imperative to be able to craft such a focused scheduled scan, is so to limit the amount of extra strain added to these very busy systems, even "after hours". Many of these endpoints at times, are running critical systems that human life rely on, and so "down-time" or "less busy" windows are near non-existent.