Endpoint Protection

FEP is the only antivirus system around that I'm aware of that requires anyone running reports to be both the database administrator and have admin roles in SCCM.

Today, in our test environment, we tried an offline eicar test, with the test notebook off of the company network.

FEP alerted and cleaned eicar from the system. We rebooted and connected to the company network.

It took over 90 minutes for an alert to be triggered by FEP.

As for support, I cannot disagree with the other post, Symantec support CAN end up taking days to resolve an issue.

But, between the two, I'd stick with Symantec.

Hello,

We have Installed Microsoft Fore Front recently on our server and then installed Symantec Endpoint 11 (64 bit) on it. Installation was successful but after we restarted the server it gives blue screen and thats it. We had to   re-install the server 2008 & Microsoft Fore Front again.

Now I am looking for solution how to Install Endpoint 11 on server.

Kindly lets solve this problem asap.

Thanks & Best Regards,

Meraj

Many organizations are being solicited by Microsoft with the Enterprise Agreement Bundles and this is being touted as a "bonus". However. what needs to be explained to management, is that you will most likely be moving Endpoint Security management away from the Security people, and putting it in the hands of the software deployment personnel.

With the SEP architecture, you can keep a fully functional, feature rich environment separate from the SCCM/SCOM environment and ensure separation of duties.

Microsoft is and has never been about pioneering technology. They buy what they like and integrate it, or if they cant buy it, they wait until they can copy it. Sorry folks, but dont be angry at them for looking out for #1.....it keeps Bill Gates a wealthy nerd. 

+1

I completely understand. It does suck and I'm sad to hear that its so bad that you'll have to switch =(

10 years in a long time but a head of IT's gotta do what a head of IT's gotta do I guess. I just hope that you don't run into the same problem if/when you make the switch. It would especially suck if all this was because the laptop users don't run their scans at home and pick up viruses like that =/

- xlloyd

Like I said, I have used them for over 10+ years and it will suck having to switch.  The Mail Security product with Anti-Spam is the best I have ever seen.  It kills me to have to swith to something else just because it takes forever to get support.  I could tell them nothing and just switch over to the first new product I find.  But that won't help me.

To answer your questions:

Our AV server checks for updates every 2 hours.  We update to the latest version of SEP every 6 months to a year. It would take me a bit to hunt down the latest viruses.  I also know that all AV's are not perfect but tell that to the Director that just got a virus on his computer.  I am the head of IT and we run the scans over the weekend but almost half of my computers are laptops so they are not here to boot up.

I am also not posting this just to be one of those guys.  At the last convention I was at I spent about 30 minutes at the booth talking with them about my issues.  Some of the people there aggreed with me.  I just want to get my concerns out so they know why people are moving away from their products.

Ouch! Harsh much bro. I guess it's the wake up call Symantec needs.

Care to share the names of some of the viruses that pass by SEP?

Also, (I assume you are but just to double-check) are you regularly updating the signature database?

About your scheduled scans? Since you don't run them in the week...do you do it on weekends? I'd suggest you link up with the head of IT and have him do some scripting to boot the machines, login locally, scan, and shut down on weekends.

Can't really speak to your support issue as I'm no Symantec Employee =/

- xlloyd

I think you should try focusing on the flaws of your own product instead of pointing out the problems with others.  I have been using SEP for 10+ years and I can say there is not much reason to stick with it. 

• Support:  It takes days (yes days) to get answers and most of the time they are the wrong answers.  This is the number one reason why we are looking elsewhere.
• Detection:  I continually get computers with infection even though SEP is running and updated.  They are not even new viruses, they have been out for months.  How can I justify keeping a product that doesn't even provide basic virus protection.
• Performance:  I can't run any sceduled scans during the week otherwise end users complain of slow performance.   

So FEP may have the very flaws listed above but at this point I would rather take those flaws then stick with SEP.

Lol, wow. Thanks for this article =]

Leave it to Microsoft to develop something like this =P. It's typical of them to release a half-finished product (eg. Windows Vista).

In any case, Symantec has firmly established it's place at the top regardless of what any other vendor would like to say! Thanks again for the informative article!

MS must revise their product roadmap to include the missing features, so then they can call it a true "endpoint security" product.

People may argue that (Device control, Application control, self-enforcement, ..etc) are not necessary for securing desktops, here is my reply:

1- Many malwares will stop/disable/corrupt critical services or local security policies to degrade security settings and make infection easier and faster.

E.g, Conficker will stop and disable windows update services which will prevent workstations from communicating with update servers (WSUS / Windows Update) and download latest/missing security/critical patches.

Solutions: SEP HI (Health Integrity) policy can be used to fix any insecure deviation like the above mentioned. Pre-defined templates for critical windows security settings including Windows update are already existed to help customers start securing network (Domain/Workgroup).

So if a client is compromised, security configuration would be manipulated (Conficker) to allow malware propagation. This’ll keep systems open for attacks; SEP will reverse them back to the correct ones.

I've used WSUS before and sometimes many workstations failed to install a critical or security update due to many reasons:

A. GPO that blocks installing files/programs

B. Corrupted windows update files/configuration

C. Windows update services are stopped/disabled due to infection or previous admin policy

D. other reasons

With SEP HI template, you can install missing windows updates that were downloaded (if service was running) and waiting to be installed.

SEP agent has been engineered to block any process/service tampering by users/malwares. So be sure that malware tampering to stop SEP (including installing patches) will fail.

2. Device control proved to be an aggressive front-line against known/unknown threats. I've personally tested this inside multiple enterprise customers (2000+) and found out that virus risk reports before/after device control were highly different. So why would I leave USB/CD/Floppy allowed and let AV deal with thousands of malwares. Think Defense-in-depth when you design network/endpoint security.

Finally, I would add that MS Forefront works well from the licensing point-of-view for enterprise customers only. SMB-to-Medium will need to install SSCM server (Do you need to remind me about time, effort and be NASA-certified in integrating multiple MS products and components from the first time?) and a system admin with SCCM skills.

Last word, SEP + SNAC self-enforcement is a single-product, single management server, single console, and single agent. 

Note: MS just released (Microsoft Security Essentials 2) so product testing/certification must be run again by 3^rd-party. I think MS became wise when they included (Network Attacks Inspection) to block exploits and attacks at the network level.