So, bluntly, Symantec is abandoning automation in favor of we security administrators having to babysit hundreds of computers and manually, through a web page process, manually submit samples, and wait for an email telling us that new defs are ready, when several years ago, this was all automatic? (and the competition IS automatic now)
Is that what's being said? Automatic processes giving way to Manual processes?
Management from hundreds of stations compared to centralized management from a single server?
Manually submitting samples compared to the computers doing it for me?
WOW. Might as well go back to 8088's! LOL
Sorry, sort of unreal how we take HUGE steps back in logging and alerting - dropping AMS2 in favor of a cryptic "hey, you have an infection somewhere" email from SEP, and now find that we are taking huge steps backwards, dropping a nice automatic system requiring hardly any human intervention that submitted samples FOR us and received new defs FOR us, to a manual system requiring every step be done manually by a human and where we have to watch our inbox for results.
Don't tell me it's "rare" for someone with less than 10,000 computers to see a need - I've seen it twice in as many months. We constantly see new stuff SEP won't find, and I MANUALLY use
other software to find and quarantine the files, and manually submit them so we can get protection. Quarantine server USED to do that for me with SAV 7-SAV 10 - Quarantine server used to handle this all while I slept - and slept soundly knowing that the system submitted for me, and got new defs for me, and applied them accordingly.
I can't keep doing this - I'm too busy - I guess I won't be submitting any more samples since there doesn't seem to be the desire to receive them so new defs can be developed.
If Symantec wants new samples that badly, they can resurrect q-server!
Sorry, just seems that every step I try to take forward, I'm finding that I'm being dragged backwards.
We need MORE automation, not less. Again, don't even SUGGEST that we don't see constant new threats that SEP won't recognize. I'd proven that theory very wrong -
yes,
I'm having a bad week because I'm fighting to make things work, and finding that I need to spend MORE time, not less.
This (q-server) doesn't work, reporting is lame as all get out and gives me pie charts instead of names and addresses (read that as scheduled reporting is
worthless, seriously! you may as well totally remove it.), the console is slow and you have to keep clicking to get to policies (slow on 3 computers, so it's not my computer), emails don't contain pertenant information, I have to go to another computer and dig through logs instead of getting it in email messages like I did years ago with AMS2.
PLEASE - Let's put features IN, please, NOT take them out! Let's add functionality, not remove it. Let's add automation, not make it manual again.