Monday, March 31, 2008

Symantec Endpoint Protection...is a PIG

I just spent the last few days troubleshooting a Symantec Endpoint Protection migration from Symantec Antivirus Corporate Edition v10.x. What an effort.

Much like the last time I upgraded a client from 9 to 10. They conviently forgot to include "May bring your older, underpowered workstations to their KNEES." in the product description. That client had about 25 workstations that were old HP workstations, runnning Windows 2000 on 256kb RAM and 500mHz CPU's. Once they started up, the "Startup Scan" would bring the machine to a crawl, and only perform well when it completed, which for those old things was quite a while. Nice of them to release a registry hack to disable that...then they release a config option in the next patch...NICE. Also forced the client to bump all the workstations RAM to 512. Nice for my billable hours, but not for their non-profit wallet.

This time the environment is much different, and I "own" it. That is to say, I'm back to an in-house position, no longer consulting. My AV server has 2gb of RAM, a 3gHz Xenon processor, and lots of drive space...which is too bad because after learning more about this product, I've found it is a resource HOG.

Check out these numbers: http://www.symantec.com/business/products/sysreq.jsp?pcid=2241&pvid=endpt_prot_1

Holy Crap! What if I wanted to run Exchange?

Not only did they release this bloated replacement, but they did so horribly broken. The SEPM (manager component) only works from the console. Can't get my graphs to display through Terminal Services (RDP), and after troubleshooting with Symantec staff, eventually broke it and was forced to re-install and re-configure TWICE. OMG, not again... If I didn't have maintenance on this thing, I would have fallen back to Trend. At least they have a product that installs clean. Hell, it'll even remove the Symantec clients from the workstations. Very SLICK.

It also messed with my DC / App server. Kept blue screening. The dump files didn't point to any specific driver, but when I uninstalled the SEP client, and installed the old 10.x client in stand-alone mode, my BSOD problems went away. MMmmm, imagine that. I won't be letting SEP back on my DC for awhile.

MP2 is supposed to fix this problem, and a few others, but I'm a bit reluctant to patch this now. I mean, geez! Do I really wanna risk breaking the install and my configs again, and have to remove/re-install a third time? I don't think so.

Ok, enough whining....back to work.

1 comment:

DM said...

Well, I can tell you from my experience trying to roll it out to our small office here of 60 clients. We encountered every conceivable issue. It's a very horrible product and should not be put into anyone's environment. They've failed, and hard. There is no way I'll be pushing this to our 15K endpoints. Other companies to competitive trade-ins. This will be an interesting battle.

I wonder how many clients they've lost over this product.