Symantec Endpoint Protection...is a PIG

I just spent the last few days troubleshooting a Symantec Endpoint Protection migration from Symantec Antivirus Corporate Edition v10.x. What an effort.

Much like the last time I upgraded a client from 9 to 10. They conviently forgot to include "May bring your older, underpowered workstations to their KNEES." in the product description. That client had about 25 workstations that were old HP workstations, runnning Windows 2000 on 256kb RAM and 500mHz CPU's. Once they started up, the "Startup Scan" would bring the machine to a crawl, and only perform well when it completed, which for those old things was quite a while. Nice of them to release a registry hack to disable that...then they release a config option in the next patch...NICE. Also forced the client to bump all the workstations RAM to 512. Nice for my billable hours, but not for their non-profit wallet.

This time the environment is much different, and I "own" it. That is to say, I'm back to an in-house position, no longer consulting. My AV server has 2gb of RAM, a 3gHz Xenon processor, and lots of drive space...which is too bad because after learning more about this product, I've found it is a resource HOG.

Check out these numbers: http://www.symantec.com/business/products/sysreq.jsp?pcid=2241&pvid=endpt_prot_1

Holy Crap! What if I wanted to run Exchange?

Not only did they release this bloated replacement, but they did so horribly broken. The SEPM (manager component) only works from the console. Can't get my graphs to display through Terminal Services (RDP), and after troubleshooting with Symantec staff, eventually broke it and was forced to re-install and re-configure TWICE. OMG, not again... If I didn't have maintenance on this thing, I would have fallen back to Trend. At least they have a product that installs clean. Hell, it'll even remove the Symantec clients from the workstations. Very SLICK.

It also messed with my DC / App server. Kept blue screening. The dump files didn't point to any specific driver, but when I uninstalled the SEP client, and installed the old 10.x client in stand-alone mode, my BSOD problems went away. MMmmm, imagine that. I won't be letting SEP back on my DC for awhile.

MP2 is supposed to fix this problem, and a few others, but I'm a bit reluctant to patch this now. I mean, geez! Do I really wanna risk breaking the install and my configs again, and have to remove/re-install a third time? I don't think so.

Ok, enough whining....back to work.

Comments

Anonymous said…
Well, I can tell you from my experience trying to roll it out to our small office here of 60 clients. We encountered every conceivable issue. It's a very horrible product and should not be put into anyone's environment. They've failed, and hard. There is no way I'll be pushing this to our 15K endpoints. Other companies to competitive trade-ins. This will be an interesting battle.

I wonder how many clients they've lost over this product.
Wed Jul 16, 12:57:00 PM CDT
Post a Comment

Popular posts from this blog

NPI Search Redundancy

Most healthcare professionals know at this point that all providers of health care, require NPI (National Provider Identifier) numbers. Without one, it will become increasingly difficult for claims to be paid by commercial payers, and impossible to collect medicare and medicaid payments. Since we are a coding/billing/collection/management agency, we have frequented the NPPES (National Plan & Provider Enumeration System) to lookup NPI information. Unfortunately, there have been brief periods of downtime of the site, causing us to implement our own solution: a backup of the registry. I have a daily cron job that downloads the NPI database, push it into MySQL, giving us an albeit slow, but accurate access to an off-line version of this data. The shell script below performs the retrieval: #!/bin/sh WORKDIR="/srv/htdocs/npi" LOG="$WORKDIR/npi.log" MONTH=`date +%b` LASTMONTH=`date +%b --date='1 month ago'` YEAR=`date +%Y` URL="http://nppesdata.cms.h
Read more

freeFTPD

Image
Image by Micah68 via Flickr I've been using FileZilla FTP server for some time now and have been happy for the performance. Recently, we needed the ability to expose the FTP service to another client, and the documents that we'd be receiving would be arriving in an un-encrypted form, unlike our other clients. I decided I could simply enable FTPS , the SSL enabled FTP protocol and open a port to 990 on my ASA 5525 Security Appliance and NAT traffic to our server. Unfortunately I quickly found out that a passive FTPS server behind my firewall won't work without some specific configuration changes as discussed in this article . With all that fussing around, I decided to check out freeFTPd, a single deamon that offers both FTP and SFTP, not to be confused with FTPS, but the secure file transfer protocol that is common to the SSH ( secure shell ) protocol. It's fairly straight forward, but is a bit quirky and the documentation is non-existent. Follow some of my ti
Read more

Using ImageMagick and Tesseract to sort TIFFs on Windows

Image
Recently I wrote a post about my search for a TIFF iFilter that would enable me to use VBScript to query a Windows Indexing Services server for file management. I found that since OCR is never always 100% accurate, neither were my attempts at sorting all the inbound EMR faxes we get each day. I did however, find Tesseract , a great product that was originally developed by HP and proprietary, and is now developed by Google and licensed under the Apache License v2, open source . It is one of the most accurate open source OCR engines available. It is quite basic, and in the version you obtain from the project page , it only operates from the command line, and without the libtiff library, will only do it's work on un-compressed TIFFs. More information can be found on the project pages , and Wikipedia . Doing some scouring, I aso found a front-end , and ArchivistaBox, a complete document management system . Image via Wikipedia I'm using it in Windows, so I needed to do one of
Read more