This is experience of mine with one of the client that I consulted when I was working with my past company. First of all, we had a discussion with our client, so as to understand following aspects 1) Highly pressing issue; 2) Their environment; 3) Their future plan; 4) Their business specific requirement. On that particular client we had master configuration of P4; 1 G.B. ram; 200 G.B. H.D.D. etc. across all operations Client’s network was highly infected with virus and their AV was not able to detect and remove such viruses and malware from the endpoints; and even after submitting virus files their AV vendor used to take time of 2-3 business days to provide full fledged solution and their business was affected with high impact because of this issue. The pressing need was to analyze the solution that will stand still on the detection and remediation of virus from client end point; without affecting performance of the machine even during scan process and will give uninterrupted and smooth support not only for Migration but during on going year. Then, Based upon the business needs of the client; I planned and set up following points, in order to elect proper Anti virus for environment. A) Remediation from existing virus and other malware threats. 1) Rate of Threat detection; 2) Time required for Signature generation; 3) Migration support; 4) Support response/ resolution time; 5) Reduction in the anti virus operational cost. A) Remediation from existing virus and other malware threats. :- For this step we made a group of sample infected machine and then tested AV which short listed Symantec and McAfee anti virus; as these two products were able to detect and take action on the virus both in real time as well as during on demand scan. Now I will explain; how I had analyzed both the Symantec Anti virus (SEP) and McAfee anti virus with the parameters mentioned above. 1) Threat detection rate. : - In “R & D” lab of my technicians, we had used some known as well as some unknown variant of virus (here we have used, help of script programming) and then have penetrated this virus’s to test PC where we were testing Symantec (SEP) and McAfee clients and software, in two phases. 1) Deploy Virus prior to implementation of AV 2) Deploy AV prior to deployment of virus The detection rate that we got was quiet amazing. i.e Symantec anti virus ( SEP ) detected 9 of 10 viruses; whereas McAfee anti virus was not up to my expectation with only 7 of 10 detections for the scripts that we have formulated. Even though we find out that Symantec anti virus ( SEP ) is not able to detect 10% of virus then as well I thought that it’s OK as it was far better than competitive AV “McAfee” chosen by our client for review. 2) Signature generation time: - After first test, it was time for us to move on to the next stage which was to find out; which vendor will show excellence to reduce downtime post –outbreak in client environment; i.e. a) What about the threats for which AV doesn’t have the definition at all? b) Whether Vendor security team will excel in creating the definition for those threats ASAP; (Where we need to find out how much time it takes to generate the signature and add it to definition set, once sample infected file is submitted?) Now in order to understand this solution to this problem domain; We understood that , the focus is not more on threat detection rate, but on the fact, that how much minimal time is required so as to generate signatures for virus, that are unknown to AV vendor? (Such threats are also known as zero day threat) To proceed with issue, what we did is to submit the virus sample of the file that left undetected in earlier test; and then submitted that files to McAfee avert lab as well Symantec Security team (McAfee avert lab generally create the signature once they got sample virus). And to my surprise, I found that even this time Symantec was at creamy portion wherein they have not only created but included definition through rapid release to our satisfaction. Once above test results are out we immediately started looking after support factor, next plan was to assess Symantec for migration support as well as support response time 3) Migration support: - When I look at migration from higher view then I narrowed down my focus to two issues 1) Support for upgrading product 2) Support for switching from one AV vendor to other AV vendor As both these issues are very important from client’s perspective; keeping in mind the futuristic view. My focus for evaluating this need was on checking knowledge base available from vendor as that is the most handy and least time-consuming approach support personnel of client can have in time of need. In this case I personally checked knowledgebase of both the AV software vendor, so as to analyze their usefulness. As far as the information is concerned; it was available on knowledgebase of both the AV vendor (Symantec and McAfee) , but it took less time and less pain for me to navigate to the option that I need to search; and I found that language on Symantec knowledgebase was more lucid as compare to the information on knowledgebase of McAfee. 4) Support response/ resolution time Here we tested the support forum of both the anti virus for 1) minimum time required to reach to Technical representative 2) minimum time required to resolve functionality issue One of the main concepts behind any corporate level information security solution is the capability to generate reports for higher management. Actually speaking, this is the single platform that management has any visibility on how the environment looks and works. The Symantec reporting just delivers what we can call as Security status report of entire architecture Then we also saw some very good benefits that we were not considered for comparison but it will help our client in achieving more in depth level of security. Symantec Endpoint Protection is able to control USB devices. And we could determine those users are able to read and write or not on the USB disk or USB drive. Before the use of Symantec Endpoint Protection our client were only able to give USB support or deny it. We had no control on what USB devices were connected. Now after implementation of SEP they can determine that USB printers and USB phones can be attached and that USB sticks cannot be attached. Now users can charge their USB-connected telephone, synchronize the agenda and email, but cannot download files and place them on a MMC card. According to me, Symantec Endpoint Protection version 11 is a cool inspiring and truly an endpoint security product. SEP is a not only reliable and fully redundant but also flexible and scalable enterprise-class product that was able to protect my client as per his stringent requirement, using various state of the art protection technologies. These technologies, like a) Anti Virus (with proactive threat management), b) Anti Spyware, c) Application / Device Control, d) Firewall and e) Intrusion Prevention (as a part of the Network Threat Protection Engine) Symantec endpoint protection have excelled over its predecessor ( SAVCE that is Symantec Anti Virus Corporate Edition ) not only in automation and scheduling capability but also in reporting capabilities; and to add cream to that we can even mingle reporting with the automated notifications feature as well to provide the vulnerability management team with a detailed view on the security status assessment of environment of the client, which will enable them to provide round the clock protection to client in least intrusive manner. This even shows the commitment of Symantec to strive for providing best of the breed solution that is competent off the rest. This is experience from my past company where my role was security solution consultant and architect. For privacy reasons I can’t disclose client name as well as AV protection used by them earlier than Symantec. The views mentioned above are my personal opinions; and the names mentioned are copyright of respected companies mentioned therein the scope of this article.