From Testing to Production in a day.

This client had a small company with about 60 computers over 4 branch offices across India.
They were using Kaspersky and AVG in their network. About 40 clients had kaspersky 15 had AVG and 5 were having no antivirus at all,
 
So they had asked for a 5 user license to test it as they said they have used many antivirus but were not satisfied with any yet.So they wanted to test it first on 5 computers for a month or so If they would like it they will deploy on all the computers

Then I found they were having a major Outbreak of Downadup.b and w32.Harakit and their production was down.
I was shocked to see that the Domain controller was using AVG free version, Later they explained as Kaspersky was not catching anything on the server so they removed it and installed AVG but still no luck.
The domain controller itself was the File server and database server. The users had to access the server's folders and drives to store, retrieve and access their data.
But now due to the infection they were not able to do so as they were not able to open the Shared drives on the servers.
The client had resolved the issue with account lock out by disabling number of attempts in group policy.

So when I had the first look on the server the situation was horrible. The server was extremely slow with pop-ups coming now and then.
So the very first thing I did was disconnected the server from the network, removed AVG and installed SEP with all the features and downloaded and installed latest rapid release from another computer, restarted the server in safe mode a ran a full scan.
It found about 20 different kinds of threats mostly w32.downadup.b,w32,trojans and downloaders.
Restarted the server in normal mode Ran ESUG Loadpoint diagnostic tool and Rootkit revealer found at least 50 suspected files.
So I submitted everything I could think of to Symantec Security Response.
Then I went ahead and disabled Autoplay from group policy
Downloaded KB 958644 and gave it them to install it on all the computers by the end of the day, they agreed.
After installing KB 958644 on the server I ran Downadup removal tool from Symantec website.
Server was a bit stable by now but still pop-ups never stopped.
After reviewing the NTP logs I found out which computers were attacking after checking those computers I found they had no patch and no antivirus.
I just dint had to deal with Downadup but also Harakit others were just Trojans so they can be taken care locally but these 2 worms were the major concern.
I installed SEPM on the server created a install package and deployed it to clients without antivirus and ran full scan in safe mode with Least Rapid Release definitions.

As I was doing the deployment I got call from the higher management of the company requesting me to take care of the outbreak and requested me to install SEP on all the 60 computes.
Immediately the called Symantec Sales and got License for more 55 computers.

So we went ahead and removed Kaspersky and AVG from all other computers and deployed SEP on them.

The next day we got response from Symantec Security Response out of about 50 files I had submitted 40 were infected and detected.
We downloaded Rapid Release updated SEPM with JDB all clients got updated immediately with new Definitions.
Ran a full scan from SEPM almost all the clients had hundreds of detections.
There were 2 computers which had to be re-imaged because the system files were corruped due to some File Infector virus.

I taught the Admin over there how to use SEPM console and how he can use application and device control feature to maintain security and guided him to Symantec forum.
Till the 2nd days evening everything was under control all the computers were running on SEP and their business was up and running.

Their Management was too happy with the Product and the Fast response they got with Symantec Security Response..