Endpoint Protection

I tried a support ticket to ask a very simple question and it was closed because they don't support Corp. Edition of AV anymore.  My question is, will live update stop obtaining virus definitions on 7/4/2012?  I have some older servers that I really don't want to upgrade to Endpoint Protection and I don't think those servers are going to get replaced by 7/4.  I'd prefer not to upgrade some if I don't have to.  From the notification I received from Symantec, it just says end of support, but I don't know if they consider virus definitions support.  I know it's always best practice to be current on the client, but if it ain't broke, don't fix it.  In this case, I don't have trouble with the software, in fact, I've only contacted support on the product 1 time in the 7 years I've been dealing with it.  Endpoint Protection, on the other hand...

If it's not present here:

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=savce

They probably discontinued providing support which includes definitions.

And I would suggest that you migrate the servers to the latest version of SEP. There are a lot of security holes missed by SAV scanning technologies. And it uses up more resources than the later versions of SEP (12.1 onwards).

I understand that SAV clients are more stable. Its technology has probably remained the same since version 8 or something. But SEP has gone a long way. And not upgrading SAV clients is like using Windows NT in todays environment. Also, SEP provides more flexibility that you can use for the servers to maximize hardware resources. Like using file and folder exceptions.

We keep asking the same question with no real answer. I know we still get definitions for SAV 7.6 and SAV 8 and those went end of life years ago.

the definition may be stopped at anytime, hence do upgrade/migrate the systems to SEP  infrastructure.

As said above, the definitions may be stopped anytime. Currently they have officially stopped technical support for these prodcuts.

I understand that legacy versions still continue to get definitions, which is probably because SAV primary server still running with SAV 10 was downloading definition and distributing it. But now if they stop the definition for SAV 10, it might be a problem.

I also agree, if i had a chance, i would have stayed with SAV. I still don't like the SEP interface and 12.1 looks more yukky

Note that SAV 9's definitions were extended for a long time after the support was ended as the number of users was high. This is not to give you hope that the definition creation will be continued, just an information.

I to really want to know if the definitions are stopped for Sav 10.x, we still have quite many clients running on this version, which for different reasons can't be upgraded.

Thanks for the responses.  I guess I need to just step up my efforts to get upgraded (I hvae two months before I go out on leave).  Based on this technote, I can see that live updates will supposedly stop.  http://www.symantec.com/business/support/index?page=content&id=HOWTO73168

My reluctance to upgrade stems from just not liking the Endpoint Protection software.  The management console for good old Corp. Ed. was faster, pushing clients was easier, everything I needed to see was in one easy to use dashboard.  I never had database issues.  With SEPM, I have had databases go south, the database can get huge, I have to jump all around to find the information I'm looking for, I don't have the amount of time required to develope meaningful firewall policies for all my server apps, patch management is not as intuative, and the console is sloooww.  I have all my desktop clients on v11.x, but I don't manage them through SEPM because I don't trust the database (though there are clients where Live Update breaks and the only way to get content updates is to switch them to managed clients).  Instead, I create my exclusions and deploy the registry tweaks.  In all, I could have logged many more support tickets on SEP failures than I ever did with Corp. Ed.  I'm just good at finding other ways around problems than wasting time on the phone.

A full write up on this subject can be found here -

Be Aware: The Symantec Antivirus Corporate Edition 10.x and Symantec Client Security 3.x End of Support life is fast approaching!

As posted in https://www-secure.symantec.com/connect/forums/symantec-anti-virus-10-and-netware-65#comment-6810311

I was told

SAV 10.x virus definitions will continue to be published via regular channels after end of support life but may be removed by
Symantec at anytime.

Virus definition extension contracts are available & can be requested for up to 12 months after end of support life
(EOSL). This applies to supported SAV 10.x Windows platforms only.

Let me know if you are interested.

If you are still running SAV 7 and 8 you may as well run nothing at all. they are no where near robust enough to deal with today's threats. Frankly, I'm surprised those versions can still process the defintions, as I know SAV 9 no longer can due to the size of the definition files.

Here is a current KB article regarding EOSL support for SAV 10.x

http://www.symantec.com/docs/TECH178551

Within this document at the bottom is information on how to purchase up to a 1 year extension for virus definitions past the EOSL date. Below is the direct link for this information.

http://www.symantec.com/docs/HOWTO73168