Endpoint Protection

Hello.

Have followed in this forum that the reason for the security warnings is due to MS changing the code of it's security center.

Am wondering the following:

When I manually run a scan on Vista boxes from the Windows Explorer, the same MS Security Center object flashes to check your computer security - there are multiple security problems with your computer.  Is this too related to the API change?

Also, one comment about what happened here with the change.

I can understand that Symantec didn't break the thing, that MS did, but, the fact remains that it did break and LOTS of folks presently are being told that "There are multiple problems with your computer".

This is not the 1st time that Symantec product has been left to flail in the wind.  I recall when they had a version 10 product that was exposed to a known security hole.  In this case, as with this issue the only way to remedy the problem was to completely upgrade.  So, it seems to me that this is not a very efficient means of resolving product issues.  It is VERY time consuming to migrate this product and, as is ALWAYS the case with any product upgrade you will have a percentage of clients that have their problems.  So, I had to wholesale upgrade just when a release comes out.

This in part (and also because I'n not convinced that EP can properly detect Malware any better that V.10 ) is why I have not chosen to migrate whole organizations to EP.  Had I implemented EP at the 1st release I would have been on a merry go round of upgrades to the current release that will once again need upgrading to MR5 to fix this security center issue.

Is it not possible to resolve/address how Symantec product is updated such that LiveUpdate can automatically fix/address holes like the current security center reporting issue?

So, yeah I understand that software code (especially AV code) needs changing quite often to keep up.  It just seems like there should be a better machanism for updating.  The present systems seems to be akin to replacing the whole engine when only a fan belt needs repairing.

Thanks.

- Lars

For SEP, in a managed environment, you can configure LiveUpdate policy for clients to obtain product updates through LiveUpdate, which is what I think you're referring to.  (The SEPM still needs to manually be migrated.)  This is something new to SEP, was not available in SAV.

It sounds like you are talking about the earliest builds of SAV that had security vulnerabilities that were fixed in later builds.  Of course we recommend applying those maintenance releases and maintenance patches -- aka migrate up -- to fix these vulnerabilities (as well as other known issues).  The alternative is to leave it unpatched and open to attack.  Given the alternative of proactively migrating up or fixing the damage after the fact... I'll take the former :)

sandra

Well, that wasn't the point of the post:

 1) Any thoughts as to my question on the MS Security Center warning?

 2) The comment wasn't about the merits of upgrading to fix something vs. not doing so, but rather, why the drastic measures to fix something that one would consider a fairly routine code modification?

I mean, the issue here is how the MS Sec Center hooks up with 3rd party apps.  Why should one have to upgrade the entire app to resolve this simple reporting feature?

1.)  Sorry, I guess I misread the question.  I think this addresses your question--yes, it is related to a change in the API:

'Windows Security Center error: "Symantec Endpoint Protection is on but is reporting its status to Windows Security Center in a format that is no longer supported"'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009071417581548

2.)  Applying a patch (SEP clients) or using the CD download (SEP clients and SEPM) is how the modification in code is applied.  This takes the form of an upgrade, which I think is pretty standard, if I'm not mistaken.  Out of curiosity, what other method do you think should be available?

sandra

Hi Sandra.

I would like to see something similar to Microsoft Update.  The service runs auto. downloads the updates and applies the updates. 

The point here is that I think ya'll minimize how much time and effort goes in to upgrading the product.  My company manges roughly 20+ mid sized businesses.  To roll out an upgrade on 20+ independant entities is a major undertaking. 

So, when something needs patching, it would be nice to have a low maintenance solution like Microsoft Update.  Update runs auto, issue is resolved.  Nobody had to do anything really other than make sure the computer was on and auto updating was set up.

Thanks.

Well, close to what you are describing can be set up in a managed environment with a LiveUpdate policy, the ability to use a LiveUpdate server enabled, and further enabling "Download Symantec Endpoint Protection product updates using a LiveUpdate server".  This won't take care of the SEPM, but having updated many a SEPM in my time :) I can honestly say that the longest portion of that process is backing up the database.

The reason this is not enabled by default is because a good number of admins wish to control the roll out process more precisely.

sandra