Endpoint Protection Small Business Edition

 View Only
  • 1.  Notification of Sym being turned off

    Posted Nov 25, 2014 08:10 PM

    I have a couple of clients where two software vendors keep truning off the firewall, and at time the entire AVC security on the servers.  

    In each case the vendor has little interest in the cosequences this can lead too, and we have a problem with at least one vendor denying they do it.

    I'd like to know if anyone has been able work out a method to receive a notification of these events being committed as soon as they ocurr.

    The clients run Sym EP v12, unmanaged on SBS2011



  • 2.  RE: Notification of Sym being turned off

    Posted Nov 25, 2014 08:13 PM

    Sadly, nothing automated.

    You need to check the Home page which will show "Disabled" clients. If you open it up, it will show which component has been disabled.

    Also, you can go to the Monitors page and set the log type to Computer Status. Click on Advanced Settings >> Compliance Options and you also have some options to choose from on which components are disabled.

    These are two workarounds.



  • 3.  RE: Notification of Sym being turned off

    Posted Nov 25, 2014 09:18 PM

    Thanks Brian. 

    I was hoping an event would be written to the Windows Aplication event log from which I could create a trigger to email me when these vendors disable the software. These are servers on client sites.

    To elaborate on the scenario

    1. One site runs an application that manages the Law Firm.
    2. The software vendor often has the customer log them on and start a Teamviewer session to the SBS 2011 server to resolve issues with the server components.
    3. Rather than atttend to the issue at hand, they are frequently turning off the Firewall, and often disabling the entire security suite altogther.
    4. The customer doesnt understand what is happening, so hence doesnt recognise it.
    5. I find out later when I need to log onto the server for other reasons - at times this could be months later where I note the AV/Fw has been disabled.

    We've brought it to their attention, and they reprimanded a few staff, but we are seeing a return to the bad behaviour and the vendor defense is "we told everyone not to do this, so it isnt us"

    Its also a loophole that the Security suite can be disabled by someone without any other party being notified.

    Dear Mr Symantec, can we have this listed as a feature request just so that us server engineers can know when these shady software vendors are disabling your product.



  • 4.  RE: Notification of Sym being turned off

    Posted Nov 25, 2014 09:38 PM

    Why not just add a firewall rule allow this traffic?

    You need to create an enhancement request under the Ideas section

    What is the Product Enhancement Request Process ?

    This partcular one has been long overdue and asked for in the past many times.



  • 5.  RE: Notification of Sym being turned off

    Posted Nov 25, 2014 09:57 PM

    Hi Brian

    I've bent over backwards for the last 2 years setting up scan exclusions, firewall exceptions, and scanned network traffic to see if their app uses unreported (by them) ports.

    Ive done this with 3 different products, (Sym, Trend and McAfee) and provided the details to the software vendor.

    Even though I have been able to show the customer and the software vendor the app works when the Security suite is enabled the software vendor continues to disable it.

    They arent the brightest, some of their more notable moments:

    1. Will stop the database engine service on the server while staff are logged in to the application.
    2. Reboot the server while everyone is still working and not notified anyone.
    3. Have deleted data that wasnt sucessfully uploaded by the app into the database, when no other copy of the data exists yet (eg a legal doc is created in word, but wont upload, vendor comes along and deletes the word doc without even asking.)
    4. By default the app runs without the need for a login, and when the apps is run by a user without a credential in the app, they get full access within the app.  When I pointed this out to the vendor they answered "you need to have an account to prevent unauthorised access."  Glad they dont look after my banks IT system,

    Hopefully you are getting a picture of the type of vendor I am dealing with here.  Sadly the customer signed a 4 yr contract and cant change product until the contract is due for renewal.