Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

So Long to Enpoint...

Created: 03 Jan 2008 • Updated: 21 May 2010 | 17 comments

After several meetings yesterday, my company has decided to do away with using Symantec's Endpoint.  We've experienced too much down time and unresolved issues since the migration from Enterprise 10.  The entire IT department had to sit through a scathing meeting where we were the recipients of various complaints about issues caused by the upgrade as well at the financial hit the company is taking while we try to sort out getting the software into a working state.  The company managers have demanded that we resolve the network issues caused by Endpoint immediately or get rid of it.  Well we all voted to do the latter.  

Luckily since last Friday we have been testing Trend Micro's products in an effort to resolve the Endpoint debacle.  Their software has performed flawlessly in our test environments.  Unfortunately we did not test Endpoint on the scale we are now testing Trend Micro before we migrated.  We all assumed that based on the reliability of Enterprise 10 that we shouldn't experience to much grief with migrating to a newer sounder product.  We were wrong!  Endpoint has to be the biggest software mistake Symantec has ever coded.  Just read any post in this forum and you will see that it has not gone smoothly for anyone who has migrated or used it.

Now our accounting department has to undertake the task of trying to get a refund for this terrible software from our Vendor.  If not were going to have to eat our mistake and live with the memory of what happened when we migrated to Endpoint. 

I think you’re about to see Symantec's stock drop off like its long time customers.  Thanks Symantec for embarrassing me and my co-workers and making our professional careers a nightmare...

- R. Kauflis   

 

Comments 17 CommentsJump to latest comment

Paul Murgatroyd's picture
thanks for the post, I am very sorry that you feel that way.  If you don't mind - I notice that this is your first post to the forums so I presume that you must have logged calls with our support organisation as you mentioned unresolved issues.  Do you still have any of your call references?  Alternatively, if you could PM me either your company name or your email address I can find them myself.  Can you elaborate on "network issues"?
 
thanks
 
 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

LincolnBit's picture

Hi Paul

I see that you are a Symantec employee.  You are correct that this is my first post as I felt the urge to vent my frustrations.  My co-workers are the individuals who are members of this board and frequent it quite often.  I have only been on here to search for answers rather than post questions.  Aside from acting as a co-administrator when needed I'm the application developer for our company.  I do not have the call logs or case numbers in front of me but I can get them if need be.  The point is probably moot now though as we are moving to another product.  However I can list some of the issues I was directly involved in with that may or maynot help you with future issues with your companies product.

During the Migration of endpoint we encountered a failure in the SEPM Service to start after rebooting.  Troubleshooting this was followed by errors with IIS.  I wasn't there for the fix to this but I know the guys worked on it for a weekend.

Next once Endpoint was running on the servers we noticed a massive slowdown in network response.  This continued up until yesterday evening when we removed the software completely off the servers.

Then when we attempted to do the client rollout and upgrades.  We encountered various issues such as  "Service Symantec Event Manager errors" and "lsetup errors".  Most of these were resolved by removing anything enterprise 10 related off the workstations and doing a clean install.  Allot of time wasted.

Big Problem was User complaints about the loss of network shares and clients not updating with the proper dated definitions.  I'm told that a fix was issued for this but that did not smooth over the frustrations of our users.  The network share disappearances were happening to me as well with my own laptop.   Also users complained of desktop and laptop performance issues after we upgraded them to the new software.  These calls were becoming a normal occurence every day!

All around a nightmare.  I'm not attacking Symantec Tech support with this post but rather the individuals who make the call to release the software or who code it.  You should be commended for even trolling through these forums and answering questions to desperate people.  My co-workers seem to think that Symantec's support staff was courteous enough and at least willing to try to resolve issues but you can't make a pig fly and this software has no wings.  With that I hope we move on to greener pastures...

- R. Kauflis  

Csring's picture
Paul, I know your an employee and you have to put on a good face for the company, but the "hmmm...can you tell us whats wrong, why ya leaving" Is a bit insulting if you have ever tried using the software itself or looked at any one post on the forums. 
 
      I have installed the maint release-1 on several desktops and one server and although it seems to "work" a good deal better it still hasnt solved the issues of this thing being a resource/network hog.  I have better than the min specs on the server and I am told that the server is in poor condition by your software......why??  Your software is the only thing on there.  And immediately after installing response time on the desktops goes in the toilet.  Your older software never did that to even 1/10 the extent that endpoint does
Paul Murgatroyd's picture
I can accept that some might have found my comments a little insulting, but I was not aware that the original poster was linked to other folks who have already posted in this forum.  With a post count of 1 I thought it was worth checking that all avenues had been explored - even if the account is lost we want to know why for the future.  I know it seems strange, but there are also customers out there who are unaware of what they are entitled to in terms of support and for many they believe the forums are their only option.  Now to your points...
 
I presume you are running the Site Status Quick Report - can you post your results here?  There is no doubting that SEPM is more resource intensive than SAV was - but it is doing so much more.  There are however memory optimisations we can make to the manager for smaller environments and we working on those at the moment.
 
Again, please elaborate on your "network hog" comments - what symptoms are you seeing and what SEP components do you have installed?
 
In terms of do I use the product?  Yes, I do... all day, every day.  I have the client on my Symantec laptop, I am running a pilot implementation for a major blue chip company (well over 300 clients now online) and working with other large enterprises, our pre and post sales engineers and anyone in bettween!  Symantec ourselves now have 1000's of SEP clients installed and running internally with all features enabled and minimal problems.  As you can see from the signature, SEP is my life at the moment!
 

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Csring's picture
By the way, since the first post, the reporting feature stopped working so I cant post that for you.  Also in this time I got a call back from one of my two test subjects because the lag on her pc was unbearable.  I have to uninstall it because she cannot get anything accomplished.  2.2ghz celeron (I know, bought b4  I was here) 256 mb ram.  I know its not the speediest but according to your specs it should be fine.
0WN3D's picture
There are a number of things you can do to address these issues.  Keep in mind that there is alot more "available" to you in this release, but you don't have to use it all.  You can create a group for the slower computers and create a policy that just turns on AV/Spyware for example.  i.e. No Firewall/Network Protection.  This is a product that will require some testing in the lab before full deployment - not bug testing, but rather to evaluate performance and feature requirements.
Paul Murgatroyd's picture
thanks Csring, your post was very helpful.
 
I see that svchost is taking up 750MB of RAM - that seems rather high to me (as does 183000 handles)
 
I notice a MySQL executable there too.. are you running something MySQL related on that box?
 
Any chance you could repost your screenshot of task manager with the handles list showing? (click View, select Columns and choose Handle Count then click OK)
 
As for an XP client with 256MB of RAM, yes it will work but it will be slow, as you are seeing.  I cant imagine that there is much memory left after a vanilla XP SP2 installation is there?  Did you have all the features enabled on that client?  Try removing Network Threat Protection and/or increasing the scan time for proactive threat scan.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Csring's picture
 
 
 
by the way the desktop i mentioned in last post is only running AV.
 
The my sql is for Spiceworks inventory management software that I am testing.  It isnt on all the time, and when it isnt on there doesnt seem to be any diff in system speed 
Paul Murgatroyd's picture
ok thanks for the info on the desktop, if its only running AV then there isnt much we can do... its possible to tune the scans and perhaps remove things like the active scan when defs arrive, etc.
 
on the server front, I'm still trying to work out why your svchost.exe is taking nearly 700MB of RAM and 145000 handles - there must be something running under that thats causing a slowdown to some degree.  From your posts, its easy to see that SEPM is using something in the region of 768MB of RAM, while a little high thats not too bad for what its doing.  Its when we add svchost into the mix too that things get interesting!
 
would you be able to look at svchost in more detail with something like process explorer for instance, so we can try and work out which service is taking all those handles?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Csring's picture
I think I found a part of the issue. 
 
We had been testing track-it also for inventory management.  Typical svchost file size with track-it agent installed is in the 20-25 meg range.  With SEP installed it ballooned to what you saw in my images(700-800 megs). After removing the agent svchost is around 12megs with about 32000 total handles.  And total memory now drops to 1700megs and I get good server status.  Is there any noted bugs about your software not playing nice with track-it agent?



Message Edited by Csring on 01-04-2008 07:58 AM

Paul Murgatroyd's picture
interesting.. when you say remove the agent... do you mean the Track-It agent or SEP?
 
just so I get the right software - Track-It is this: http://www.numarasoftware.com/Track-It.asp ?  as I want to try this out myself.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Csring's picture
You have the correct software, and I removed the agent, not SEP and this is on the server....didnt seem to happen as bad if at all on desktops
Paul Murgatroyd's picture
great thanks, I'll download the trial and test it out.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Surge's picture
Paul,
I have had the same experience with this POS application. I now know why you call it ENDPOINT... because this is the last thing you will be able to do once you install it. This is not an antivirus... it is the perfect virus!!!
 
Let me give you some examples of problems. Multiple IAS (internet authentication service) and RRAS (remote access service) failures. Even after uninstalling the POS, it keeps registry settings that don't allow RRAS to start. I am still fighting an issue where my backup control servers no longer can see each other after installing the POS.
 
Hours upon hours to debug and correct all these issue and lets add some salt to the wound- Thousands of dollars on a product that doesn't work! So tell me how Symantec is going to do the right thing and reimburse me for all of this. More salt- pissed off customers. Do you know anything about pissed off customers?
 
Oh by the way do you provide support on weekends? For sure you have logged endless problems with this POS product and your support has yet to respond to the demand. Dell has provided significantly more support on resolving Symantec problems than you have.
 
There should be a class action law suit filed against Symantec!!!!!!!!!!!!!!!
 
Surge
 
 
 
 
Thorsteenster's picture
Sorry, newb here. What the heck is a handle?! First time I've ever heard of such.
Just to say, while it hasn't been a perfect roll out, compared to others ours has been pretty smooth in an 100 user, 6 server environment.