Endpoint Protection

I'm seeing spyware and adware that is not being detected or prevented with Symantec Endpoing 14.x.  I wish to know what other tactics users are doing to deal with spyware/adware.   Are you augmenting your Symantec with another product and if so what, are you doing something with Symantec that is not relying on autoprotect, running scans,etc.  or something else.

First off, do you have the all components that SEP 14 offers enabled and functioning correctly? AV/IPS/Firewall/SONAR/AML/Dlownload Insight? We've had very little get through when everything is on an configured for higher security. If something gets through, you can grab the hash or filename and add it to the SEP blacklist feature.

I do have everything installed an on. I have a gateway web product that blocks outbound traffic to adware/spyware sites and do to the request that I see from the same computer numerous times, I run a scan using another product and it finds stuff that symantec does not.

Guess I'm not too surprised. SEP has struggled with adware type stuff in the past. You can also try a threat analysis scan within symdiag or try Norton power eraser, both of these are a bit more aggressive. You can submit samples to Symantec so they review and create signatures for it should they seem it malicious.