Goooood show ... I agree cent percent..... :).....

 Hello, This is a very interesting report, I am glad Symantec  had achived such performance enhancement.

I would like to know if the guide used to tuned SEP MR3 is or will be available as a best practice guide at any moment in time. If it is available now I would like to know where to get it from.

Thanks.

Fix all those bugs in program and Symantec Endpoint Protection will be the best of Antivirus software in my heart.

Golf 

MR3 is already the best ...

Now fixing the rest of the bugs and enabling the install of SEP Manager on windows 2008 on MR4.... would make this 1 the best deal in market for sure...

Anti-Virus, Anti-spyware,complaince management (Application and Device control) and Firewall...

ALL IN ONE :D

The concept was always good... Fixing up most of the bugs should make it a market leader one more time now...

Cheeeeeeeeeers :)

CPU: 3.4 Gz, 1Gb RAM

That is not the kind of enviroment i am working with.

I knew somebody would post that, the point is that it shouldn't matter what the hardware is.. the benefits should be similar.

The following is from another slide deck (which resulted in the previous one being generated) which shows the numbers from the slowest machine we could find lying around our QA dept (its an IBM T2x series, can't remember which exactly) but you can see it had a 1GHz processor and 256MB of RAM.  The numbers are percentages.

Are those clean installs or upgrades, do you think it matters? We upgraded from SAV9 with no performace complaints to MR2 with hundreds of performance complaints ~12% of the company.

Too late for me, i'm moving to T.M.

Too many hours spent to configure this product.

Commerce, they are clean installs, but it shouldnt matter too much, you will see similar gains on machines that have lots of software already installed.  I note you talk about MR2, take a look at the performance gains between MR2 and MR3 and that should give you an idea of what MR3 should be like.

Siegfried, we can't please everyone, we know we have given a lot of our customers a hard time over the last year but we are working hard to rectify all the issues we have had.. We believe with MR3 we are pretty much there, but we aren't stopping there, there are new and exciting changes coming in SEP that will push the boundaries of enterprise client protection technologies.  Its a shame you felt the need to move, I wish you good luck with Trend.

Hi Paul,

Thanks for your answer.

I do not want to be irrelevant with my post, but I had too much difficulty since the installation of SEPM. I may not allow to continue to have cold sweat in every update.

Best regards,

Siegfried

Fix the Word document loss that exists in SEP MR3 and it will be pretty solid, IMO.

I found another customer with EXACT same issue, so with my decades-long history in dealing with Symantec AV products (since NAV 2.0, and CPAV years) and my beta and alpha testing experience with them, I'm going to stick my neck out and stake my reputation on this statement:

There still exists, even in MR3, an issue that can cause customers to lose Word 2003 documents when saved to a network share with a Windows 2003 server and XP workstation.

I've yet to find the exact trigger or combination, but I've got a number now - 4.5-5% of our computers. And it seems to be "helped" by running the VERY VERY VERY latest patches and updates to everything Microsoft. It's a tricky set of circumstances causing it, but it does exist. Another customer contacted me and confirmed it.

OTherwise, even though this has quite the learning curve, it's a great product with amazing abilities and technology that literally excites me like few software products ever have, and I've been at this since the VERY first (PC) computer virus, BRAIN, back in the 80's. Even with this bug that is killing my reputation at work, I will still stick up for it and say, it's amazing and has great potential.  (ya see, I am the sort of person, well, I'll explain it this way - I  may not like someone, but that doesn't mean I don't respect their accomplishments or abilities. I like this software, even though it's costing me my very reputation, and possibly put me on the line here at work.)

Hi All,

I've been waiting for this issue to be fixed the last 2 mnth. I realy hope it will be done in MR4:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008091915180348?Open&seg=ent

Yes this 1 is fixed.... even we had difficulties with the same as we have a strict "Audit Log Policy"...

I tested the same with MR4 Beta and GOOD NEWS !!! finally... It works..

Cheeeeeers .... :)

ShadowsPapa wrote:

And it seems to be "helped" by running the VERY VERY VERY latest patches and updates to everything Microsoft. It's a tricky set of circumstances causing it, but it does exist. Another customer contacted me and confirmed it.

I would think that if applying all the latest patches from MS seems to be resolving the issue, then the issue lies with the MS products. We will typically recommend that customers should download and install the latest patches available for the software and OS when issues like this arise before we start troubleshooting.

Have you been able to confirm 100% that applying all the latest MS patches for the OS and MS Word and other MS software resolves the issue? The reason I ask is because you says it "helped". Which implies it may not be true in every case.

I now have word that 3 other customers are seeing it, and that the updates didn't REALLY work, just that because it's not every time, it was hard to tell. Just updated 2 other computers, and their first files did the same thing.

So the first update wasn't a fix, it was a fluke.

We thought it helped, it did not. In other words, on that computer, it wasn't going to see that issue again for the rest of the day even without the updates.........

The number of users impacted is still growing - more calls coming in today. We're probably running close to 10% now.

That and the fact that other customers have answered here in the forum (and in private) that they see the same things WITH MR3, tells me "it ain't fixed yet".

We are still trying things, but our help desk just came in to me while I was typing and said "Todd is calling, what should I try on his computer now"..........

Updates didn't work.

It's like doing a rain dance, then in an hour it starts to rain. Well, it was probably going to rain anyway!

"There still exists, even in MR3, an issue that can cause customers to lose Word 2003 documents when saved to a network share with a Windows 2003 server and XP workstation."

What exactly does "lose" mean? Is never saved, is corrupted or what?

Do you know if it happens to other Word docs (.xls and .ppt) or is it just Word?

Thanks,

Ray

Because of how Word, a very weird application in how it performs saves, does the save, the file "Disappears".

When you open an existing document, make a change, and exit word, and say yes, save the file, then word actually deletes the original XXX.DOC file, and renames or moves the XXXXX.TMP file to the name of the existing file.

What happens is that SEP seems to interfere or get tangled in that process. The original file is deleted by Word, but never recreated. At best you have the TMP file with no updates. The original DOC file is quite literally gone.

If you stop the SEP service, Word behaves normally.

Symantec is not the only one to get tangled in this, Microsoft did last year with their live onecare av-security scanner. IT also caused Word files to disappear like that.

In each case, Word displays a message like "unable to perform file save due to permissions error" or words to that effect.

It simply cannot and will not save the file, and if you happen to have the network folder open, you can see the file disappear when that error appears.

In our case, we restore the file from backup and the person loses ALL of today's work, or in some cases, we have them launch the TMP file and then do a save-as and they get all or most of their file back.

It's random, some folks don't see it, others do, those that do may see it constantly, or rarely.

Saving to a local drive seems to get around this, so we tell folks to open their documents, make their changes, save to the local computer, then at the end of the day, copy each file back out to the network where it belongs.

You can imagine the time and complexity!

We've demonstrated here that it does NOT happen if you stop the SEP service, or save locally. We've got a couple of users here where we can remote to their machines and they can show it to us pretty much at will. Others say, "nope, this afternoon was fine, lost 4 documents this morning however"

Please see this thread for more details:

https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=20638

Thanks for the quick replies. That's pretty ugly, especially if it is the application and device policy. USB monitoring is the only reason we're looking at moving from SAV 10 to SEP 11.

Ray

Paul is it possible to get the slides for this presentation?  I would like to present to my organization.

Paul, 

Do you have any comparative slide about the performance in manual or scheduled full disk scans ??

Hi

I just decided to look back at these forums after being totally dismayed at the SEP product in the early releases given the amount of disk space and memory use it was taking up, and I reverted back to NAVCE 10.1.7

I don't understand where the memory level for 10.1 has been obtained from, as this document has it at over 100MB, whereas looking at all the modules I have running, they seem to add up to only around 70MB+ which I appreciate is still more than the quoted for SEP, but is r8 really that bloated?

I would be interested to see the comparison in disk usage, that isn't shown here.  That is one of my previous issues, as we are a company that cannot afford to replace PCs at the best of times.

Wow, sorry, but how OLD are your computers??

We have virtual machines with only 20 gig drives and they are FINE with the disk usage of either of the Symantec products, SAV or SEP. (and these are SERVERS running SEP and SEM, along with SQL Express, etc.)

Memory hasn't been a big issue - and some of our older machines run 500 meg RAM. (only HALF a gig)

We are a state entity, and we, too, can't replace computers just because we'd like to, but I gotta say, I've never seen these products cause issues with RAM or storage space.

On the contrary, Outlook, IE and Word all fare worse in many ways......

Some date back to 2000, and with their 20GB hard drives, although a lot has been cleared can often get down to about 500MB free space.  With my initial install nightmare: https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=1779&query.id=7791249#M1779 where it needed around 900MB free space to install, it wasn't just the long term loss of space I was worried about (although the increase from 10.1 was a big enough issue).

Ouch. Yeah, I've often marvelled at the need for a GIG free space just to do an update, and the amount of free space needed to update defs.

You are hurting for free space, then.

Are these XP?

Have you deleted all the patch and update uninstall files?? Windows sucks a lot of free space with all their uninstall and recovery crap that half the time won't work anyway, so I just kill that stuff.

On a couple of machines, I let Windows "compress" the drive to give enough free space for an update. But these are lame little machines that totally need to be wiped and re-built anyway. A fresh Windows install takes less space than Windows that's 4 years old in my experience. BLOAT.

Yes, I believe that I did remove those sort of files, but seem to remember that the disk usage after installing then would have left little free space.

I am aware of the XP bloat, but unfortunately when PCs are in use in our company, there is often little scope for simply removing them from production whilst it is re-installed!

Has the official requirements for the latest release altered any from the initial roll out?  Back in January it seemed to be taking up GB's worth of server drive space, a couple of hundred MB of RAM and high processor occupancy. 

I seem to remember a comment on these forums talking about a lower requirements solution that might be reached.  I can't find it at the moment, though, especially with customers running SBS2003!

>>I am aware of the XP bloat, but unfortunately when PCs are in use in our company, there is often little scope for simply removing them from production whilst it is re-installed!<<

Luckily, I have a bit of leverage there. I simply remove the computer from the domain, and let the proper folks know that "xxx computer has become a security risk. It is no longer able to be updated or managed and must be returned to be reimaged. The computer needs to be sent back here by xx/xx/xx for this proccess otherwise because it has become a security risk we have little choice but to block it from network connectivity". And if it doesn't come back, I access the switch and kill the port the computer is on. End of debate ;-)

Unfortunately I could never do that with PCs that are used to enable us to either carry on development or to get products out of the door and make money!

Ooops.  Slightly over-estimated some PCs - I have 2 with 6Gb HDD, and another 8 with less than 20GB!  Sob, Sob!

Post moved to it's own thread.

I wish I could see the pictures on this thread -- we've got some kind of image blocker. Any chance there's a pdf or text summary of the reports somewhere? I'd really like to see them.

I'm also curious in part because I don't think I'm getting the same kinds of results. I've been testing system scan times on several models of office computer, and the times are always 50% or more longer once we upgrade to SEP 11.0 (3) from SAV 10.1. I've even uninstalled and gone back to 10.1 and back to SEP on the same computer with consistent results. As I can't see the images I may be missing what's being compared here, or maybe there are tricks for streamlining that I'm not aware of?

My office is still trying to decide whether or not we upgrade. Reports of SEP rev 3 being faster had encouraged us, but in-house experiments don't seem to bear that out thus far. (Tests done on a series of Dell laptops of roughly standard config, ranging from brand new to 4 years old, using XP. All of them have SEP running 50% slower than SAV 10.1 at the moment.)

if anyone wants a hard copy, PM me your email address and I can mail it over.

Hi Paul,

Do you have updated version containing statistics for MR4? Is MR4 faster than MR3?

I'm not aware of anything.  MR4 is potentially slightly better, under certain conditions, but the difference will be nowhere near that of MR2 and MR3.  Focus for MR4 was really around Windows Server 2008 for SEPM, more than anything.

Hi Paul,

Great stuff.

Would it make sense and if so, be possible to run the same performance tests for Vista SP1 32bit and 64bit?

Thanks.

Erik

I hope you can help me to solve this problem.

Our computers and servers were protected by Symantec antivirus since 15 years ago. we subscribe to the symantec anti virus yearly contract for the pass 15 years and having no issue on any virus. but since 2 Jan 2009, our servers and pc were infected by trojan.horse and it create a lot of desktop_1.ini files in all directories inside servers. our OS is Microsoft Windows XP Professional and Microsoft Server 2003 Pro. we can't delete the desktop_1.ini one by one as it is millions of copies everywhere inside the servers, what should we do? we updated with the latest virus definition everyday withou failed. pls help.. thanks.can u ask Symantec staff to contact me also? FYI, we are going to renew the license for 200 pc next month, since this problem happen, how ?

from : Jennifer Cheong

[Edited: Removed personal information per the community rules and regulations.]