There is an incredible - for lack of a better word - disconnect between the agent on the desktop and the Partner Management Console. I guess it comes down to vernacular, terminology, and technology.
The agent thinks that cookies are risks, and they are reported that way. I, professionally, don't care about that. They are a fact of Internet browsing and whatever risks they pose are truly insignificant compared to the dangers that are actually present.
I do care that malware gets through Symantec.cloud-protected computers and that is NOT reported. The Norton Power Eraser, in the rare cases I have used it, has not provided much in the way of help. My arsenal consists of Malwarebytes, HitmanPro, and adwcleaner.
(As an aside, this product is called Symantec and is labeled as a business product. Whenever the Norton name appears, I cringe because it is from the consumer side of the house. Yes, this company is big on disconnects.)
Another aspect of disconnected reporting occurred just this week: an agent on one desktop had antispyware and email protection turned off. The client's details - on the desktop - showed "At Risk."
However, in the Computers page for that site, the computer was "green" and there was no pending alert on the PMC. If it wasn't for my RMM software that reported something amiss, I would never - repeat - never have known that there was a problem.
Of course, that leads to the inevitable tech support issue of why did this occur? Tech support always claims that one or more web sites are inaccessible/unavailable (and it is my fault). Yet, when tested, there are no communications errors and the sites reflect the appropriate responses. And, rather than spend any time actually investigating WHY this occurred, their response is to reset the service.
To clear this particular error required the following steps:
- Remove the service via the portal, reboot
- Restore the service via the portal, reboot
- Continued malfunction
- Remove Symantec.cloud from the computer, reboot
- Run two removal/cleanup tools on the computer, reboot after each one
- Download a new software package on the computer from the portal
- Run Definitions update to make sure everything is current
- Scan to make certain nothing bad happened in the 5 days this was malfunctioning
Total process time for this abomination averages between 4 to 6 hours depending on the speed of the computer and Internet connection.
And I always wonder why, for a "cloud-based" product, the payload for this software is so huge, that it is staggering.
- C:\Program Files\Symantec.cloud = 828 MB
- C:\ProgramData\Symantec.cloud = 6.5 GB
Also on the down side, it does not protect Mac - and those machines are part of my RMM client base. Yes, I can download a stand-alone version of the software to a Mac, but I get absolutely no display on my PMC about that client's status - they are invisible.
On the good side, it does put the kibosh on web-based interference, and I get an email anytime something like that occurs. I also get the emails from clients who mistakenly think that some trial software is OK to download when it is not. But, once again, the software falls down on the job. Because it can detect known signatures, it will quarantine the main package (usually the uninstaller); but it does nothing to prevent resulting malicious software from running. I have been told - perhaps mistakenly - that because the user clicked "Run" there was tacit approval to install, so the agent will let the bad stuff run.
Rumor has it that a new version of the agent is expected that might have some improvements, but no timeframe (as is usual) was given.
By the same token, Symantec is planning to become two companies in the near future. With all of that corporate nonsense going on I am actually afraid of how it will affect the product development teams and the technical support teams.
Is this the best product out there? I am not certain. Despite the time and effort invested in my Symantec Partnership, never mind the 100 endpoints this software is protecting, I am going to investigate another cloud-based solution during the summer. If it does what I need it to do, I won't have any qualms about moving on.