Let me start by saying I really like Symantec products - in general ... however, as relates with SAV and SEP ... is it just me that is frustrated?
Back in the SAV and SSC days, I liked the way things worked ... I wasn't crazy about the MMC interface, but I got used to it - and SAV was good, I mean good about stopping threats and viri and such. I understand that we seem to be on an exponential growth of sophistication of attackers and attacks ... but ...
SEP was introduced - great in concept, horrible in execution. At the time, users computers did not not have the system resources to run SEP -AND- their desired programs. So we waited ...
SEP was fixed. Don't actually recall what iteration, but somewhere along the line the demand on local machines was reduced, machines were replaced, and the footprint was reduced ... life was better ... until 2010.
SEP 11.0.4 filled root drives on servers with definition files ... the fix - 11.0.5. Great! (Not that I had anything else to do than update EVERY client's management server!) Did no one think to TRY a 2010 date somewhere in 2009 to KNOW there would be a problem? Not like WE can test this one!
Sep 11.0.5 and Windows 7. Fine, 11.0.4 wasn't ready for 7 ... didn't 11.0.4 just release? OK, maybe not ... but didn't Symantec have the beta of 7 to test with? Shouldn't have been a surprise ... SO ... 11.0.5, OK. Wait - why can't I log on to my Windows 7 box? OH - SEP is eating my NTUSER.DAT file? REALLY? WHY? Not like NTUSER.DAT is a NEW concept ... (I'm not alone on this:
http://www.symantec.com/connect/forums/endpoint-protection-stopping-users-reciving-there-windows-profiles) ... and having just checked updates for RU5 (there are none) ... seems this isn't a problem in Symantec's view.
OK - moving on ...
Internet Security 2010 (and variants) ... REALLY? This isn't a THREAT? WHY isn't SEP stopping this?! Yes, I know that I can deal with the management console and limit my exposure manually ... BUT ...
Since -forever- SAV/SEP has nailed the AngryZiber IP Scanner as a threat. OK, MAYBE that can be used with malicious intent ... so I exclude it on my local box as it is a tool that I use ... fine. Who is it that decided that Internet Security 2010 (and variants) is something that local admins can deal with while tools like the IP scanner are determined a threat?
I have clients asking about alternatives due to SEP becoming too much for them to manage. I appreciate the argument and advocate for SEP. When they start commenting on spending labor hours on updating servers and repairing machines - I have to concur with them ... SEP isn't working as desired. (Recent complaints has been about reinstalling/updating SEP to 11.0.5 soon after the 11.0.4 release ... IS2010 problems ... etc.)
Is it just me? Are other dedicated Symantec people looking at alternatives?
Thanks for any perspective offered.