What a terrible product SEP is - should i change from symantec?
Updated: 21 May 2010 | 39 comments
Hopefully someone from symantec reads this as I have just had the worst time installing SEP11. I have had to revert back to 10.1 costing my department thousands of dollars. I was wondering where the patches are because they certainly are not on the support section for the product. I consider the patch to fix the file share issue to have been critical and should have been clearly displayed on the endpoint website. I spent hours with consultants trying to work out why this happened as it certainly didn't display itself in a test environment.
Why aren't these patches on the support site for the product?
Why isn't there a notice under the hot issues?
Has anyone experienced a 30% increase in CPU usage on their servers?
I'm totaly boggled as to how this product got released into production.
What are other clients doing? Are you waiting for MR1? or are you going to stay on 10.1?
discussion Filed Under:
Comments
Message Edited by Optimus Prime on 01-07-2008 08:49 PM
Hi
OWN3D is correct. We all may have problems or may not with the SEP. Even I have issues with the SEP setup and frquentley visit this site to find if anyone havign the same and what are the soltions they come across for that. We all have gone some sort of pain in the IT but it's all about us sharing that paina dn trying to find a solution.
Blaming or cursing to the Symantec, Microsoft won't make much diffrece rather we need to find ways to get attention to specific problems so we can get solutions.
Cheers :smileyhappy:
Yes, thes comments HELP! They help the writer and should help Symantac to think some things over!
It would be better to wait till a product is ready to use before it is thrown out on the market.
SEPM IS bad. No one expects a software to be as complicatet as SEPM!
It seems that SEPM can only work on a server that has no other software on it.
If a software is that complicated and needs that much things to be adjustet in a particular way, Symantec should
provide a tool that checks all that things and points out what to do to get SEPM to work.
Microsoft i.e. does such during or before setup of SQLServer2005.
There is enough room to discuss technical things, so I think there should be room to point out such things!
Why should one have SEP installed but turned off?
Message Edited by Will B on 01-09-2008 07:39 AM
After reading the posts at this board, I asume that SEP11 is the most expensive Beta-Software I've ever seen.
No one should pay a single cent for that software!
Symantec should clearly point out in the system requierements that SEPM needs its own mashine, which makes it unusable for small business.
I want my money back!
Message Edited by 0WN3D on 01-10-2008 09:28 AM
Message Edited by 0WN3D on 01-10-2008 09:35 AM
I will share my story. The details may have been modified to accomidate my lousy memory.
Roughly 18 months ago my boss tasked me to get every workstation in our small company antivirus protection. I don't have much real IT experience but hey I can type without looking at the keyboard! I resorted to asking a few friends that do work in the IT industry and they recommended Symantec Antivirus Corporate Edition. I chose the XP Pro server to be the management console because I really didn't want to mess with either of our other two servers, our Windows Server 2003 x64 domain controller and our Linux mail server.
SAV CE installed as easily as any other application I've used. I was able to figure out the remote installation right away and proceeded to push this to my workstation as a test. I took some time to evaluate the software and decided to buy licenses for the rest of the company. I was pleased how transparent SAV CE was to the users, as were they.
A year went by with virtually no problems. I was a little dismayed that I had to update to a new version of the client / server because I liked how well CE worked for us. This was where the problems began.
I liked the whole "Corporate Edition" title. I liked it, I miss it, and I want it back. It sounded as rock solid as the product had been over the previous year. "Endpoint Protection" seemed as made up of a term as "mission critical". This was where the bile began.
The installation made my eyes cross. It made me worry that I was getting in over my head, warning me that being able to type without looking may not be the proper set of qualifications. I was also given the impression that the migration process was risky. I wondered why I would need to migrate when I should only have to upgrade. Terminology usually gets the best of me. I decided my best course of action was to start fresh because I only had several workstations to worry about.
The delay between every operation I performed in the SEPM was hypnotic. This greatly added to the learning curve of figuring out how to use the application. I figured out how to push out this software but I didn't like how searching for unmanged clients also picked up print servers and other devices.
The next day I get accosted by most users saying their workstations are almost unusable. I got lucky by randomly uninstalling everything that wasn't directly related to "antivirus" fixed the problem. I later determined the network threat protection was the most likely culprit based on what I read on this forum. Easy fix!
I had somewhat changed my scan policies when I created my new SEPM installation. I used to have a daily quick scan at noon and a weekly full scan on Monday with CE. I specified only a weekly full scan on Monday with SEPM. I found that a big part of the "slowness" we were experiencing was the hidden scans being performed that were not a part of my policy. These were tracked down to be remainders of the upgrade from CE that I had pushed on the workstations. Who loves modifying the registry to fix this? I don't.
Eventually, I installed SEP on that server after learning it wasn't bulit-in like it was with CE. It was towards the end of my doodle of a shark eating a diver that, again, half the company wanted to know why they lost connections / shares / databases / etc. Who knows? Not me exactly... It was obvious enough that SEP was the problem so I took a trip with Google and proceeded to find horror story after horror story about what this had done to domain controllers. I had a 50% chance to hose my domain controller and luckily hosed a different one! Praise God, Allah, Jeebus, the Dark Lord, whatever.
Several server restarts a day later I attempted to uninstall SEP. My bad, I wasn't supposed to do that. If uninstalling was the right move I'm sure the server wouldn't have completely frozen, which required another hard shutdown. SEP was no longer in add/remove programs but all its services were still running. I even have the cute little shield with the green dot to let me know it was connected and everything. Double-clicking the shield brings up that applet that informed me that my computer was protected and there were no detected problems. The list of Protection Technologies was empty but hey, I have the green dot so it's ok right?
MR1 almost fixed the "disappearing shares" completely! I say "almost" because I still lose shares and still have to reboot the server. I suppose once or twice a week isn't as bad as a few times a day.
Another positive note, the Symantec folders on my server are now only occupying 11.5 GB! This was great because the 40 GB or so that the previous release (11.0.0) was a bit much for my tastes. I love ice skating uphill.
I'm bored... I should stop typing and go home. I hope at least one person raises an eyebrow wondering why I spent the time to write this.
Anyway, everyone at my company is dying from the flu and I am no exception. Time for some rest!
Mexiken: You do not want to run SEPM on XP Pro or any other client workstation type OS. The reason for this is Microsoft has a built-in limitation of only allowing 10 concurrent network connections to keep people from using them as a server. This can cause quite a few issues if you have more than a handful of client systems, especially if that machine is doing other "server" things like having file shares.
Message Edited by Scott Klassen on 03-30-2008 03:10 AM
Go ahead and change from Symantec AV like I and most of my clients did several years ago. My biggest beef with Symantec AV is that they blacklisted many harmless utilities and label them as trojans or viruses and when I tell the software to ignore them it refuses and there is no way around it (trust me) unless you disable or uninstall the Symantec software. We asked Symantec to stop doing that by they refuse to listen, so I'm sticking to Kaspersky AV thats made by Russians. Since Russians made most of the visuses, they know how to detect and remove them too, which is pretty clever of them :-). So if you are not using one of their blacklisted utilities you should be fine.
Our story here is probably as bad as Scotts or the next guys. We were /are a Symantec reference partner and to be honest after the first month i had nothing good to say about them. I have had good standing with Symantec for years and was for a while the only person in the world certified on all of their products (a shame the discontinued that ceritifcation track being the only one was nice:)).
when SEP beta arrived at my doorstep i tested it, heavily and it worked beautyfully in the test environment i had. Then the final came and half the stuff did not work as well as in the beta.
The first big issue we had was thatnot even Symantec employees knew how to properly use and install the software. Then the documentation was actually FACTUALLY wrong (GUPs have to belong to the same group as the clients they serve!!) and caused more havoc. Overall w had weeks whereour interoffice links were saturated to hell.
MR1 came along and at least solved out issue of insane database sizes and content folder sizes (went from a 7.5GB database to a 1.1GB for 1500 clients) Still some bugs that were in our system from the first install stayed and we had clients that didnt update etc.
The system at this point was prety much a mess but with bandaids so it was semi stable running.
When MR2 came a lot of issues got fixed but a few big ones appeared. At this point we had gone through hell in terms of configuring policies optimizing peformance etc. and still machines got bogged down. smc.exe seemed the culprit on a lot of them so we disabled the service . Not a good choice but we had to do something at that moment in time. The Managmeent was breathing fire, nuclear war was imminent and all because i trusted on my years of experience with symantec.
Luckily vacation time came and with it MR2 MP2. I installed it, it went through fine and I left for 4 weeks of bliss and no worries. Coming back the servers were running clients were connecting and Ihad heard no problems. Weird... upon closer inspection the just after i went on vacation the servers stopped publishing definitions or policy updates. After countless discussions with symantec support, which were really helpful I have to say, we came to the conclusion that hte dB was corrupted. Oh well we have a backup.... a rolling backup of 3 WEEKS!! At this point I nearly shot myself but then I thought : " wait this will give me a clean slate to build the infra again. Just have to then use sylinkdrop to move the clients to the new systems.
So I took the servers down one by one, re-moved cleaned and re-installed SEPM MR2 MP2, the way I knew it will work (trust me after fighting for over half a year with this you LEARN!!)
I installed and realized then that most of the clients will not move regardless of what I did. While wiating for symantec support for a solution I used the push method in the big locations with servers to push out customzied packages and behold, performance is amazing, things run and work as they should. clients communicate with the correct server wherever they are and apply policies accordingly. Location awareness works, client performance is good. Management servers replicate and we now have a 5 week rolling backup. Database size is acceptable and updates are being pushed to clients FAST.
At this point there is VERY little things I can complain about. small bugs with new installations but nothing that would be a showstopper or cause major outtages. At this point I can recommend the product but like Scott said: this is not a product you take install the full thing and then configure.. you set up the servers, sit downa nd deisgn what clients should hafve installed (trust me its a difference to have different instal packages for laptops desktops and servers).
Knowing what I know today about the product, probably 90% of our issues could have been avoided.
I took the beta exam to become a SEP ceritified administrator and passed :)
I like this product a lot now because it is no longer just an AV product which most people still seem to think and it takes a while t realize that it is not just AV, its a complete endpoit protection solution.
If you want a smooth upgrade from SAV please read the documentation, ask before hand and test. You can build really good working infrastructure with this product (at MR2 MP2 level has to be said) and it will work very nicely, it's just learning first... this is not like Windows, install and done.. this is complex but flexible. It is kind of like installingWindows server 2003 with EVERYTHING on it (applications erver, domain controller, print server etc. etc. etc.) whenyou just need a file server....
If you need help these forums are great, like Scott I decided to provide solutions and help here now that I know what actually does work and what has performance impacts. If needs be Ican also be reached by email frommel at gmail dot com
For the record, RTM of SEP did suck but they have made up for it IMHO.
Hi there,
i've a bit different stories then other having SEP with more then 850 clients, now I installed MR3 & recieve some more quries like I made GUP policies having only AV & AS but when i migrated My GUPs from MR2 to MR3 all functions of SEP appears to be ON / enable i.e. Network threat Protection and others ?
other question is why it is recommended that only Av & AS is enable on servers? what if Network threat protection is enable on servers?
How many of you use Vista at home or at work?
How many of you use MACs?
Does anyone remember release of MAC OS 10.5 (first initial release)?
Does anyone remember and this is hard to forget the release of Vista?
Anyone remember Windows 95 or ME?
Most of us are Exactly that, Network/Systems Admins. How much code have most of us put down. A VB script here and there... some batch files, some Linux scripts maybe a little HTML...
It's not easy to build a whole app.
Give them some time, there have been leaps and bounds made with 3 MRs already. NT4 got 6.5 Service Packs. Windows 2000 got 4. XP has 3. Vista... what to say... Thanks Dell and HP for obliging me to buy a larger quantity of Licenses for XP before they stopped selling them and trying to force a IMO, no so great OS, down my throat. But the whole world knows it's an issue. Yet people still spend money on it everyday. And M$ laughs and every now and again releases an update to keep the masses happy.
So be patient and the boys and girls over at Symantec will do the best they can to do the same. Anyone remember going from Windows 98SE to ME... To Windows 2000. YAY! AD is introduced, half the initial release was lets say a little bugged... but here we are almost 8 years later, and look we still use it, patched, some small bugs, but functional.
I am going to end my rant there, before I start getting into Y2K... I need coffee.
I'm sorry, but I have to agree! Ever since I have installed SEP I've had problems. First I couldn't install it on my initial server because apparently their was no dedicated user(but I had SAV 10.1 on this particular server). So I moved it over to my other server and it finally installed, and I was able to push it out to my client machines, BUT now none of my client machines definitions will not update on their own, and I still can't install it on my other server, and it keeps rolling back during install. I thought maybe it was a server issue, BUT I just bought a 2 new PC's and tried to install in on them and it rolls back as well!! I been suggested running several things to do by Symantec support, including cleanwipe.exe, but nothing works!! It looks like I'm just going to go back to SAV and forget SEP.
I too have been on the Symantec bandwagon for years. I always USED TO recommended Symantec Anti-virus over any competitor - at least until SEP landed on the scene. I moved to this product when it first came out, and boy what a mistake!
My gripes:
Needless to say I got sick of upgrading this buggy piece every few months (I got rid of it around MR3). I chose not to renew it this year for all my other clients too. I'm one by one moving them to AVG, which certainly isn't perfection, but DOES manage to do what it needs to, updates itself and catches viruses in their tracks without a great deal of hands-on management.
AVG, TrendMicro, Kapersky... anything but SYMANTEC's SEP.
My 2c
Were you trying to install it on Win server 08 with MR3 ?..
MR4 fixed that bug.
Check the date of that guy's post, MR4 wasn't even out then. MikeWaldren bumped a 3 month old threat for some reason.
I was browsing and noted that, what I thought was my signature (If you have not......), showed as a part of my message; this was shown on page 1 of this thread.
I am more than satisfied with Symantec's products, especially SEP!
Sig: "If you have not learned from your mistakes, you will repeat them!"
Gee, our SQL database for over 300 computers and a couple dozen servers and a couple packages with about 4 months of data is well under 4gig, may be less than that after tweaking the SQL server settings a bit.......
It was 10 on SQL express, but that's a SQL Express shortcoming, not a SEP shortcoming.
(why ya think it's free?)
I can't say "no problems" but I can say "no worse than many others" and the management is pretty good and the hit rate is as good as most if not better.
Things have changed - it's been a few years since BRAIN and FORM and those simple things. (and good ole McAfee constantly releasing his "press releases" touting the sky as falling every other week)
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
Would you like to reply?
Login or Register to post your comment.