Endpoint Protection

Hi,

I'm evaluating Symantec Endpoint Protection and so far my impressions are, go back to Eset.
I downloaded some test viruses from eicar which Symantec found after it was downloaded while Eset stopped it before it downloaded although that’s not too big a problem. Another minor problem is that when i downloaded the test file it just disappears, no prompt or any sort of notification, the file isn’t under the "view quarantine tab", so how would i get a file back if i wanted to?  But my biggest problem is auto protect. It constantly takes up 100% of my cpu and seems to be finding a never ending stream of .tmp files somehow related to the test virus. I left the computer on overnight and in the morning it was still going.
Can somebody tell me why it’s doing this and if i fix it as i really want to like it.

Thankyou,
Schybanas
 

HI,

Please let us know the version of the SEP client, as well as the system configuration of the test machine.

If you are downloading a threat from EICAR.com, and if the SEP autoprotet is detecting it, the access to that file is blocked as soon as its written on the hard drive.

Also, its possible to configure from an Antivirus policy that detection notifications for the threats downloaded from EICAR can be disabled.

You can also try the following:

Add .TMP and .PART to the list of file extensions to scan will catch eicar when downloaded
Set Auto Protect to Scan All files

Aniket

 1st make sure you are using latest version of SEP that is 11.0.5002.33
2nd never run these kind of test with 2 antivirus running together with their realtime protection ON..they will have conflicts between themselves and you will get un-expected results that will never make you happy.

Thanks Aniket,
I am running 11.0.5002.333
Adding tmp and part file and enabling notifications both worked great and i havent seen the autoprotect dialogue for a while. So all seems to be going well!
Maybe a second restart was all it needed? Anyway, thanks for your help. 

Nikhil R.

Great to know that things are working well for you.

if you are using firefox or chrome for browsing, they download the files as .part and as .tmp .

So, if these extensions are added for the antivirus engine to scan, any downloaded files will be scanned by the SEP autoprotect.

Aniket

Woah, spoke too soon.
I did a live update and out pops auto protect and the lag that comes with it. 
Oh well, thanks for your help but i think we're going to stick with eset for now. 

Thankyou,
Nikhil

Hi,

Try removing the temp extension from the scan list and let me know if the results are the same.

Aniket

Hi,
Thanks for your help but either way i still have the same problem.
Unfortunately i have had to uninstall symantec and reinstalled nod32. 
Thankyou for your time and i hope one day i might be able to use symantec again, hopefully without problems. (maybe i'll try again when it comes up to renewing our nod32 subscription)

Thankyou very much,
Nikhil