Yep SEP sucks, and AV Sucks in general doesn’t matter if you are a Symantc, Mcafee, or Sophos shop. (Sure enough Travis Ormandy put out on Bugtraq information about multiple exploits to full compromise parts of the Sophos Application suite (AV included)
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Rankin, James R [mailto:[email protected]] Sent: Wednesday, November 07, 2012 1:42 PM To: NT System Admin Issues Subject: Re: Symantec %@(*&OI:TNGF(P* Said it before and I will say it again...reactive AV is more trouble than its worth ---Blackberried ________________________________ From: Robert Cato <[email protected]> Date: Wed, 7 Nov 2012 13:22:05 -0500 To: NT System Admin Issues<[email protected]> ReplyTo: "NT System Admin Issues" <[email protected]> Subject: Symantec %@(*&OI:TNGF(P* FYI We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One user installed the two updates in the afternoon and Symantec Endpoint Protection 12 with several advanced features enabled (threat protection, hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among them. The real problems started when SEP decided to quarantine the files across all ~600 workstations taking us completely offline. The fix was to boot each workstation into safe mode and removing SEP. It was a long night. The good news: None of the advanced features were enabled on the servers. We are migrating away from SEP as of this morning. Robert ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
