curious, SEP 11 or 12, and what definitions when this happened ? Thanks
On Thu, Nov 8, 2012 at 8:57 AM, Robert Cato <[email protected]> wrote: > > Yep, all on its own. Granted this was based on setting that were made > during installation, based on recommendations from the onstie Symantec > vendor/engineer. > > > > On Thu, Nov 8, 2012 at 8:48 AM, Kennedy, Jim <[email protected] > > wrote: > >> “SEP quarantined the files and then went to all machines on the network >> and quarantined them on all machines…”**** >> >> ** ** >> >> Holy smokes, it decided to do that on it’s own? And quarantined the >> machines that had NOT been updated yet?**** >> >> ** ** >> >> So glad I don’t run AV.**** >> >> ** ** >> >> ** ** >> >> *From:* Robert Cato [mailto:[email protected]] >> *Sent:* Thursday, November 08, 2012 8:45 AM >> >> *To:* NT System Admin Issues >> *Subject:* Re: Symantec %@(*&OI:TNGF(P***** >> >> ** ** >> >> Ken**** >> >> **** >> >> These two updates were only installed on a couple of Win7 machines at >> most. They were approved during the day for install overnight, a couple of >> users saw the pop-up and installed. SEP quarantined the files and then went >> to all machines on the network and quarantined them on all machines (Win7, >> Vista, and XP).**** >> >> **** >> >> It would be nice if we had a separate network, but I'm not sure that will >> get approved.**** >> >> **** >> >> Robert**** >> >> ** ** >> >> On Thu, Nov 8, 2012 at 6:41 AM, Ken Schaefer <[email protected]> >> wrote:**** >> >> Even if you don’t have a separate network, you can create a separate >> group in WSUS, and put a test machine(s) with your SOE image in that group. >> **** >> >> **** >> >> That would allow you to test patches prior to mass deployment. Checking >> for AV issues would be just one thing – I’d recommend that you have some >> test cases for all your important apps as well.**** >> >> **** >> >> Cheers**** >> >> Ken**** >> >> **** >> >> *From:* Robert Cato [mailto:[email protected]] >> *Sent:* Thursday, 8 November 2012 9:48 PM >> *To:* NT System Admin Issues >> *Subject:* Re: Symantec %@(*&OI:TNGF(P***** >> >> **** >> >> Ken,**** >> >> **** >> >> That was my first question, but it is still unanswered. I am still new at >> this %dayjob%. **** >> >> **** >> >> In this case, the testing would have had to be done in a separate >> network, which I am fairly sure we don't have. I will take that suggestion >> to the table when we analyze the breakdowns of this incident.**** >> >> **** >> >> Robert**** >> >> **** >> >> On Wed, Nov 7, 2012 at 9:37 PM, Ken Schaefer <[email protected]> >> wrote:**** >> >> No matter who you migrate to, you’ll also run into issues (false >> positives seem to occur all the time, with all vendors).**** >> >> **** >> >> Did you test the patches before releasing to Production? Might be worth >> beefing up the testing regime.**** >> >> **** >> >> *From:* Robert Cato [mailto:[email protected]] >> *Sent:* Thursday, 8 November 2012 5:22 AM >> *To:* NT System Admin Issues >> *Subject:* Symantec %@(*&OI:TNGF(P***** >> >> **** >> >> **** >> >> FYI**** >> >> **** >> >> We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One >> user installed the two updates in the afternoon and Symantec Endpoint >> Protection 12 with several advanced features enabled (threat protection, >> hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among >> them. The real problems started when SEP decided to quarantine the files >> across all ~600 workstations taking us completely offline.**** >> >> **** >> >> The fix was to boot each workstation into safe mode and removing SEP.**** >> >> **** >> >> It was a long night.**** >> >> **** >> >> The good news:**** >> >> None of the advanced features were enabled on the servers.**** >> >> We are migrating away from SEP as of this morning.**** >> >> **** >> >> Robert**** >> >> **** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin**** >> >> **** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin**** >> >> ** ** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin**** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
