Ouch Sophos. We’ve had 1 conficker outbreak since moving to Sophos and then we had the false positive problem with the Shhh/Updater. I’m not overly impressed by Sophos at the moment.
JCK From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, November 07, 2012 9:24 PM To: NT System Admin Issues Subject: RE: Symantec %@(*&OI:TNGF(P* Yep SEP sucks, and AV Sucks in general doesn’t matter if you are a Symantc, Mcafee, or Sophos shop. (Sure enough Travis Ormandy put out on Bugtraq information about multiple exploits to full compromise parts of the Sophos Application suite (AV included) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> From: Rankin, James R [mailto:[email protected]] Sent: Wednesday, November 07, 2012 1:42 PM To: NT System Admin Issues Subject: Re: Symantec %@(*&OI:TNGF(P* Said it before and I will say it again...reactive AV is more trouble than its worth ---Blackberried ________________________________ From: Robert Cato <[email protected]<mailto:[email protected]>> Date: Wed, 7 Nov 2012 13:22:05 -0500 To: NT System Admin Issues<[email protected]<mailto:[email protected]>> ReplyTo: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Subject: Symantec %@(*&OI:TNGF(P* FYI We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One user installed the two updates in the afternoon and Symantec Endpoint Protection 12 with several advanced features enabled (threat protection, hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among them. The real problems started when SEP decided to quarantine the files across all ~600 workstations taking us completely offline. The fix was to boot each workstation into safe mode and removing SEP. It was a long night. The good news: None of the advanced features were enabled on the servers. We are migrating away from SEP as of this morning. Robert ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
