No, the first rule of Symantec is you don't use any of their products :-) On 8 November 2012 16:23, Steven Peck <[email protected]> wrote:
> The first rule of Symantec is you don't talk about symantec > > > On Thu, Nov 8, 2012 at 6:54 AM, Robert Cato <[email protected]> wrote: > >> >> It is SEP12, I'm sorry I do not know the definition file, that is handled >> by the security group...and they don't really want to talk about Symantec >> right now. >> >> >> On Thu, Nov 8, 2012 at 9:05 AM, Erik Goldoff <[email protected]> wrote: >> >>> curious, SEP 11 or 12, and what definitions when this happened ? >>> >>> Thanks >>> >>> On Thu, Nov 8, 2012 at 8:57 AM, Robert Cato <[email protected]>wrote: >>> >>>> >>>> Yep, all on its own. Granted this was based on setting that were made >>>> during installation, based on recommendations from the onstie Symantec >>>> vendor/engineer. >>>> >>>> >>>> >>>> On Thu, Nov 8, 2012 at 8:48 AM, Kennedy, Jim < >>>> [email protected]> wrote: >>>> >>>>> “SEP quarantined the files and then went to all machines on the >>>>> network and quarantined them on all machines…”**** >>>>> >>>>> ** ** >>>>> >>>>> Holy smokes, it decided to do that on it’s own? And quarantined the >>>>> machines that had NOT been updated yet?**** >>>>> >>>>> ** ** >>>>> >>>>> So glad I don’t run AV.**** >>>>> >>>>> ** ** >>>>> >>>>> ** ** >>>>> >>>>> *From:* Robert Cato [mailto:[email protected]] >>>>> *Sent:* Thursday, November 08, 2012 8:45 AM >>>>> >>>>> *To:* NT System Admin Issues >>>>> *Subject:* Re: Symantec %@(*&OI:TNGF(P***** >>>>> >>>>> ** ** >>>>> >>>>> Ken**** >>>>> >>>>> **** >>>>> >>>>> These two updates were only installed on a couple of Win7 machines at >>>>> most. They were approved during the day for install overnight, a couple of >>>>> users saw the pop-up and installed. SEP quarantined the files and then >>>>> went >>>>> to all machines on the network and quarantined them on all machines (Win7, >>>>> Vista, and XP).**** >>>>> >>>>> **** >>>>> >>>>> It would be nice if we had a separate network, but I'm not sure that >>>>> will get approved.**** >>>>> >>>>> **** >>>>> >>>>> Robert**** >>>>> >>>>> ** ** >>>>> >>>>> On Thu, Nov 8, 2012 at 6:41 AM, Ken Schaefer <[email protected]> >>>>> wrote:**** >>>>> >>>>> Even if you don’t have a separate network, you can create a separate >>>>> group in WSUS, and put a test machine(s) with your SOE image in that >>>>> group. >>>>> **** >>>>> >>>>> **** >>>>> >>>>> That would allow you to test patches prior to mass deployment. >>>>> Checking for AV issues would be just one thing – I’d recommend that you >>>>> have some test cases for all your important apps as well.**** >>>>> >>>>> **** >>>>> >>>>> Cheers**** >>>>> >>>>> Ken**** >>>>> >>>>> **** >>>>> >>>>> *From:* Robert Cato [mailto:[email protected]] >>>>> *Sent:* Thursday, 8 November 2012 9:48 PM >>>>> >>>>> *To:* NT System Admin Issues >>>>> *Subject:* Re: Symantec %@(*&OI:TNGF(P* >>>>> **** >>>>> >>>>> **** >>>>> >>>>> Ken,**** >>>>> >>>>> **** >>>>> >>>>> That was my first question, but it is still unanswered. I am still new >>>>> at this %dayjob%. **** >>>>> >>>>> **** >>>>> >>>>> In this case, the testing would have had to be done in a separate >>>>> network, which I am fairly sure we don't have. I will take that suggestion >>>>> to the table when we analyze the breakdowns of this incident.**** >>>>> >>>>> **** >>>>> >>>>> Robert**** >>>>> >>>>> **** >>>>> >>>>> On Wed, Nov 7, 2012 at 9:37 PM, Ken Schaefer <[email protected]> >>>>> wrote:**** >>>>> >>>>> No matter who you migrate to, you’ll also run into issues (false >>>>> positives seem to occur all the time, with all vendors).**** >>>>> >>>>> **** >>>>> >>>>> Did you test the patches before releasing to Production? Might be >>>>> worth beefing up the testing regime.**** >>>>> >>>>> **** >>>>> >>>>> *From:* Robert Cato [mailto:[email protected]] >>>>> *Sent:* Thursday, 8 November 2012 5:22 AM >>>>> >>>>> *To:* NT System Admin Issues >>>>> *Subject:* Symantec %@(*&OI:TNGF(P***** >>>>> >>>>> **** >>>>> >>>>> **** >>>>> >>>>> FYI**** >>>>> >>>>> **** >>>>> >>>>> We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. >>>>> One user installed the two updates in the afternoon and Symantec Endpoint >>>>> Protection 12 with several advanced features enabled (threat protection, >>>>> hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among >>>>> them. The real problems started when SEP decided to quarantine the files >>>>> across all ~600 workstations taking us completely offline.**** >>>>> >>>>> **** >>>>> >>>>> The fix was to boot each workstation into safe mode and removing SEP.* >>>>> *** >>>>> >>>>> **** >>>>> >>>>> It was a long night.**** >>>>> >>>>> **** >>>>> >>>>> The good news:**** >>>>> >>>>> None of the advanced features were enabled on the servers.**** >>>>> >>>>> We are migrating away from SEP as of this morning.**** >>>>> >>>>> **** >>>>> >>>>> Robert**** >>>>> >>>>> **** >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin**** >>>>> >>>>> **** >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin**** >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin**** >>>>> >>>>> ** ** >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin**** >>>>> >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>> --- >>>>> To manage subscriptions click here: >>>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>>> or send an email to [email protected] >>>>> with the body: unsubscribe ntsysadmin >>>>> >>>> >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>> --- >>>> To manage subscriptions click here: >>>> http://lyris.sunbelt-software.com/read/my_forums/ >>>> or send an email to [email protected] >>>> with the body: unsubscribe ntsysadmin >>>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
