Solved

Symantec Endpoint Protection - Opinions Please

Posted on 2007-11-15
17
8,232 Views
Last Modified: 2013-12-09
We are running Exchange Server 2003 and are thinking about upgrading to the Corporate version of Symantec Endpoint Protection from the Symantec corporate antivirus client.  It would be really helpful to hear some opinions of the product.  Any users out there?
 
Thank you for your input.  
0
Comment
Question by:skbryan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +9
17 Comments
 
LVL 9

Accepted Solution

by:
ParadiseITS earned 55 total points
ID: 20292420
I used Symantec's product with Exchange 2003 for awhile and found it to be intrusive and overly protective.  I spent too much time looking for quarantined items and tweaking settings.  If you have the time, it's probably a pretty good product.  I would highly recommend steering clear of anything on your Exchange server itself beyond AV and getting an appliance to sit in front of it.  I recommend Barracuda but there are many good devices out there.
0
 

Author Comment

by:skbryan
ID: 20292670
Thank you for the input.  Personally, I have NEVER liked Symantec's antivirus solutions.  But I'm on an info finding mission, so your comment is much appreciated.  Heard some good things about ESET NOD32 Antivirus for Microsoft Exchange. . .
0
 
LVL 9

Assisted Solution

by:ParadiseITS
ParadiseITS earned 55 total points
ID: 20292736
I like Symantec's AV just fine, BUT my #1 for Exchange would be Trend Micro... but that's my opinion... to counter that, we use Symantec on Exchange here :) but Barracuda in front of it that handles most of the Virus/SPAM heavy lifting.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 2

Assisted Solution

by:symfw
symfw earned 20 total points
ID: 20297151
SEP11 is great. Plain and simple.

It has everything you could possibly want, rolled into one lightweight package with a small footprint.

If you take the time to configure it correctly, then it is the perfect solution. This is they key though. You cannot be a cowboy and simply roll it out without testing it in your environment. It is a powerful product and should be customised to your setup (I.e. Firewall Policy, Centralized Exceptions etc).

If you want to consolodate your AV/Client FW/Anti-Spam etc into one centrally managed package, then get SEP11.
0
 

Expert Comment

by:WCRIS
ID: 20452294
SEP11, so far, has been a nightmare.  I see serious problems with this product in its current form.  

First off, there is a known bug that can suddenly shut off all the shares of a server.  In my case, it was my domain controllers.  My network came to a halt because no one could authenticate back to the domain controllers.  There is a fix, but even that fix has been causing some issues.  I am on hold (again) as I type this waiting for Symantec tech support.

The Outlook scanner is also a resource hog.  It made Outlook 2003 almost unusable on our test machines.  We are just rolling out the basic Anti-virus/Anti-Spyware and it is still causing grief.

Seriously look into this product before buying it.  Check out their support forums for others seeing the same thing I am.
0
 
LVL 1

Expert Comment

by:imran786
ID: 20559184
We used symantec endpoint security 11, unhappy with it. It is a good product, if your client have enough RAM and min 100 Mbps network.
We thought either buy more RAM for clients or move to eSET (nod32).
So on this renewal we will choose eSET (faster on client with adding RAM).

0
 

Expert Comment

by:Fred Kuijper
ID: 20652119
SEP11 is a nightmare.
Upgraded from version 10 to DC on win2003. Encountered a bug that shuts off all access to the shares from the network. Even worse is the fact that is takes a couple of hours to reach that state. At first everything worked fine, after half an hour one users had access problems. After about 2 hours the network came to a grinding halt.

On the clients is seems to work fine, on the server removed everything form SEP11 and installed NOD32, lightwight and works like a charm.
0
 

Author Closing Comment

by:skbryan
ID: 31409413
I really appreciate the time that all of you took to answer my question.  Thank you.
0
 

Expert Comment

by:anotheropinion
ID: 20711921
ABSOLUTE DISASTER.  After installing this on our Small Business Server 2003, all 8 workstations on the network lost connections to network drives and shared applications.  This was after a very careful, thorough firewall setup.  
If you don't have the luxury of setting up a test environment with a server that launches all the applications your office will be using, DON'T EVEN CONSIDER IT.  Your entire office could lose a whole day of productivity.
Symantec supposedly fixed some of these issues in December, but I'm still going to be sweating bullets while trying this a second time.
0
 
LVL 1

Expert Comment

by:brasso_42
ID: 21557090
I am not sure about this product, my first attempt of a rollout ended with the BIG BUG, thats right the one that stops then network working, file shares, databases, authentication you name it. Now I waited for the fix and yes it did work. I have run this on a site for 2 months and the support has gone through the roof. They run office 2007 with BCM and it is constantly crashing outlook. I have not pin pointed this to Symantec but it is the only difference on the networks that I am supporting. I have always used Symantec and it has always been reliable but this version I do not trust. I have over 60 sites to upgrade but I am not going to yet. I am now going to try to remove Symantec endpoint and see if this sorts out my office problems, I will let you know. If this does work bye bye Symantec one big problem is not good. Number 2 and I will shift my business. Anyone else having office 2007 related issues with endpoint??
0
 
LVL 6

Expert Comment

by:montezz
ID: 21625446
I hope some poor soul does not take the advise of the accepted answer. SEM IS A TERRIBLE PRODUCT. I am poasting my notes I used to justify replacing this horrifying miserable excuse for an endpoint protection tool:
1-      Labbed fine
2-      In production, Server crashed during install of last client set. Supports answer was to re-install, which destroyed existing database
3-      Since there is no way to import clients from old server to new, we had to manually modify workstations. CS was able to cobble together a script using System Internal tools to import all of our XP PCs but all Win2000 had to be touched.
4-      About 20% Outlook clients were not able to open attachments after rollout. Ends up this is a bug in MP1 (the latest at the time) if you installed the Outlook scanning option but had it disabled (as the install instructions advise you to do). The fix involved installing a hotfix on each machine. The hotfix was not even an msi, it was an exe. This is not really a factor since SEPM broke SMS, so we couldnt push packages out (see item 6).
5-      Several PCs have a bug that created a hidden full system scan. Support acknowledged this bug and advised the only way to resolve this is to edit the registry on effected machines.
6-      SEPM broke IIS and after re-installing IIS, which broke all of our other IIS applications on the server. Support advised the only way to get SEPM working again is to re-install, which will probably break IIS again&
7-      SEP is a huge resource hog and is slowing PCs
8-      Symantec Support clearly outsources support to places that do not speak English well.
9-      Several PCs are now effected by the 0xc000007b problem Symantec  acknowledges this problem but blames other software vendors see: https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=6712#M6712
0
 
LVL 12

Expert Comment

by:Serge Fournier
ID: 21821400
nightmare on client, did not install on servers
unless you do not install the new fire wall on clients (smc.exe)

this firewall decided to scan all transaction on the network, and laggin it to hell, for client with a cpu older than 1 year


0
 
LVL 18

Expert Comment

by:Johnjces
ID: 22156653
Long closed thread, but we have used SEP 11 for one year and I hate it. HEAVY product. When it scans a clients PC, you can't work on it. When using the SEP Manager, it fills your hard drive space with unneeded files and uses 100% of the CPU for a pretty prolonged period of time. (They since made a fix for the files filling your hard drive however).

Using the SEP Manager if you updated Java you were in for surprises. (They fixed that too).

In short, I felt like a beta tester.

On the other side of the coin, their tech support people have been great.

A new year and a new contract. I'm trying something else.

John
0
 

Expert Comment

by:hswiseman
ID: 22897475
Just going through a hideous experience with 11.03 which I had waited for hoping I would not have the troubles others have had. Also in a SBS 2003 R2 environment. Could never get the management console to work/authenticate. Other parts like Live Update console installed perfectly well. Tried usign sql instead of embedded, incluidng own instance. This product is not fit for this purpose. Crashed exchange services severall times, numnerous server restarts, reinstalls, etc etc etc. Crashes all remote access to server, not way to allow safe entry. Misery on uninstalls that stall crash and cannot be completed upon restart without reinstall and reuninstall. I want my money back.
0
 
LVL 1

Expert Comment

by:brasso_42
ID: 22897552
We have become experts at fixing this mess and now have a lot of sites live which have no issues (my engineers have even started to like the product).  If your in the UK and want help feel free to contact us

http://www.blazenetworks.co.uk

0
 
LVL 18

Expert Comment

by:Johnjces
ID: 22897620
Glad this "popped up" again....

Just as a side not here, we have dumped Symantec and have gone with eSet.

No dogware here. Lite and it has stopped even the spy and other MalWare. Symantec NEVER seemed to find or catch such stuff.

Anyway, easy management interface, not Java version specific and just clean.

John
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question