Symantec Endpoint Protection - Opinions Please

We are running Exchange Server 2003 and are thinking about upgrading to the Corporate version of Symantec Endpoint Protection from the Symantec corporate antivirus client.  It would be really helpful to hear some opinions of the product.  Any users out there?
Thank you for your input.  
Who is Participating?
ParadiseITSConnect With a Mentor Commented:
I used Symantec's product with Exchange 2003 for awhile and found it to be intrusive and overly protective.  I spent too much time looking for quarantined items and tweaking settings.  If you have the time, it's probably a pretty good product.  I would highly recommend steering clear of anything on your Exchange server itself beyond AV and getting an appliance to sit in front of it.  I recommend Barracuda but there are many good devices out there.
skbryanAuthor Commented:
Thank you for the input.  Personally, I have NEVER liked Symantec's antivirus solutions.  But I'm on an info finding mission, so your comment is much appreciated.  Heard some good things about ESET NOD32 Antivirus for Microsoft Exchange. . .
ParadiseITSConnect With a Mentor Commented:
I like Symantec's AV just fine, BUT my #1 for Exchange would be Trend Micro... but that's my opinion... to counter that, we use Symantec on Exchange here :) but Barracuda in front of it that handles most of the Virus/SPAM heavy lifting.
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

symfwConnect With a Mentor Commented:
SEP11 is great. Plain and simple.

It has everything you could possibly want, rolled into one lightweight package with a small footprint.

If you take the time to configure it correctly, then it is the perfect solution. This is they key though. You cannot be a cowboy and simply roll it out without testing it in your environment. It is a powerful product and should be customised to your setup (I.e. Firewall Policy, Centralized Exceptions etc).

If you want to consolodate your AV/Client FW/Anti-Spam etc into one centrally managed package, then get SEP11.
SEP11, so far, has been a nightmare.  I see serious problems with this product in its current form.  

First off, there is a known bug that can suddenly shut off all the shares of a server.  In my case, it was my domain controllers.  My network came to a halt because no one could authenticate back to the domain controllers.  There is a fix, but even that fix has been causing some issues.  I am on hold (again) as I type this waiting for Symantec tech support.

The Outlook scanner is also a resource hog.  It made Outlook 2003 almost unusable on our test machines.  We are just rolling out the basic Anti-virus/Anti-Spyware and it is still causing grief.

Seriously look into this product before buying it.  Check out their support forums for others seeing the same thing I am.
We used symantec endpoint security 11, unhappy with it. It is a good product, if your client have enough RAM and min 100 Mbps network.
We thought either buy more RAM for clients or move to eSET (nod32).
So on this renewal we will choose eSET (faster on client with adding RAM).

Fred KuijperIT Project Manager / ArchitectCommented:
SEP11 is a nightmare.
Upgraded from version 10 to DC on win2003. Encountered a bug that shuts off all access to the shares from the network. Even worse is the fact that is takes a couple of hours to reach that state. At first everything worked fine, after half an hour one users had access problems. After about 2 hours the network came to a grinding halt.

On the clients is seems to work fine, on the server removed everything form SEP11 and installed NOD32, lightwight and works like a charm.
skbryanAuthor Commented:
I really appreciate the time that all of you took to answer my question.  Thank you.
ABSOLUTE DISASTER.  After installing this on our Small Business Server 2003, all 8 workstations on the network lost connections to network drives and shared applications.  This was after a very careful, thorough firewall setup.  
If you don't have the luxury of setting up a test environment with a server that launches all the applications your office will be using, DON'T EVEN CONSIDER IT.  Your entire office could lose a whole day of productivity.
Symantec supposedly fixed some of these issues in December, but I'm still going to be sweating bullets while trying this a second time.
I am not sure about this product, my first attempt of a rollout ended with the BIG BUG, thats right the one that stops then network working, file shares, databases, authentication you name it. Now I waited for the fix and yes it did work. I have run this on a site for 2 months and the support has gone through the roof. They run office 2007 with BCM and it is constantly crashing outlook. I have not pin pointed this to Symantec but it is the only difference on the networks that I am supporting. I have always used Symantec and it has always been reliable but this version I do not trust. I have over 60 sites to upgrade but I am not going to yet. I am now going to try to remove Symantec endpoint and see if this sorts out my office problems, I will let you know. If this does work bye bye Symantec one big problem is not good. Number 2 and I will shift my business. Anyone else having office 2007 related issues with endpoint??
I hope some poor soul does not take the advise of the accepted answer. SEM IS A TERRIBLE PRODUCT. I am poasting my notes I used to justify replacing this horrifying miserable excuse for an endpoint protection tool:
1-      Labbed fine
2-      In production, Server crashed during install of last client set. Supports answer was to re-install, which destroyed existing database
3-      Since there is no way to import clients from old server to new, we had to manually modify workstations. CS was able to cobble together a script using System Internal tools to import all of our XP PCs but all Win2000 had to be touched.
4-      About 20% Outlook clients were not able to open attachments after rollout. Ends up this is a bug in MP1 (the latest at the time) if you installed the Outlook scanning option but had it disabled (as the install instructions advise you to do). The fix involved installing a hotfix on each machine. The hotfix was not even an msi, it was an exe. This is not really a factor since SEPM broke SMS, so we couldnt push packages out (see item 6).
5-      Several PCs have a bug that created a hidden full system scan. Support acknowledged this bug and advised the only way to resolve this is to edit the registry on effected machines.
6-      SEPM broke IIS and after re-installing IIS, which broke all of our other IIS applications on the server. Support advised the only way to get SEPM working again is to re-install, which will probably break IIS again&
7-      SEP is a huge resource hog and is slowing PCs
8-      Symantec Support clearly outsources support to places that do not speak English well.
9-      Several PCs are now effected by the 0xc000007b problem Symantec  acknowledges this problem but blames other software vendors see:
Serge FournierAnalyst ProgrammerCommented:
nightmare on client, did not install on servers
unless you do not install the new fire wall on clients (smc.exe)

this firewall decided to scan all transaction on the network, and laggin it to hell, for client with a cpu older than 1 year

Long closed thread, but we have used SEP 11 for one year and I hate it. HEAVY product. When it scans a clients PC, you can't work on it. When using the SEP Manager, it fills your hard drive space with unneeded files and uses 100% of the CPU for a pretty prolonged period of time. (They since made a fix for the files filling your hard drive however).

Using the SEP Manager if you updated Java you were in for surprises. (They fixed that too).

In short, I felt like a beta tester.

On the other side of the coin, their tech support people have been great.

A new year and a new contract. I'm trying something else.

Just going through a hideous experience with 11.03 which I had waited for hoping I would not have the troubles others have had. Also in a SBS 2003 R2 environment. Could never get the management console to work/authenticate. Other parts like Live Update console installed perfectly well. Tried usign sql instead of embedded, incluidng own instance. This product is not fit for this purpose. Crashed exchange services severall times, numnerous server restarts, reinstalls, etc etc etc. Crashes all remote access to server, not way to allow safe entry. Misery on uninstalls that stall crash and cannot be completed upon restart without reinstall and reuninstall. I want my money back.
We have become experts at fixing this mess and now have a lot of sites live which have no issues (my engineers have even started to like the product).  If your in the UK and want help feel free to contact us

Glad this "popped up" again....

Just as a side not here, we have dumped Symantec and have gone with eSet.

No dogware here. Lite and it has stopped even the spy and other MalWare. Symantec NEVER seemed to find or catch such stuff.

Anyway, easy management interface, not Java version specific and just clean.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.