We?ve been running Symantec Endpoint Protection (SEP) for a few months now and have around 650 clients deployed. It is a completely different product from the 10.x series, and includes an ?all in one? feature set: antimalware, firewall\IPS, and ?application and device control?. We?ve elected to keep things simple and just run with the antivirus and antimalware portions.
I feel that they did a respectable job (as far as vendors go) of installation and administrative documentation, and it was relatively painless to put together a load balance\failover pair of SEP Management (SEPM) servers using a SQL backend. Active Directory synchronization was also a bonus which helps with the arrangement of SEP configuration policies (leveraging your OU structure). One minor gripe is that while policies in SEPM are hierarchical, they are not cumulative (which is counterintuitive to an AD guy).
Remote client installation was completely silent and non-disruptive to the user base, which is a huge factor.
Reporting still leaves something to be desired. While I can derive the information that I want out of the available reports, it would be much more effective if further customization was available. At some point I may look into writing our own reports, but the 600 table SQL database looks like (disconnected) spaghetti.
One snag that I should mention is that SEP mangled client connectivity on a few of our Windows 2008 file servers. A patch is available to resolve the issue, and while it hasn?t recurred since patching, it kept us apprehensive of the product for a while.
[Hort]: ?For those of you currently using Symantec Norton Corporate Edition, would you recommend the new version??
I?d recommend that you try it. I have yet to see a product that gets perfect 10?s in all categories, but this is a significant rewrite and deserves a look. It?s not without its faults, but I haven?t seen any showstoppers. While I can?t offer any empirical data about its effectiveness, I can at least anecdotally say that we witnessed an influx of detections as we migrated to SEP from SAVCE, which would indicate that it?s doing a better job.
[Hort]: ?Is it still getting hung-up on definitions updates??
I haven?t had this problem.
[Firm]: ?One of my favorite features is the ability to setup laptops to get updates/definitions from the local VIPRE server while in the office and the central/global VIPRE server while away from the office. Another feature I like is the ability to set it to report only and not take any action while an administrator is notified.?
Both features are also available with SEP. We have two ?locations? configured in SEPM which the clients automatically configure themselves for based on if they can communicate with a SEPM server or not. If they cannot, they?re configured to get updates from Symantec?s servers. If they can, they use ours. Most settings can be configured in this manner.
Event based actions are fairly granular to control. For example, you can configure ?Adware? to automatically be cleaned, but get notifications only for ?Remote Access? (LogMeIn) and ?Hack Tools? (Angry IP Scanner).
Tony Cooke
The Eli Broad College of Business
Michigan State University
[log in to unmask]
(517) 884-1592
