SEP

[badgolferman]

My place of work is providing Home Use Symantec Endpoint Anti-Virus
Protection 11.0.5 (SEP) for employees to install on their home
computers.

Any opinions or experiences on its effectiveness and impact upon
resources?

 

[David H. Lipman]

From: "badgolferman" <[email protected]>

| My place of work is providing Home Use Symantec Endpoint Anti-Virus
| Protection 11.0.5 (SEP) for employees to install on their home
| computers.

| Any opinions or experiences on its effectiveness and impact upon
| resources?

Symantec, no matter what version, has fallen behind in catching malware.

I suggest forgetting about it and go with Avira AntiVir.

 

[Virus Guy]

Symantec, no matter what version, has fallen behind in catching
malware.

I suggest forgetting about it and go with Avira AntiVir.

I find that a lot of the malware that I submit to VT comes back with
symantec detecting it as a threat more often than Avira.

Here's a recent example:

http://tinyurl.com/yg6jkmg

 

[badgolferman]

Symantec, no matter what version, has fallen behind in catching
malware.

I suggest forgetting about it and go with Avira AntiVir.

The latest AV-Comparatives tests seem to indicate Symantec has
performed quite well, even better than AntiVir.

 

[Leythos]

My place of work is providing Home Use Symantec Endpoint Anti-Virus
Protection 11.0.5 (SEP) for employees to install on their home
computers.

Any opinions or experiences on its effectiveness and impact upon
resources?

We use it for almost every client's network, have never had a client
that we manage compromised, and we test every quarter with other vendors
products.

Version 11.0.5 SEPP is a great product, as well as 11.0.4 MR4/5.

 

[louise]

From: "badgolferman" <[email protected]>

| My place of work is providing Home Use Symantec Endpoint Anti-Virus
| Protection 11.0.5 (SEP) for employees to install on their home
| computers.

| Any opinions or experiences on its effectiveness and impact upon
| resources?

Symantec, no matter what version, has fallen behind in catching malware.

I suggest forgetting about it and go with Avira AntiVir.

I'm noticing a lack of enthusiasm and recommendations for
Eset NOD. What are your thoughts about it now?

Thanks.

Louise

 

[Virus Guy]

Shall we go for more ?

I've found a few more, but haven't tested my entire inventory (it's
tedious to do).

Why would you recommend Avira over Kaspersky?

Kaspersky seems to consistently detect more threats (and detect them
early) than any other AV program (including Avira and Symantec).

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>


| I've found a few more, but haven't tested my entire inventory (it's
| tedious to do).

| Why would you recommend Avira over Kaspersky?

| Kaspersky seems to consistently detect more threats (and detect them
| early) than any other AV program (including Avira and Symantec).

I would not/have not suggest Avira AntiVir over Kaspersky.

 

[David H. Lipman]

From: "louise" <[email protected]>



| I'm noticing a lack of enthusiasm and recommendations for
| Eset NOD. What are your thoughts about it now?

| Thanks.

| Louise

I'd go with it over Symantec.

 

[Virus Guy]

| I've found a few more, but haven't tested my entire inventory
| (it's tedious to do).

This morning I get an e-mail advertizing itself as coming from Facebook,
containing a link to a zip'd executable file.

I download the file and submit it to VT.

VT is reporting it's already seen the file, but the file date and time
it says it first saw it is the same as the current (present) date and
time. It says that in it's last run, the file was being detected by 20
out of 41 AV apps. Neither Symantec or Antivir is detecting the file as
a threat.

I say go ahead, scan it again. This time it's coming back with 22 AV's
detecting it (two more compared to it's previous scan). Symantec is one
of those - Antivir still not picking it up:

http://tinyurl.com/yl2bmfs

I'm not an active supporter of any particular AV app, certainly not
Symantec.

But I don't think it deserves a bad rap (from a detection POV). It's
probably in the top 5 of that group of 40-odd AV programs. Maybe it's a
slug from a system performance pov - I don't know.

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>


| This morning I get an e-mail advertizing itself as coming from Facebook,
| containing a link to a zip'd executable file.

| I download the file and submit it to VT.

| VT is reporting it's already seen the file, but the file date and time
| it says it first saw it is the same as the current (present) date and
| time. It says that in it's last run, the file was being detected by 20
| out of 41 AV apps. Neither Symantec or Antivir is detecting the file as
| a threat.

| I say go ahead, scan it again. This time it's coming back with 22 AV's
| detecting it (two more compared to it's previous scan). Symantec is one
| of those - Antivir still not picking it up:

| http://tinyurl.com/yl2bmfs

| I'm not an active supporter of any particular AV app, certainly not
| Symantec.

| But I don't think it deserves a bad rap (from a detection POV). It's
| probably in the top 5 of that group of 40-odd AV programs. Maybe it's a
| slug from a system performance pov - I don't know.

I have Symantec SAVCE on all my office computers (not by choice) and I find I have to
remove rogues too bloody often becuse Symantec filed to recognize the infection before or
after.

I have one guy on temporary duty and I received an email from his BB indicating a rogue
infection. I told him NOT to use the notebook and he must see me when he returns to the
office Friday AM.

BTW: I can get the sample from Virus Total unless you are WILLING to upload it to;
http://www.uploadmalware.com/

I am *always* willing to accept any/all submissions posted to UploadMalware

 

[The Central Scrutinizer]

So what OS are you talking about? XP???

--

From: "Virus Guy" <[email protected]>



| This morning I get an e-mail advertizing itself as coming from Facebook,
| containing a link to a zip'd executable file.

| I download the file and submit it to VT.

| VT is reporting it's already seen the file, but the file date and time
| it says it first saw it is the same as the current (present) date and
| time. It says that in it's last run, the file was being detected by 20
| out of 41 AV apps. Neither Symantec or Antivir is detecting the file as
| a threat.

| I say go ahead, scan it again. This time it's coming back with 22 AV's
| detecting it (two more compared to it's previous scan). Symantec is one
| of those - Antivir still not picking it up:

| http://tinyurl.com/yl2bmfs

| I'm not an active supporter of any particular AV app, certainly not
| Symantec.

| But I don't think it deserves a bad rap (from a detection POV). It's
| probably in the top 5 of that group of 40-odd AV programs. Maybe it's a
| slug from a system performance pov - I don't know.

I have Symantec SAVCE on all my office computers (not by choice) and I
find I have to
remove rogues too bloody often becuse Symantec filed to recognize the
infection before or
after.

I have one guy on temporary duty and I received an email from his BB
indicating a rogue
infection. I told him NOT to use the notebook and he must see me when he
returns to the
office Friday AM.

BTW: I can get the sample from Virus Total unless you are WILLING to
upload it to;
http://www.uploadmalware.com/

I am *always* willing to accept any/all submissions posted to
UploadMalware

 

[David H. Lipman]

From: "The Central Scrutinizer" <[email protected]>

| So what OS are you talking about? XP???

What does the OS have to do with this ?

 

[The Central Scrutinizer]

From: "The Central Scrutinizer" <[email protected]>

| So what OS are you talking about? XP???

What does the OS have to do with this ?

Quite a bit...

--

 

[FromTheRafters]

Quite a bit...

Not a bit. Nearly all OSes store programs as files, and are capable of
submitting them to content scanning.

If you are referring to badgolferman's "...impact upon resources?" you
should respond to him rather than to participants in the subthreads who
are discussing "effectiveness..." as it pertains to VT results.

 

[The Central Scrutinizer]

Not a bit. Nearly all OSes store programs as files, and are capable of
submitting them to content scanning.

Not a bit??? Sure. How about answering the question.

If you are referring to badgolferman's "...impact upon resources?" you

Actually I am referring to which OS this is concerning and nothing more.

should respond to him rather than to participants in the subthreads who
are discussing "effectiveness..." as it pertains to VT results.

So just exactly who are you to be telling me what to do or not to
do????

--

 

[David H. Lipman]

From: "The Central Scrutinizer" <[email protected]>


| Not a bit??? Sure. How about answering the question.

| Actually I am referring to which OS this is concerning and nothing more.

| So just exactly who are you to be telling me what to do or not to
| do????

He's FTR and he isn't clueless.

 

[The Central Scrutinizer]

| So just exactly who are you to be telling me what to do or not to
| do????

He's FTR and he isn't clueless.

FTR? And I never said he was clueless.

--

 

[FromTheRafters]

Not a bit??? Sure. How about answering the question.

I just did, the discussion at this point involves submission of a file
to a scanner over the internet. Most OSes are fully capable of
submitting files to VT. The OS is totally irrelevent.

Actually I am referring to which OS this is concerning and nothing
more.

What "impact on resources" would, of course, depend on those resources
being impacted (making the OS relevent). As it is about effectiveness of
VT's versions of scanners, the OS is not relevent.

So just exactly who are you to be telling me what to do or not to
do????

I'm not telling you to do anything. I'm telling you what you *should*
do.

....there's a difference, but I don't expect you to *get* it.

 

[The Central Scrutinizer]

I just did, the discussion at this point involves submission of a file to
a scanner over the internet. Most OSes are fully capable of submitting
files to VT. The OS is totally irrelevent.

OK sorry I missed that point You are correct.