Slashdot Mirror
Symantec's AntiVirus 10 Deployment Woes?
loraksus asks: "We recently deployed Symantec AV Corporate version 10 across on our network and have been having nothing but problems.
The new client breaks the MS Office install and causes machines to slow down significantly - some almost to the point of being completely unusable. The client (doscan.exe) also crashes very frequently (daily), and tends to take other things down with it. Symantec's 'workaround' is to drop by every workstation and insert the Office (or Wordperfect, it screws up both applications) CD, remove some office shortcuts and disable some virus scans. Since we manage clients over WAN links hundreds of miles away, this really isn't an option, nor is it an acceptable option given the number of workstations we manage. Are there any other admins dealing with this? Any advice? Solutions?"
"It seems that more and more closed source companies are now rushing software out the door that not only has a couple bugs, but glaring errors that would have easily been caught in even the most basic testing. Of course, we in IT usually have no recourse against these companies other than never buying their products, again.
Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?"
Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?"
Problem solved.
Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?
Just tarnish their name with a slashdot article.
I personally don't run virus scanners because of the problems they create. We have Symantec Antivirus 8 at work, but we've removed it from our slower systems and opted for more preventative measures.
Virus scanners do like 1000 times the scanning necessary to be _reasonably_ sure that your system is virus-free. While useful when they actually stop something, overall the cure is worse than the disease. A human just has to check the task manager and run msconfig to spot 90% of the malware out there.
We just got the new Symantec 10 version. An IT co-worker of mine installed it independent of the control center, and we have noticed major problems with it already too. Outlook works fine, however it completely breaks Thunderbird, and also the terrible performance hit that Windows XP took on his machine. We have the control center installed on a Win 2003 server right now, but the server is completely bare, but there is really no performance hit with nothing else running. We are still testing it though.
YOU'RE WINNER !
Another lame blog
Very simple. Get a refund and call Trend Micro.
"The world only exists in your eyes. You can make it as big or as small as you want." - F Scott Fitzgerald
We mostly use 7.6 and 8.0 at work and should upgrade, but after reading this I think we'll stick to 9.0.
It might be an idea to create a package of the client for deployment with something like Intel Landesk (don't know any other software deployment systems off the top of my head), or build your own package by using a tool to record all changes to a system while installing the client, apply the fixes, then build something that will copy all needed files and registry settings to the other clients.
It seems to me that most virusscanners have been slowing down systems more and more over the years. In a few more Windows users will definitely need multicore cpu's just to keep the system usable.
home
use nod32, norton products suck the big one one one
Look sally! Look at zonk die; die zonk die!
Use someone else.
Uh... you tested it first right?
In my area of responsibility, something not working is MY fault. It is not the vendors fault, it is my fault for not testing enough or not chosing the right product.
New or updated software gets testing. Then a *limited* rollout. IF, and ONLY IF, it works for the three test users/servers, then it gets rolled out everywhere.
Symantec's products are the only software I've ever seen that can take a 2Gz P5 and make it perform like a P-133. It is really nothing short of amazing how bloated and resource-intensive their products are. I'm beginning to think this is part of their anti-virus strategy: they make the system so ill-performing and unstable, no virus or worm could properly operate.
That would probably be the reason they named it that.
You can't even say they didn't warn you.
--MarkusQ
P.S. If the next update contains a program called something like "fuscan.exe," "bsodscan.exe," or "solscan.exe" I'd advise against running it.
I just rolled it out to around 300 XP Pro machines on my LAN and 60 across our WAN. So far only a couple head aches with just a few machines on the LAN, mostly with MS Office (Outlook). The patch that Symantec provides works though. This all seems normal to me. NoZ
This isn't advice that's useful to you - it's too late for you.
Never be an early adopter of new technology in a mission critical environment. I thought everyone learned their lessons on that from MS Service Pack experiences years ago...
.sigs are for post^Hers.
Sadly your an exception to the rule, the average IT admin/manager is a complete idiot anymore. Just recently the latest definition for trendmicro was rolled out UNTESTED and 90% of the computers in the company became non funtional... goodtimes
Look sally! Look at zonk die; die zonk die!
http://service1.symantec.com/SUPPORT/ent-security. nsf/pfdocs/2005042710304248?Open
This is a few of the fixes Symantec is pushing around.
I don't understand...since when did Slashdot become a place for technical support? Here's your official Symantec Tech Support line: http://www.symantec.com/techsupp/enterprise/produc ts/sav_ce/sav_ce_10/contact_ts_online.html
What you are describing is actually better than the experience I am having with MacAfee now.
The company did an auto install from the help desk. Some software run times went from 10 min to 3 HOURS. By using exclusions, we have conquered that problem, but it still messes up my acrobat runs by putting in blankl bookmarks. (run the same file on another machien with NAV, and the file is fine.)
I stopped using non corp SAV last year. I found that when I installed it things started to crawl, even on an Athlon 3000+ nicely loaded. I tried it out on some other machines and had the same result. So for personal and friend use, I started using AVG. At work we had a similar situation. We purchased new machines in the office (P4 3.0 Dells) which had McAffee on them and they even crawled. I wiped a test machine, installed SAV, and it seemed worse. Apps's crashed, errors opening Office and various docs. So I wiped again, but used AVG instead, and things didn't slow down. Office is happy. And no problems yet. It seems as thought the big AV makers are trying to have all apps and file run through the AV system and the actual apps do not like that. The apps were writing to Windows API, not the AV API.
Fear Is the Only God
Actually its only your fault if the software works as expected but YOU screwed something up for it not to work properly. If Symantic promised that it would scan virii without messing up his system(s) and he followed the install/configuration procedures perfectly then it isn't his fault that the software doesn't work as expected. It is the vendors fault for selling faulty software. Now it wasn't advantageous for him to have rolled it out untested, but it isn't the admins fault if the product doesn't work as it is advertised. It was foolish NOT to test the software first, but it isn't their fault that it broke everything. If i buy a new car, it is smart to test drive it first, but it isn't an obligation. If I don't test drive it, then buy it, and then on the highway the breaks fail and I crash into another car, I'm not responsible, the dealer [or manufacturor] is. People might not think I'm a genious, but they won't fault me. [Or at least they shouldn't.]
Even though I'm really all for the projects you mentioned, if I had any modpoints left, I'd mod you down.
He's managing systems across a WAN, it should be obvious that that's even less a solution than Synaptic suggested.
I do like to get one point across, though: all those virus scanners, malware removers, and lots of other Windows 'toys' have all this unnecessary cruft around them. They all have a different look and feel, or even a theming system people really don't care about when they use them. There's only a handful of applications I'd apply a theming system too; I even consider Winamp a questionable case.
This just seems like waste, the money invested in the programming and design for such an interface could probably have been spend on reaching the goals the application was actually made for, or fixing stupid bugs. You can have a friendly interface using Windows' native look. If the user wants eyecandy, get him to use WindowBlinds or something.
I hope I don't get to see any of this on my favourite OS anytime soon..
Whoops... Synaptic = Symantec.
Guess which 'favourite OS' I meant there.
The legacy that Microsoft created, of bundling free software with other core products has scared away many good software developers from wanting to compete in this and other arenas. So just a few who have managed to stay alive because they got started early (Symantec and McAffee) are still around, but there's really not much incentive for them to make their products solid -- I suspect most of these companies are outsourcing programming to India anyway, and their products are so compartmentalized for the purpose of managing big, cheap programming teams, this results in crappy software.
Symantec relies on a mafia-subscription-type structure, and software so complicated and bad, that un-installing it in many cases isn't an option unless you want to have to re-format your hard drive. That's their business model. It's not based around producing a really excellent product.
This is one of those scenarios where the "competition" has become so lazy, it's almost desirable for Microsoft to put the final nail in the coffin and put them out of business. Their products couldn't be any worse than Microsoft's versions, and at least we'd probably have better work-arounds with bugs.
Do you not test new software before you do a network rollout? When I was an IT director I would have fired anyone who did a deployment w/o testing then you would be dealing with 1 machine and figuring things out rather than asking slashdot.
Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
McAfee or Trend. In a non-public review I read of about 50 different products, Trend came out on top. This was an internal review for a company with several tens of thousands of employees.
:)
Or, switch everyone off windows.
Need Free Juniper/NetScreen Support? JuniperForum
if I had any modpoints left, I'd mod you down. ... He's managing systems across a WAN, it should be obvious that that's even less a solution than Synaptic suggested.
It's a much better solution. Granted it'd take time to plan and implement and familiarise users with new software, but in the long run - much better solution.
Note that I gave the URL for ClamWin, which would be a 'quick' (well, quicker) solution. I've havn't used ClamWin extensively, but its light enough to run on windows running under Qemu without noticeable effect, and ClamAV on Unix has worked amazingly well for me in keeping mailboxes I administer free of Windows virus crap. Also free. If his existing AV software sucks, he could try that.
However, in the long run, trying to work around frustration after frustration in programmes which apparently are in a battle to run the clock out on Moore's "law", whose only reason for existing is the awful security of the OS they run on, the other options on my list are definitely better solutions, in the long run.
--paulj
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
As much as everyone hates testing, this is one thing that should have been caught in QA before the patch/update was released. Come on - you just dropped a major version into how many machines? You mean you didn't catch something like frequent crashes and office breaking in your QA Cycle? In your pilot?
As much as I hate doing QA and Pilots, they work. For little stuff, screw change management and just change it. But for something like a major release or update, you need to do some testing before you dump the code out to users.
It just makes sense in a CYA way, and makes the weekends yours again.
We emerge from our mother's womb an unformatted diskette; our culture formats us. - Douglas Coupland
Also look into Panda Antivirus, I have yet to have a single problem with it, and it will catch a considerable amount of spyware and malware as well. I also couldn't agree with previous posts, symantc and norton is terrible, the worst antivirus in my opinion. I would never use it and have had nothing but problems with the machines that I have worked on that have it installed. It won't update, gets corrupted, it is just crap and i can not believe anyone would put their name to such a shoddy product.
One thing you can do is simply not upgrade right away. I've never been a big fan of Symantec, but one thing I've learned from them is to not jump on the latest software upgrade. I don't have to deal with them any more, but one customer was 1/2 way through an upgrade to the newest version of A/V when their A/V guy quit. I was handed his job and simply stopped rolling out the newest version. The manager asked me why. A few sample cases where the previous guy had problems rolling it out (taking down servers and billable users) immediately had him backing me up.
... it needs help (be it better methods, better training, better people, or more people). If you don't have one - here's your case for one.
Another thing you can do is set up a better testing environment. If you have one
Winners tell stories while losers yell deal.
Next question, please...
Ruby on Rails Screencast
I rolled it at a 10-user Windows 2000 desktop/Netware 6.5 server and no problems there. I have it on my laptop and a few other misc machines and no problems or noticible slowdowns... Ran 8, 9 and now 10 just fine.
I did notice the automatic scan started after installing the software, which although annoying, was definately not a show-stopper or a point to whine about.
I've migrated quite a few server off of Trend Micro as their software us utter garbage. I'm saddened they bought Intermute, as I hope CWShredder doesn't go away or go paid.
Only other AV I'd try is McAfee, but haven't used it in a number of years to know if it's good. Was a bit flakey back then.
Best of luck...
-m
http://www.invisik.com
I had problems w/ Panda Firewall 2003, and reverted to XP-SP2's less-robust FW.
I have had a good experience with the AV product. Only downside is the mandatory registration. What, they don't trust me???
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
How much longer are people gonna take crap like this from Microsoft and the never ending rigmarole of having to waste cpu cycles constantly scanning items as they are read in and out of the disk???
It's just unbelievable the sheer crap you guys will put up with... I personally dumped Microsoft back in 2000 and haven't regretted it one single bit...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Is to stay at least one revision behind. I just finished getting everything updated to 9.0.2.1000 and have now tested and approved 9.0.3.1000 for use. We're testing 10 but it won't leave the testing environment until these problems are solved.
What? You don't test these things before deployment?
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
We've run somewhere between 6.x and 8.x I think. Damned thing will still just inexplicably stop working. Even heard of one instance on a six month old home machine crapping out.
Someone hates these cans.
Was test it before pushing it company wide. My Company has offices all over the state. Before any new software is deployed, we test it on a small segment(5-10 users) of the userbase at the main office. That way we can discover/ workaround any issues, before we have a thousand computers to fix.
Your situation teaches us that no software comany, no matter how big, should be trusted until its been tested in-house.
Um. No.
He's not driving a passenger car. That is more comparable to Joe Home User. He is operating a fleet of trucks or a racing car. To not test before he bought a new fleet or to enter a race without testing your new suspension would be remiss.
I do like ClamAV. But note that ClamWin doesn't include a real-time scanner. For a WAN-deployment, this is the recipe for a headache. Yes, you can schedule it to run nightly & can configure most email clients and download managers to send files to it first, but users do some dumb things & real-time scans have made less work for ME.
Not.
Panda Software is a money funneling front for the Church of Scientology.
But, if that doesn't make you feel all squirmy then I have to say, the software is decent.
well, one problem there is that if the software doesn't "wow look it looks so flashy and cool, I'm actually paying for something", it might not get sold at all.
so in a business perspective it makes absolute sense to invest dev time into that. who cares if it doesn't actually work as well in stopping viruses? after all, by the time you find out they already have your money.
You just deployed a product to your whole network with out testing? Now you bitch about issues you are bumping into? Do you buy a car with out testdriving it?
TEST TEST TEST! if you had done any testing before hand or research you could hae found information of these problems perhaps taken preventivtive measures against some of the problems you are seeing.
All AV software causese a performance hit and my understanding is this software is also now taking out adware, spyware etc regkeys and all in nearlyone motion. I also belive the min reqirements are 128MB ram which means its not accounting for RAM being used by office, SQL, etc, that is for windows and SAV10 alone. So if you are just sporting 128,256, or 384 meg of ram on a machine I would expect to see a performance hit.
http://www.mit.edu/~jcb/jokes/viola.html
I'll get me coat...
I think that is unfortunately indictive of the current state of affairs..
I have seen the same problem with other large AV suppliers as well, the scanning engine just overwhelms the system, which is often taxed due to the 'upgrade' to XP.
At the rate we re going, it will take a 2nd CPU just for scanning..
---- Booth was a patriot ----
My experience is that Symantec has a long history of serious problems with new releases. Apparently the company managers are unwilling to hire enough technical staff.
At home, Symantec's been slowing down my machines for a couple years now. As their virus signature definitions come up for renewal, I just go to Grisoft and install AVG. Since their SOHO 2-license deal is good, I have one machine on the free version until my last Symantec license expires on the other box, then I'll buy AVG for those two.
Time to vote with your feet, folks!
DT
Is this thing on? Hello?
Symantec are, quite frankly, crud. They're a big name, but that's all they are--their products are half-baked but none-the-less have a huge presence.
HOWEVER, this is almost certainly your own fault for not deploying Office from an MSI administrative install point like you were supposed to. The MSI subsystem is merely looking to repair a component of Office that got clobbered (no big surprise that the Symantec installation would do that!), and would do so automatically from a network share if you'd deployed Office correctly.
As for disabling scans, you have NAV Corporate right? You have a central admin service? Given by the way you write, probably not. You should have been scheduling scans through that, which would make scheduling/unschelding scans very easy.
And you can easily disable/enable real-time protection using a central server.
ClamAV is, of course, not an option. It's only a command line and mail scanner, and not a desktop real-time scanner. It's for geeks maintaining mail servers - nothing in the Open Source world addresses the corporate situation.
I hear good things about Trend, though.
ClamWin doesn't do real time scanning (yet)
Go take a peek at Avast! www.avast.com I've been running the home version and loving it for what it does and does not do.
They got a enterprise version, home version, oh and a Linux version too!
First rule of holes; When in one, stop digging.
We're having problems with it. doscan.exe is taking a LOT of CPU on some systems. We haven't been able to reproduce it in our lab but it hit some developers. Symantec has a reg key to disable that. doscan also crashes, but it seems to be on systems with a lot of Adware so it shows up which systems to scan.
The biggest problem we've hit is that it's causing errors with ClearCase. I haven't dug in to it very much but on Friday we removed the AV from a test system and the new errors in ClearCase stopped.
(Note: I am a huge fan of Linux, and I love to try new things. I have also had fairly good luck with Symantec - read below.)
USEZORZ AVG CUZ ITS FREE AND THAT MAKEZ IT G00D SINCE IT IS FREE IT MUST BE BETTERZORZ AND CAUSE IT'S TOTALLY NOT 0WN3D BY A BIG COMPANY IT MUST ROX0R
Right. Anyway, I work in the IT department at a moderately-sized institution, and I can tell you I've had my fair share of headaches with Symantec/Norton Corporate. We've been using it since before I even started coming here, and it's always caused problems - but it's never caused problems because of the program itself.
The problems that happen, including sluggishness, crashing, etc., happen because students (and even IT folks) don't FULLY uninstall old versions of ANY software. It's common knowledge that having more than one anti-virus package can cause quite a few problems - they don't play nicely.
Thankfully, since it's the summer, I've had time to pursue one of my favorite past-times - the pursuit of making things work more easily for the user. For the past two weeks, I've been developing an application that will remove all traces of ANY anti-virus software on your system - Norton, Symantec, McAfee, and even some of the Norton derivatives (SystemWorks, Internet Security).
I've been running tests and it seems that computers just don't like it with more than one virus program installed (fancy that!)...so this program cleans you up entirely, leaving you free to install whatever you want.
When I'm done with it (and clear it with Legal), I will post it on my website under GPL. Feel free to tinker with it - it's a mishmosh of batch files, registry entries, some creative grep and sed (thankfully they have it for windows!) and the Nullsoft Scriptable Install System.
In conclusion, I believe that fully removing all traces of any other virus software is not only smart, it's the only sure way to avoid problems.
AccountKiller
...is that they only release definition updates about once a week. Other products that I've used and deployed (CA, Trend, F-prot) release updates on an almost daily basis, sometimes multiple times a day.
Actually, I have not seen this. I have run Symantec for years. I am a consultant and find that most people never clean up their systems...that's what really leads to problems. But of course, blame the vendor. I bet half of the people bitching on this board are running an illegal copy of Norton/SAV anyway.
Again, you guys are supposed to be techies - yet you aren't aware of Trend's problems? They have worse QA problems than anyone. Since when should a virus definition update take down your computer. Seems it happened to thousands of systems in April. Poor, Poor choice to go with Trend. At least keep your $$ in the USA.
A good company will have an effective helpdesk (no no, don't laugh). When I worked at Attachmate we had a helpdesk that evaluated new software before putting it on the approved list. This was the practice there, in part, because it was the practice in the firms we sold to (I'm talking multi-thousand seat firms). The annual challenge for Attachmate was to get onto the "approved vendor list" at these major firms. From the helpdesk perspective this makes good sense: you can better support fewer things, and you know those things actually do work if installed properly.
... and Norton Utilities actually hosed drives bad instead of helping them. Most recently, when I last upgraded my NAV at home I was disappointed to have to completely disable the email scanning. It just plain hoses up the POP3...the proxy doesn't verk. If it's going to hose up anything email related I would *much* prefer that it hose up SMTP, not POP3!
Anyways, this dude here is asking for suggestions... Symantec's (retarded) 'workaround' is not an option for him because they manage clients over WAN links hundreds of miles away. Sounds like he dropped the ball on the evaluation period. Later he says "It seems that more and more software is rushing out the door with glaring errors". Well, mon, if they are so glaring, how did you get to a point of comfort with the idea of installing them hundreds of miles away??
BTW, although this dude was boneheaded, Symantec is not blameless in this... They do put out komplete krunk from time to time. Anyone remember the Norton Utilities for Mac back when Apple introduced HFS+
Oh well. I'm going to dust off one of my Apple ][+ boxes...
Nice try. It's a paid site now. You have to differentiate between in the wild tests and unknown tests. Do some research before you post crap.
This just reinforces my theory that you can't read. The site is FREE. Free registration!