Okay so remind me again what Antivirus really does other than….

Problems accessing file shares on Windows Server 2008 64-bit running Symantec Endpoint Protection

Question/Issue:
Why are Windows XP and Vista clients losing connectivity to Windows Server 2008 64-bit file shares and DFS shares?


Symptoms:
Windows XP and Vista clients lose connectivity to Windows Server 2008 64-bit file shares and DFS shares after a period of time when the server is under load during production hours. The Windows Server 2008 itself does appear to be working and does not show any signs of a deadlock. This issue was reported on Symantec Endpoint Protection MR3 and MR4.


Solution:
This problem is fixed in Symantec Endpoint Protection 11.0.4202.75 (MR4 MP2) or later.

For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216494948


Okay so remind me again what Antivirus really does other than….


1.  Lull me into a false sense of security


2.  Make me think it’s doing something when instead it’s causing problems on my network that I blame on something else


If you use antivirus on your SBS 2008, make sure you are on a version you’ve tested, set up the necessary exclusions so that it doesn’t scan stuff it shouldn’t, and make sure you are on a version that isn’t nailing your server.


For reference please read the formerly employed at Microsoft Steve Riley’s blog posts on the topic —


http://blogs.technet.com/steriley/archive/2007/09/25/more-on-the-necessity-of-antivirus-software.aspx


http://blogs.technet.com/steriley/archive/2007/09/22/antivirus-software-who-needs-it.aspx


And this favorite of mine that showcases all of the places you need to exclude —


http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx

8 Thoughts on “Okay so remind me again what Antivirus really does other than….

  1. Don Murphy on May 20, 2009 at 9:37 pm said:

    11.0.4202_MR4_MP2 is available as of may 19, 2009. AFAIK this only affects users who are running the firewall component of SEP (Network Threat Protection). As part of my standard instalation I do not deploy this and instead deploy Windows Firewall via group policy.

  2. Same sentiment here.

    The AV/AS solution that has caused me the least amount of grief over the years has been Sophos Antivirus. The most amount of grief has been CA Antivirus. Others slot in somewhere in between.

    Sometimes its nonsense like you mention above and other times its poor configuration, default or otherwise.

    Most problems are reduced by having a good understanding of the solution and its configuration points and also good maintenance practices.

  3. What I cannot believe is how many updates of EndPoint there have been. It’s gotten so bad there is updates to the updates. First it was MR1, then they got up to MR4, and then MR4 has issues so they are patching it up with other updates. First there was MR4 Mp1, then MR4 mp1A, now MR4 mp2. All within the last couple months..

  4. Before Microsoft let me go, I was running Forefront Client Security on my laptop because corpnet’s NAP required me to. I used FFCS v1 for about four months, and FFCS v2 about two months. Both of them were pleasantly resource-friendly. They never caused any crashes and didn’t seem to affect performance at all.

    So now that I’m “independent,” I’m still of the opinion that the built-in Windows firewall plus UAC plus automatic updates provide the minimum sufficient client defense; if you need anti-malware, check out FFCS.

  5. Joe Raby on May 22, 2009 at 12:06 pm said:

    I use FCS in unmanaged mode on my small SBS network. It works great! I have it on the SBS Server as well since OneCare for Server went t*ts up. I put in several exclusions for Exchange and such, but the workstations run with the defaults. I’m hoping Morro will be just as easy (I hear the FCS team are designing it, so I’m guessing it will look just like the FCS agent and Defender).

  6. Sho where did you pull that text from. We have been fighting to get rid of Symantec. One more nail in the coffin.

  7. Dean on May 27, 2009 at 2:57 pm said:

    Will people PLEASE stop buying Symantec products so that the company dies !

    But they won’t. Why ? Because since like 20 years ago it has been passed down from IT teacher to IT student that you can’t go wrong by buying Symantec products. Even though they have never bothered to verify that.

Post Navigation