BleepingComputer.com: Is it SEP or me?

Are any of you using Symantec Endpoint Protection 12?

My company recently upgraded from version 11 (which was a bear, had all kinds of problems including locking up the first Windows 7 machine we tested it on, and many computers needed their CleanWipe program after the first install attempt failed).

We had problems with occasional infections before the upgrade and had hoped since the upgrade with the new anti-malware that it supposedly has now that it would protect us better. Since the upgrade was completed about two weeks ago we've had three computers and one server trashed by viruses or malware. Each time SAS or Malwarebytes (both run on demand) caught and killed the bug. The last one was especially frustrating because SEP's logs showed that it identified the malware and attempted to quarantine it but failed.

Is SEP really that unreliable or am I just that unlucky?

Although Symantec (Norton) is as good as any other well known anti-virus program, it requires numerous services and running processes that consume system resources and often results in complaints of high CPU usage. I have read from other users that Symantec has improved the newer versions while others say differently. However, Symantec products can be difficult to remove and remnants are often left behind which require the use of a special removal tool, otherwise you may encounter problems installing a replacement anti-virus. To be fair, other vendors are also using removal tools for the same reason. Those issues plus the cost factor are the primary reason many folks look for a free alternative.

Norton Internet Security is a suite which means it includes additional features, in addition to anti-virus protection. Some of those extra features will also consume resources and affect performance. Symantec Endpoint Protection includes many of the same features but is intended for small businesses with several computers and servers.

Keep in mind that no single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections.

Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.

• Important Tip: Security begins with personal responsibility and following Best Practices for Safe Computing - Prevention.