After purchasing and downloading Symantec’s product, I began reading all of the manuals (Like a good I.T. Guy) and eventually started deploying the product. Up until this point, I was convinced that I would be in for an overnight-er but surprisingly it was relatively easy to install. I used the SQL approach as the database engine as apposed to the built in database option as I had heard horror stories about this configuration. Servers running out of resources (Mainly Disk Space), shares being inaccessible and servers having to be re-booted daily or more.  Once I had the management console installed, I decided not to install the client on the server due to, you guessed it – more horror stories. Instead, I left Symantec Enterprise 10.0 on the server and upgraded all client machines with the built-in upgrade push available from the management console. All in all it went smooth.

After a few days of playing around with the management console and the client, I noticed a few major issues including a great deal of communications between the Management Console (Server) and the Endpoints (Clients) so I began to investigate. After sniffing packets and reading (and a few cups of coffee) I determined that the traffic was being caused by the server “Pushing” communications as well as the constant checks for updates. To alleviate this, I set all clients to “Pull” updates every “X” hours, I also deleted the default update policy and created a new one that dictated that the server should only check Live Update for new content every 2 hours between 6:00 P.M. and 6:00 A.M. daily. This drastically reduced the amount of network traffic.

So, after sorting out the network saturation issue mentioned above, I was faced with the large consumption of resources that the Management Console was putting on the server. This was a relatively easy issue to resolve. I simply limited the amount of memory that the SQL server was allowed to consume to 256 MB and wrote a small batch script that restarts the Symantec Services each day at 6:30 A.M. and 5:30 P.M. as to not interfere with the update schedule. Once I had observed this configuration for a few days, I was satisfied with the results and so far all has been operational with a relatively low impact on the server.

Along with the Anti-Virus, Anti-Spy-ware and network protection features included in this product, there is also the capability to disable removable storage devices such as Flash Drives. This particular client was very interested in this feature as they are in a highly sensitive industry. That being said, I created a policy for select clients that prohibits the use of removable media devices and I must say, it works well.

Some of the things that I have noticed to be annoying is the new interface of the client as well as the Management Console. Symantec has switched from an MMC format as seen in earlier versions of their Corporate Anti-Virus to a web/java based interface. This thing is CLUNKY. Descovery of unmanaged clients usually takes longer than the login timeout so it never completes and the reporting functionality is sub-par. I do, however like the Active Directory integration features as well as the informational dashboard.

This configuration was put in place about 6 months ago now and I have not seen any major bumps in the road. The system seems to work well and is doing what it is supposed to with regards to protecting the client machines against harmful applications. All in all, after discovering a happy medium and wrangling this application into working properly, it is a decent solution. It provides a cost effective way to efficiently manage endpoint antivirus and security despite it’s early (Glaring) flaws, although I do not think that I will be recommending it to any future clients given the time and effort it took to get the thing working in the first place. I hear that there is an MR3 release, which I will be deploying at a new client (They had already purchased the license before my time). Hopefully the new version will not be such a pain to get working.

Jason (Digitalkid)
www.954network.com