Yep, all on its own. Granted this was based on setting that were made during installation, based on recommendations from the onstie Symantec vendor/engineer.
On Thu, Nov 8, 2012 at 8:48 AM, Kennedy, Jim <kennedy...@elyriaschools.org>wrote: > “SEP quarantined the files and then went to all machines on the network > and quarantined them on all machines…”**** > > ** ** > > Holy smokes, it decided to do that on it’s own? And quarantined the > machines that had NOT been updated yet?**** > > ** ** > > So glad I don’t run AV.**** > > ** ** > > ** ** > > *From:* Robert Cato [mailto:cato.rob...@gmail.com] > *Sent:* Thursday, November 08, 2012 8:45 AM > > *To:* NT System Admin Issues > *Subject:* Re: Symantec %@(*&OI:TNGF(P***** > > ** ** > > Ken**** > > **** > > These two updates were only installed on a couple of Win7 machines at > most. They were approved during the day for install overnight, a couple of > users saw the pop-up and installed. SEP quarantined the files and then went > to all machines on the network and quarantined them on all machines (Win7, > Vista, and XP).**** > > **** > > It would be nice if we had a separate network, but I'm not sure that will > get approved.**** > > **** > > Robert**** > > ** ** > > On Thu, Nov 8, 2012 at 6:41 AM, Ken Schaefer <k...@adopenstatic.com> wrote: > **** > > Even if you don’t have a separate network, you can create a separate group > in WSUS, and put a test machine(s) with your SOE image in that group. **** > > **** > > That would allow you to test patches prior to mass deployment. Checking > for AV issues would be just one thing – I’d recommend that you have some > test cases for all your important apps as well.**** > > **** > > Cheers**** > > Ken**** > > **** > > *From:* Robert Cato [mailto:cato.rob...@gmail.com] > *Sent:* Thursday, 8 November 2012 9:48 PM > *To:* NT System Admin Issues > *Subject:* Re: Symantec %@(*&OI:TNGF(P***** > > **** > > Ken,**** > > **** > > That was my first question, but it is still unanswered. I am still new at > this %dayjob%. **** > > **** > > In this case, the testing would have had to be done in a separate network, > which I am fairly sure we don't have. I will take that suggestion to the > table when we analyze the breakdowns of this incident.**** > > **** > > Robert**** > > **** > > On Wed, Nov 7, 2012 at 9:37 PM, Ken Schaefer <k...@adopenstatic.com> wrote: > **** > > No matter who you migrate to, you’ll also run into issues (false positives > seem to occur all the time, with all vendors).**** > > **** > > Did you test the patches before releasing to Production? Might be worth > beefing up the testing regime.**** > > **** > > *From:* Robert Cato [mailto:cato.rob...@gmail.com] > *Sent:* Thursday, 8 November 2012 5:22 AM > *To:* NT System Admin Issues > *Subject:* Symantec %@(*&OI:TNGF(P***** > > **** > > **** > > FYI**** > > **** > > We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One > user installed the two updates in the afternoon and Symantec Endpoint > Protection 12 with several advanced features enabled (threat protection, > hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among > them. The real problems started when SEP decided to quarantine the files > across all ~600 workstations taking us completely offline.**** > > **** > > The fix was to boot each workstation into safe mode and removing SEP.**** > > **** > > It was a long night.**** > > **** > > The good news:**** > > None of the advanced features were enabled on the servers.**** > > We are migrating away from SEP as of this morning.**** > > **** > > Robert**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin