It is SEP12, I'm sorry I do not know the definition file, that is handled by the security group...and they don't really want to talk about Symantec right now.
On Thu, Nov 8, 2012 at 9:05 AM, Erik Goldoff <egold...@gmail.com> wrote: > curious, SEP 11 or 12, and what definitions when this happened ? > > Thanks > > On Thu, Nov 8, 2012 at 8:57 AM, Robert Cato <cato.rob...@gmail.com> wrote: > >> >> Yep, all on its own. Granted this was based on setting that were made >> during installation, based on recommendations from the onstie Symantec >> vendor/engineer. >> >> >> >> On Thu, Nov 8, 2012 at 8:48 AM, Kennedy, Jim < >> kennedy...@elyriaschools.org> wrote: >> >>> “SEP quarantined the files and then went to all machines on the >>> network and quarantined them on all machines…”**** >>> >>> ** ** >>> >>> Holy smokes, it decided to do that on it’s own? And quarantined the >>> machines that had NOT been updated yet?**** >>> >>> ** ** >>> >>> So glad I don’t run AV.**** >>> >>> ** ** >>> >>> ** ** >>> >>> *From:* Robert Cato [mailto:cato.rob...@gmail.com] >>> *Sent:* Thursday, November 08, 2012 8:45 AM >>> >>> *To:* NT System Admin Issues >>> *Subject:* Re: Symantec %@(*&OI:TNGF(P***** >>> >>> ** ** >>> >>> Ken**** >>> >>> **** >>> >>> These two updates were only installed on a couple of Win7 machines at >>> most. They were approved during the day for install overnight, a couple of >>> users saw the pop-up and installed. SEP quarantined the files and then went >>> to all machines on the network and quarantined them on all machines (Win7, >>> Vista, and XP).**** >>> >>> **** >>> >>> It would be nice if we had a separate network, but I'm not sure that >>> will get approved.**** >>> >>> **** >>> >>> Robert**** >>> >>> ** ** >>> >>> On Thu, Nov 8, 2012 at 6:41 AM, Ken Schaefer <k...@adopenstatic.com> >>> wrote:**** >>> >>> Even if you don’t have a separate network, you can create a separate >>> group in WSUS, and put a test machine(s) with your SOE image in that group. >>> **** >>> >>> **** >>> >>> That would allow you to test patches prior to mass deployment. Checking >>> for AV issues would be just one thing – I’d recommend that you have some >>> test cases for all your important apps as well.**** >>> >>> **** >>> >>> Cheers**** >>> >>> Ken**** >>> >>> **** >>> >>> *From:* Robert Cato [mailto:cato.rob...@gmail.com] >>> *Sent:* Thursday, 8 November 2012 9:48 PM >>> *To:* NT System Admin Issues >>> *Subject:* Re: Symantec %@(*&OI:TNGF(P***** >>> >>> **** >>> >>> Ken,**** >>> >>> **** >>> >>> That was my first question, but it is still unanswered. I am still new >>> at this %dayjob%. **** >>> >>> **** >>> >>> In this case, the testing would have had to be done in a separate >>> network, which I am fairly sure we don't have. I will take that suggestion >>> to the table when we analyze the breakdowns of this incident.**** >>> >>> **** >>> >>> Robert**** >>> >>> **** >>> >>> On Wed, Nov 7, 2012 at 9:37 PM, Ken Schaefer <k...@adopenstatic.com> >>> wrote:**** >>> >>> No matter who you migrate to, you’ll also run into issues (false >>> positives seem to occur all the time, with all vendors).**** >>> >>> **** >>> >>> Did you test the patches before releasing to Production? Might be worth >>> beefing up the testing regime.**** >>> >>> **** >>> >>> *From:* Robert Cato [mailto:cato.rob...@gmail.com] >>> *Sent:* Thursday, 8 November 2012 5:22 AM >>> *To:* NT System Admin Issues >>> *Subject:* Symantec %@(*&OI:TNGF(P***** >>> >>> **** >>> >>> **** >>> >>> FYI**** >>> >>> **** >>> >>> We approved two MS patches yesterday (KB2574819 KB2592687) in WSUS. One >>> user installed the two updates in the afternoon and Symantec Endpoint >>> Protection 12 with several advanced features enabled (threat protection, >>> hurestics, SONAR, etc). SEP quarrantined 15 system files, run32.dll among >>> them. The real problems started when SEP decided to quarantine the files >>> across all ~600 workstations taking us completely offline.**** >>> >>> **** >>> >>> The fix was to boot each workstation into safe mode and removing SEP.*** >>> * >>> >>> **** >>> >>> It was a long night.**** >>> >>> **** >>> >>> The good news:**** >>> >>> None of the advanced features were enabled on the servers.**** >>> >>> We are migrating away from SEP as of this morning.**** >>> >>> **** >>> >>> Robert**** >>> >>> **** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin**** >>> >>> **** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin**** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin**** >>> >>> ** ** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin**** >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin