You make a fair point. I am working with R&D on getting better response to false positive reports.
We are generating over 100k signatures a day, and there are also heuristics and behavioral detections that can create a false positive -- a lot of moving parts involved. Generally, when something is flagged, it's usually because the good program has attributes of the bad program. It's not always something the support engineer has access to in terms of why specifically something was flagged, and I will look into a cleaner line of communication between R&D and support on this issue. Alex ________________________________ From: Michael D Faulkner [mailto:michael.faulk...@colorado.edu] Sent: Sunday, April 04, 2010 6:41 PM To: NT System Admin Issues Subject: RE: Enterprise Anti-Virus .. I might add, that I have not been too happy with Sunbelt support. About a month ago, a false positive deleted an executable on some of my workstations. An email request for assistance took most of a day before I got a response, and then it was after hours on Sunbelt's side, so I could not discuss. I sent in some diagnostic files that day, and some I could not due to problems with the Sunbelt FTP account until that issue was cleared the next day. When I asked about why this had happened, I got no suitable explanation -- just that with the new signature updates it was not. I had thought that Sunbelt created it's own signatures inhouse - one of its selling points - and so could explain to me what had occurred and why. I asked a few times about this but never received a satisfactory answer and just left an exception on the server for this particular app. From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Sunday, April 04, 2010 12:20 PM To: NT System Admin Issues Subject: RE: Enterprise Anti-Virus There are a number of broad statements in this email, and I admit I am a bit confused. A few questions: >Vipre Server doesn't play well with others. You mean the console? What other applications doesn't it co-exist with? (Apart from the Sunbelt Exchange Archiver, as you mentioned). > Neither product will start >with the server. I have to log in manually and start them. Does this mean you have to manually start them after you've rebooted the server? I'm a bit confused on this statement. >On the client side, the email scanning performance for Outlook 2007 >was so bad I had to turn it off and purchase a gateway antivirus >product to keep my mailboxes clean. Any time you selected items in >Outlook 2007 in excess of a hundred or so, like when cleaning out your >sent items or deleted items, Outlook 2007 would hang for 10 seconds >per hundred items selected. Outlook 2003 was also affected, but not >as badly. Well, the sad truth is that AV-scanning on Outlook is a hit or miss proposition, unfortunately. From a development standpoint, it is a fairly ugly what's involved in making a plug-in work. It has gotten considerably better with the current verion, but IMHO, with any antivirus product, you're better off putting the heavy lifting on a server or on the gateway. However, if you were running Ninja/VIPRE for Exchange anyway, I'm curious why you bothered to enable the email protection on the client anyway? >Support told me that selecting that many items would naturally cause a >performance hit and wanted to close the case. I suggested that that >was significantly worse performance than Symantec, the yardstick for >poor performance, and that I thought one full minute/per thousand >emails selected was unacceptable. I even copied my salesperson. That >was in January. I haven't heard from anyone. I guess when I said >they could close the ticket if they thought hangs like that were >acceptable, they thought it was acceptable. I don't, but hey, now I >have another product protecting my perimeter. Of course, my price per >user trippled... > What is the performance now that you've disabled email scanning? Is it now better than Symantec? Also, are you still running Ninja/VIPRE Exchange? Alex ________________________________ From: Bill Songstad [mailto:bsongs...@gmail.com] Sent: Thursday, April 01, 2010 8:08 PM To: NT System Admin Issues Subject: Re: Enterprise Anti-Virus I Replaced Symantec AV 10 with Vipre earlier this year. I expected the process to be pretty smooth. After all, I had been running Ninja/vipre email for years and loved it. I was sadly disappointed both in the performance of Vipre and the famous Sunbelt tech support. Vipre Server doesn't play well with others. Especially other Sunbelt products. I suppose I could just buy some more server licenses for each Sunbelt product, but I went with Sunbelt because they were good AND affordable. But if you have to add a Windows server license to each install, that dramatically changes the per user cost in a small shop like mine. As it stands now, I have Vipre enterprise running on the same box as Sunbelt Exchange Archiver. Neither product will start with the server. I have to log in manually and start them. On the client side, the email scanning performance for Outlook 2007 was so bad I had to turn it off and purchase a gateway antivirus product to keep my mailboxes clean. Any time you selected items in Outlook 2007 in excess of a hundred or so, like when cleaning out your sent items or deleted items, Outlook 2007 would hang for 10 seconds per hundred items selected. Outlook 2003 was also affected, but not as badly. Support told me that selecting that many items would naturally cause a performance hit and wanted to close the case. I suggested that that was significantly worse performance than Symantec, the yardstick for poor performance, and that I thought one full minute/per thousand emails selected was unacceptable. I even copied my salesperson. That was in January. I haven't heard from anyone. I guess when I said they could close the ticket if they thought hangs like that were acceptable, they thought it was acceptable. I don't, but hey, now I have another product protecting my perimeter. Of course, my price per user trippled... Bill On Thu, Apr 1, 2010 at 1:58 PM, Ray <rz...@qwest.net<mailto:rz...@qwest.net>> wrote: I know this has been discussed many times in the past, but I'm going to ask again. Our McAfee contract is nearing renewal and we're looking for alternatives. We have about 4,000 desktops in 20 remote sites. We'd love the flexibility of managing everything from centralized console, and perhaps even allowing the local sites on-site staff to have access to their own machines. Not all our pipes are that great, so a distributed model for .dat updates would be ideal. We are currently evaluating Vipre. Last year we looked at and actually chose to buy Nod32, but, well, long story, and it wasn't the vendors fault. We're also looking at Trend and Sophos. Any feedback on what you have now and why you chose it or are dumping it would be great. Thanks, Ray ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
