Re: [mssms] RE: System Center Endpoint Protection
If only someone could make that a right click tool... On Wed, Sep 10, 2014 at 9:08 PM, Michael Mott michael.m...@1e.com wrote: Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received
Re: [mssms] RE: System Center Endpoint Protection
Am I missing something? I can click on any piece of Malware found and select Restore files quarantined by this threat in the monitoring node. I can also see what files were modified through this node. If I double click on any virus it shows me all the computers infected and I can view the files modified for individual computers. The only thing I can't do is select an individual file on an individual computer and allow it and / or restore it. On Wed, Sep 10, 2014 at 4:18 PM, Marcum, John jmar...@babc.com wrote: Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott
Re: [mssms] RE: System Center Endpoint Protection
there is a central recovery point. On Wed, Sep 10, 2014 at 4:18 PM, Marcum, John jmar...@babc.com wrote: Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott
Re: [mssms] RE: System Center Endpoint Protection
it is now built in. you can recover certain files, certain files on certain machines, etc. On Wed, Sep 10, 2014 at 8:47 PM, Michael Mott michael.m...@1e.com wrote: I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract.
Re: [mssms] RE: System Center Endpoint Protection
It is a new feature and they did not know it was added :-) On Thu, Sep 11, 2014 at 7:51 AM, Ryan ryan2...@gmail.com wrote: Am I missing something? I can click on any piece of Malware found and select Restore files quarantined by this threat in the monitoring node. I can also see what files were modified through this node. If I double click on any virus it shows me all the computers infected and I can view the files modified for individual computers. The only thing I can't do is select an individual file on an individual computer and allow it and / or restore it. On Wed, Sep 10, 2014 at 4:18 PM, Marcum, John jmar...@babc.com wrote: Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott
RE: [mssms] RE: System Center Endpoint Protection
Details please??? -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 8:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail
RE: [mssms] RE: System Center Endpoint Protection
You can do this all from the Monitoring node like Ryan already sent. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Thursday, September 11, 2014 8:45 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: System Center Endpoint Protection Details please??? -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 8:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender
RE: [mssms] RE: System Center Endpoint Protection
So a big problem we had was when a virus outbreak happened MANY computers saw the same infected files on the network. That turned into a total nightmare. We attempted to scan just one volume on our SAN and it took over 2 weeks to scan 10Tbs. By the time the scan completed the volume was reinfected. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:09 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: System Center Endpoint Protection Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly
RE: [mssms] RE: System Center Endpoint Protection
Nice… So CSS did not know how to recover files using the product that they support all day every day? This was THIRD LEVEL support too! From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Thursday, September 11, 2014 8:44 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] RE: System Center Endpoint Protection It is a new feature and they did not know it was added :-) On Thu, Sep 11, 2014 at 7:51 AM, Ryan ryan2...@gmail.commailto:ryan2...@gmail.com wrote: Am I missing something? I can click on any piece of Malware found and select Restore files quarantined by this threat in the monitoring node. I can also see what files were modified through this node. If I double click on any virus it shows me all the computers infected and I can view the files modified for individual computers. The only thing I can't do is select an individual file on an individual computer and allow it and / or restore it. On Wed, Sep 10, 2014 at 4:18 PM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.commailto:na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.commailto:mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.commailto:mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.commailto:mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e
Re: [mssms] RE: System Center Endpoint Protection
it is a new Feature John. they listened to you and added it. On Thu, Sep 11, 2014 at 8:58 AM, Marcum, John jmar...@babc.com wrote: Nice… So CSS did not know how to recover files using the product that they support all day every day? This was THIRD LEVEL support too! *From:* listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] *On Behalf Of *Todd Hemsell *Sent:* Thursday, September 11, 2014 8:44 AM *To:* mssms@lists.myitforum.com *Subject:* Re: [mssms] RE: System Center Endpoint Protection It is a new feature and they did not know it was added :-) On Thu, Sep 11, 2014 at 7:51 AM, Ryan ryan2...@gmail.com wrote: Am I missing something? I can click on any piece of Malware found and select Restore files quarantined by this threat in the monitoring node. I can also see what files were modified through this node. If I double click on any virus it shows me all the computers infected and I can view the files modified for individual computers. The only thing I can't do is select an individual file on an individual computer and allow it and / or restore it. On Wed, Sep 10, 2014 at 4:18 PM, Marcum, John jmar...@babc.com wrote: Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott -- Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. -- Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
RE: [mssms] RE: System Center Endpoint Protection
Ha Ha. Maybe so. I did have a call with them afterwards. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Thursday, September 11, 2014 9:45 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] RE: System Center Endpoint Protection it is a new Feature John. they listened to you and added it. On Thu, Sep 11, 2014 at 8:58 AM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: Nice… So CSS did not know how to recover files using the product that they support all day every day? This was THIRD LEVEL support too! From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Thursday, September 11, 2014 8:44 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: System Center Endpoint Protection It is a new feature and they did not know it was added :-) On Thu, Sep 11, 2014 at 7:51 AM, Ryan ryan2...@gmail.commailto:ryan2...@gmail.com wrote: Am I missing something? I can click on any piece of Malware found and select Restore files quarantined by this threat in the monitoring node. I can also see what files were modified through this node. If I double click on any virus it shows me all the computers infected and I can view the files modified for individual computers. The only thing I can't do is select an individual file on an individual computer and allow it and / or restore it. On Wed, Sep 10, 2014 at 4:18 PM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.commailto:na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.commailto:mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.commailto:mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.commailto:mssms
Re: [mssms] RE: System Center Endpoint Protection
Ouch! There are many things that can cause an antivirus scan to slow down like that. I can't tell you what was happening in your environment at that time, but I can tell you that scans of that nature shouldn't take as long as you experienced. SCEP is usually rated as one of the quicker products on the market. On Thu, Sep 11, 2014 at 8:56 AM, Marcum, John jmar...@babc.com wrote: So a big problem we had was when a virus outbreak happened MANY computers saw the same infected files on the network. That turned into a total nightmare. We attempted to scan just one volume on our SAN and it took over 2 weeks to scan 10Tbs. By the time the scan completed the volume was reinfected. -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:09 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: System Center Endpoint Protection Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice
RE: [mssms] RE: System Center Endpoint Protection
Oh we had cases with MS. They said it wasn't unusual. It's because it wasn't locally attached storage. Had to be scanned across the network from a Windows server. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan Sent: Thursday, September 11, 2014 9:54 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] RE: System Center Endpoint Protection Ouch! There are many things that can cause an antivirus scan to slow down like that. I can't tell you what was happening in your environment at that time, but I can tell you that scans of that nature shouldn't take as long as you experienced. SCEP is usually rated as one of the quicker products on the market. On Thu, Sep 11, 2014 at 8:56 AM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: So a big problem we had was when a virus outbreak happened MANY computers saw the same infected files on the network. That turned into a total nightmare. We attempted to scan just one volume on our SAN and it took over 2 weeks to scan 10Tbs. By the time the scan completed the volume was reinfected. -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:09 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: System Center Endpoint Protection Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.commailto:na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.commailto:mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy
Re: [mssms] RE: System Center Endpoint Protection
What do they know? They don't even know how to restore files! :-) On Thu, Sep 11, 2014 at 9:58 AM, Marcum, John jmar...@babc.com wrote: Oh we had cases with MS. They said it wasn't unusual. It's because it wasn't locally attached storage. Had to be scanned across the network from a Windows server. *From:* listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] *On Behalf Of *Ryan *Sent:* Thursday, September 11, 2014 9:54 AM *To:* mssms@lists.myitforum.com *Subject:* Re: [mssms] RE: System Center Endpoint Protection Ouch! There are many things that can cause an antivirus scan to slow down like that. I can't tell you what was happening in your environment at that time, but I can tell you that scans of that nature shouldn't take as long as you experienced. SCEP is usually rated as one of the quicker products on the market. On Thu, Sep 11, 2014 at 8:56 AM, Marcum, John jmar...@babc.com wrote: So a big problem we had was when a virus outbreak happened MANY computers saw the same infected files on the network. That turned into a total nightmare. We attempted to scan just one volume on our SAN and it took over 2 weeks to scan 10Tbs. By the time the scan completed the volume was reinfected. -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:09 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: System Center Endpoint Protection Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad
RE: [mssms] RE: System Center Endpoint Protection
HA HA HA!!! I kicked off a scan of one of my file servers just to get some screen shots. The volume I started scanning is 1Tb. After about 10 min I got bored and killed it. It had barely started. Give it a try for yourself. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan Sent: Thursday, September 11, 2014 10:11 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] RE: System Center Endpoint Protection What do they know? They don't even know how to restore files! :-) On Thu, Sep 11, 2014 at 9:58 AM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: Oh we had cases with MS. They said it wasn't unusual. It's because it wasn't locally attached storage. Had to be scanned across the network from a Windows server. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Ryan Sent: Thursday, September 11, 2014 9:54 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: System Center Endpoint Protection Ouch! There are many things that can cause an antivirus scan to slow down like that. I can't tell you what was happening in your environment at that time, but I can tell you that scans of that nature shouldn't take as long as you experienced. SCEP is usually rated as one of the quicker products on the market. On Thu, Sep 11, 2014 at 8:56 AM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: So a big problem we had was when a virus outbreak happened MANY computers saw the same infected files on the network. That turned into a total nightmare. We attempted to scan just one volume on our SAN and it took over 2 weeks to scan 10Tbs. By the time the scan completed the volume was reinfected. -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:09 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: System Center Endpoint Protection Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.commailto:na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us
RE: [mssms] RE: System Center Endpoint Protection
I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract.
RE: [mssms] RE: System Center Endpoint Protection
Granted this was from FEP but it still applies. Quarantine, never delete so you can go back if need be C:\Program Files\Microsoft Security Client\Antimalware\mpcmdrun.exe -restore -name Program:Win32/PowerRegScheduler -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Mott Sent: Wednesday, September 10, 2014 9:48 PM To: mssms@lists.myitforum.com; Nash Pherson Subject: RE: [mssms] RE: System Center Endpoint Protection I came up with a way to recover files, remotely using psexec. It was pretty easy. -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Wednesday, September 10, 2014 5:19 PM To: Nash Pherson; mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Add me to thay list and you now know an uphappy customer. The support is horrible. There's no central recovery point. Out of the box SCEP doesn't even tell thou what files it quarantined. CSS actually told me I'd have to go to each and every machine to clean and recover files. So, yes it's super easy to implement because it doesn't really have any features. It's a great product until you need it then you are screwed. Well, at least if something gets past it you are. And. ... If you have any virtual machines protect it doesn't integrate at the hyper visor level. - On Sep 10, 2014 at 3:46 PM, Nash Pherson na...@nowmicro.com wrote: SCEP is the easiest product to successfully manage, and of course you have already paid for it (not cheap... its actually horribly expensive... but you've already paid for it). While Kaspersky may have incrementally higher detection rates, the conversation really needs to be centered around whether or not Kaspersky is so much better that it warrants paying for two antivirus products. With almost every customer I've worked with, the business decision has been to go with SCEP and I have yet to see an unhappy customer. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 15:42 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: System Center Endpoint Protection Thanks, I'm debating whether to rollout the new Kaspersky client or this once we go to ConfigMgr 2012. Kaspersky has had great detection rates for us and I'd hate to go with something that's just okay. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Wednesday, September 10, 2014 1:37 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection Same here it's a lot cheaper and the guys that do our pen test say it's better than the McAfee product we had. One thing I don't like is no way to see active file scans like you can in McAfee but no complaints at all. Love the product and easy of management and rollout. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Aubrey Sent: Wednesday, September 10, 2014 4:26 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] RE: System Center Endpoint Protection We moved 4 years ago and haven't looked back. Works as well if not better than the Symantec. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCOTT Nick D Sent: Wednesday, September 10, 2014 4:24 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] System Center Endpoint Protection I'm curious what everyone's thoughts are on SCEP. How does it compare with other anti-virus products? I'm curious to see if it's worth implementing and moving away from other anti-virus products. Nick Scott Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may