RE: iPad PIECE OF CRAP!
Still WIP [.like Whack-a-mole], but we were able to see improvements the past 12-hours following, rebuilding of the forms-based authentication, SSL certificates, and Exchange virtual directory. Here is a great Microsoft article on EAS http://support.microsoft.com/kb/2563324 Ps. They could have skipped the rhetoric and added an oxymoronic, Beta like Google does .we SORT OF have something extremely reliable for the enterprise world! PPs. We were once known as the IT guys around here. Following this iPad bull-jive, we are now the BALD-HEADED GUYS!! ;--/ PPPs. Can't wait for iPhone 5, and the demise of RIM. Why don't we all just be preemptive here and develop a case of hemorrhoids beforehand!! From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, September 01, 2011 9:07 AM To: NT System Admin Issues Subject: Re: iPad PIECE OF CRAP! We had that on Exchange 2003. Not an iPad but their MACs. There are several technet articles on it regarding E2k3. On Thu, Sep 1, 2011 at 8:20 AM, Guyer, Don don.gu...@fiserv.com wrote: At my previous gig, we experienced that due to 1 iPhone, so this doesn't surprise me. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 tel:1-800-523-7282%20x%201673 x 1673 Fax: 610-233-0404 http://www.fiserv.com/ www.fiserv.com Description: Frog Signature From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, September 01, 2011 11:14 AM To: NT System Admin Issues Subject: Re: iPad PIECE OF CRAP! You got that from one iPad? Was it inside your network, or outside when generating those errors? We have 11 iOS devices in our office and have never had anything like that. Although you did send me scrambling off to look at the logs to see if I'd missed anything. let us know if you find out _why_ it happened. thx - Who'd you rather be, the Beatles or the Rolling Stones? On Wed, Aug 31, 2011 at 15:47, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Just wanted to share something interesting. We purchased an iPad on the 15th. The boss wanted EAS and nFuse [CITRIX] running before his trip to China. When the iPad was running, the Exchange server got bombarded with Event ID: 3007, Exchange mailbox Server response timeout : Server: [sssdc01.ssscorp.local] User: [boss...@ssscorp.com].. every 2-3 minutes. Every Outlook user was experiencing either timing out when emails arrived, higher-than-usual CPU usage, and or I/O bytes off the charts. We've been up troubleshooting since 2AM this morning. shut off the iPad and voila! Eeh-gahds!!! -J ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
RE: iPad PIECE OF CRAP!
iPad ActiveSync issues are only during implementation, and or IF someone's moving around large folders in Outlook. Avoid implementation. problems SOLVED. If not. Preparation H From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, September 01, 2011 11:35 AM To: NT System Admin Issues Subject: RE: iPad PIECE OF CRAP! There's some sick people out there, you never know. From: Steve Ens [mailto:stevey...@gmail.com] Sent: Thursday, September 01, 2011 1:33 PM To: NT System Admin Issues Subject: Re: iPad PIECE OF CRAP! Who will want them if you pass them on? They've already been used! On Thu, Sep 1, 2011 at 1:28 PM, Kim Longenbaugh k...@colonialsavings.com wrote: I'll pass on the hemorrhoids, thanks (no pun intended). From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Thursday, September 01, 2011 1:18 PM To: NT System Admin Issues Subject: RE: iPad PIECE OF CRAP! Still WIP [.like Whack-a-mole], but we were able to see improvements the past 12-hours following, rebuilding of the forms-based authentication, SSL certificates, and Exchange virtual directory. Here is a great Microsoft article on EAS http://support.microsoft.com/kb/2563324 Ps. They could have skipped the rhetoric and added an oxymoronic, Beta like Google does .we SORT OF have something extremely reliable for the enterprise world! PPs. We were once known as the IT guys around here. Following this iPad bull-jive, we are now the BALD-HEADED GUYS!! ;--/ PPPs. Can't wait for iPhone 5, and the demise of RIM. Why don't we all just be preemptive here and develop a case of hemorrhoids beforehand!! From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, September 01, 2011 9:07 AM To: NT System Admin Issues Subject: Re: iPad PIECE OF CRAP! We had that on Exchange 2003. Not an iPad but their MACs. There are several technet articles on it regarding E2k3. On Thu, Sep 1, 2011 at 8:20 AM, Guyer, Don don.gu...@fiserv.com wrote: At my previous gig, we experienced that due to 1 iPhone, so this doesn't surprise me. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 tel:1-800-523-7282%20x%201673 x 1673 Fax: 610-233-0404 http://www.fiserv.com/ www.fiserv.com Description: Frog Signature From: S Powell [mailto:powe...@gmail.com] Sent: Thursday, September 01, 2011 11:14 AM To: NT System Admin Issues Subject: Re: iPad PIECE OF CRAP! You got that from one iPad? Was it inside your network, or outside when generating those errors? We have 11 iOS devices in our office and have never had anything like that. Although you did send me scrambling off to look at the logs to see if I'd missed anything. let us know if you find out _why_ it happened. thx - Who'd you rather be, the Beatles or the Rolling Stones? On Wed, Aug 31, 2011 at 15:47, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Just wanted to share something interesting. We purchased an iPad on the 15th. The boss wanted EAS and nFuse [CITRIX] running before his trip to China. When the iPad was running, the Exchange server got bombarded with Event ID: 3007, Exchange mailbox Server response timeout : Server: [sssdc01.ssscorp.local] User: [boss...@ssscorp.com].. every 2-3 minutes. Every Outlook user was experiencing either timing out when emails arrived, higher-than-usual CPU usage, and or I/O bytes off the charts. We've been up troubleshooting since 2AM this morning. shut off the iPad and voila! Eeh-gahds!!! -J ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE
RE: I hate Dell
...mostly miss! HAVE to chime in... we think of Dell, we think justifiable indignation. IF you have other branded options, you are a reseller, and want a WHOLE NEW WORLD of great sales support. Try DH. Cheers -J Ps. Dell is SO unimpressive, albeit we can make a few points more in margin! -Original Message- From: Mathew Shember [mailto:mathew.shem...@synopsys.com] Sent: Thursday, July 28, 2011 2:07 PM To: NT System Admin Issues Subject: RE: I hate Dell Dell can be hit and miss. I have had good and bad. The worst was Computer Associates. In one year we counted 42 rep changes.It became a game to guess how long they would last.. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Thursday, July 28, 2011 2:03 PM To: NT System Admin Issues Subject: Re: I hate Dell I love Dell. But I must agree, the rep leaves me feeling ... uncared for. But, I make my own EQuotes using Dell's Premier page. If an option isn't there, I ask my rep to turn the option on: Me: Hey, can I get the option to install your 128 SSD on the Optiplex 390? Rep: Uh, yeah. You want that option turned on? Me: Yes. I want all my options turned on, please. Rep: Okay! Then he turns on the one option I asked for... and nothing else, so I have to ask again. *sigh* Oh well, it's better than the configuration I can do on HP's site. (Somebody please prove me wrong!) --Matt Ross Ephrata School District - Original Message - From: Jonathan Link [mailto:jonathan.l...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Thu, 28 Jul 2011 13:28:20 -0700 Subject: I hate Dell My rep, rather. And, yes, I have contacted her boss. Especially since he was so insistent that I sign up for surveys to tell him how they're doing. Except I skipped the signing up with survey part. Trouble is, the quote comes back wrong. Again. After her boss got involved. I'm about done. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: BLOCKING end-users from ATTACHING and EMAILING...
Great point Bill!! ...and NO we have not thought of that. Imagine this could be done through group policy. -J -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Thursday, May 12, 2011 6:20 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... Also, are users able to printscreen? Got to block that if you don't want users making screenshots of your PDFs. Bill Alan Davies wrote: Do you block/quarantine encrypted email too? If not, they can encrypt the email and your attachment filter won't be able to see it. Otherwise, good solution - you may find, particularly if you need strong anti-copy type controls, that you could get some value from a DLP suite - Verdasys Digital Guardian for example is one I implemented in a past role to strictly control that type of activity. Cost will be an issue. a -Original Message- From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: 11 May 2011 21:25 To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... SOLUTION FOUND VIPRE Email Security has what's called Attachment Filter [was right under our noses]. We are *now* able to prevent specific documents from being attached and emailed by specific users [or department]. All Policy features in the Attachment Filter tabs worked quite well, with minor exceptions [*see below]. Our custom rule, *(CLASSIFIED).PDF, stops PDF docs that end with CLASSIFIED in parenthesis. All classified documents were placed Read Only in a shared folder for all users. These documents will be given names for the above rule to catch, i.e., Standards for Dakota (CLASSIFIED).pdf. The PDF documents are converted using Adobe security, whereby the users cannot modify, copy /paste, or print. Using Sophos we activated Device Control preventing the end-users from coping to Storage, Network, or Short Range devices. The last step is to prevent these PDF [Read Only] documents from being copied locally and renamed. We are searching for a good Anti-copy software. It appears that there are some choices. programs like M File Anti-Copy http://mini-products.net/ .so far untested. It appears we have a DLP solution to look forward to. Cheers -J Thank you all for the replies [contributions] including: Justin Thomas: jat...@gmail.com Martin Blackstone: mblackst...@gmail.com Angus Scott-Fleming: angu...@geoapps.com Jim Kennedy: kennedy...@elyriaschools.org Jeff Steward: jstew...@gmail.com James Rankin: kz2...@googlemail.com Andrew S. Baker: asbz...@gmail.com *The syntax %FILENAME% used under the Notifications tab oddly returned the subject of the email rather than the filename (GFI case is pending) *Earlier on, the Attachment Filter failing entirely. the result of our Digital signature in emails. Resolution came by changing the statement from false to true in ScanDigitallySignedMessagestrue/ScanDigitallySignedMessages found in the directory \VIPRE Email Security\globalsettings.xml file The latter issue dragged on for what seemed like forever [5-days]. After several techs [3-4] it was finally resolved by Matthew D. (Nice Job!) From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Friday, May 06, 2011 4:32 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... Agreed! .and thank you for your worthy replies. We recently discovered Vipre Email Security has what's called Attachment Filter .albeit it doesn't quite work AS OF YET, and no one [including Vipre Support] is able to say why. For the Vipre Security users out there.check out the Rules tab. Now this looks like something with tremendous DLP potential. Now if we can just get it to work. Cheers -J From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, May 06, 2011 4:24 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I asked that question as I have been involved in stolen/leaked Intellectual Property issues where someone was faxing CAD drawings to a competitor. If this data is truly considered 'the secret sauce' then as others have suggested, get a real DLP solution in place. There is no perfect security in business since you have to let the pesky end users, customers and sales folks interact. Good luck! -Jeff Steward On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thank you Jeff. The CAD operators cannot print the items of sensitivity [again we need to prevent the possibility to email only]. Many of these items [documents] represent Standards or dimensions which the engineers use for all projects, and are located in one folder. These docs are large, including roughly 130 pages each, and would easily allow other manufacturing firms to replicate the same exact pieces. This is VERY Similar
RE: BLOCKING end-users from ATTACHING and EMAILING...
Yes Kurt [thanks]. The users in the department do not have local admin rights, and the ability to print has been removed. Unfortunately, we have not been able to prevent users from copy /paste. The rule is, IF a file can be read... IT CAN be copied /pasted. If the end-users figure out that the trigger preventing email in Vipre [Attachment filter] is within the name of the file they can modify it. We are searching for a workaround. We were hoping to avoid the expense, but at the end of the day perhaps a DLP professional firm will be needed. Alan recommended http://www.verdasys.com/ We've just seen a demo from http://www.gtbtechnologies.com/ [they use finger prints signatures in documents, then an appliance gateway NOT CHEAP however] Cheers -J -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, May 12, 2011 7:51 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I'm sure you've also ensured that the users can't install alternate software for reading and printing the document... Kurt On Wed, May 11, 2011 at 13:24, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: SOLUTION FOUND VIPRE Email Security has what's called Attachment Filter [was right under our noses]. We are *now* able to prevent specific documents from being attached and emailed by specific users [or department]. All Policy features in the Attachment Filter tabs worked quite well, with minor exceptions [*see below]. Our custom rule, *(CLASSIFIED).PDF, stops PDF docs that end with CLASSIFIED in parenthesis. All classified documents were placed Read Only in a shared folder for all users. These documents will be given names for the above rule to catch, i.e., Standards for Dakota (CLASSIFIED).pdf. The PDF documents are converted using Adobe security, whereby the users cannot modify, copy /paste, or print. Using Sophos we activated Device Control preventing the end-users from coping to Storage, Network, or Short Range devices. The last step is to prevent these PDF [Read Only] documents from being copied locally and renamed. We are searching for a good Anti-copy software. It appears that there are some choices. programs like M File Anti-Copy http://mini-products.net/ .so far untested. It appears we have a DLP solution to look forward to. Cheers -J Thank you all for the replies [contributions] including: Justin Thomas: jat...@gmail.com Martin Blackstone: mblackst...@gmail.com Angus Scott-Fleming: angu...@geoapps.com Jim Kennedy: kennedy...@elyriaschools.org Jeff Steward: jstew...@gmail.com James Rankin: kz2...@googlemail.com Andrew S. Baker: asbz...@gmail.com *The syntax %FILENAME% used under the Notifications tab oddly returned the subject of the email rather than the filename (GFI case is pending) *Earlier on, the Attachment Filter failing entirely. the result of our Digital signature in emails. Resolution came by changing the statement from false to true in ScanDigitallySignedMessagestrue/ScanDigitallySignedMessages found in the directory \VIPRE Email Security\globalsettings.xml file The latter issue dragged on for what seemed like forever [5-days]. After several techs [3-4] it was finally resolved by Matthew D. (Nice Job!) From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Friday, May 06, 2011 4:32 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... Agreed! .and thank you for your worthy replies. We recently discovered Vipre Email Security has what's called Attachment Filter .albeit it doesn't quite work AS OF YET, and no one [including Vipre Support] is able to say why. For the Vipre Security users out there.check out the Rules tab. Now this looks like something with tremendous DLP potential. Now if we can just get it to work. Cheers -J From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, May 06, 2011 4:24 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I asked that question as I have been involved in stolen/leaked Intellectual Property issues where someone was faxing CAD drawings to a competitor. If this data is truly considered 'the secret sauce' then as others have suggested, get a real DLP solution in place. There is no perfect security in business since you have to let the pesky end users, customers and sales folks interact. Good luck! -Jeff Steward On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thank you Jeff. The CAD operators cannot print the items of sensitivity [again we need to prevent the possibility to email only]. Many of these items [documents] represent Standards or dimensions which the engineers use for all projects, and are located in one folder. These docs are large, including roughly 130 pages each, and would easily allow other manufacturing firms to replicate the same exact
RE: BLOCKING end-users from ATTACHING and EMAILING...
SOLUTION FOUND VIPRE Email Security has what's called Attachment Filter [was right under our noses]. We are *now* able to prevent specific documents from being attached and emailed by specific users [or department]. All Policy features in the Attachment Filter tabs worked quite well, with minor exceptions [*see below]. Our custom rule, *(CLASSIFIED).PDF, stops PDF docs that end with CLASSIFIED in parenthesis. All classified documents were placed Read Only in a shared folder for all users. These documents will be given names for the above rule to catch, i.e., Standards for Dakota (CLASSIFIED).pdf. The PDF documents are converted using Adobe security, whereby the users cannot modify, copy /paste, or print. Using Sophos we activated Device Control preventing the end-users from coping to Storage, Network, or Short Range devices. The last step is to prevent these PDF [Read Only] documents from being copied locally and renamed. We are searching for a good Anti-copy software. It appears that there are some choices. programs like M File Anti-Copy http://mini-products.net/ .so far untested. It appears we have a DLP solution to look forward to. Cheers -J Thank you all for the replies [contributions] including: Justin Thomas: jat...@gmail.com Martin Blackstone: mblackst...@gmail.com Angus Scott-Fleming: angu...@geoapps.com Jim Kennedy: kennedy...@elyriaschools.org Jeff Steward: jstew...@gmail.com James Rankin: kz2...@googlemail.com Andrew S. Baker: asbz...@gmail.com *The syntax %FILENAME% used under the Notifications tab oddly returned the subject of the email rather than the filename (GFI case is pending) *Earlier on, the Attachment Filter failing entirely. the result of our Digital signature in emails. Resolution came by changing the statement from false to true in ScanDigitallySignedMessagestrue/ScanDigitallySignedMessages found in the directory \VIPRE Email Security\globalsettings.xml file The latter issue dragged on for what seemed like forever [5-days]. After several techs [3-4] it was finally resolved by Matthew D. (Nice Job!) From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Friday, May 06, 2011 4:32 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... Agreed! .and thank you for your worthy replies. We recently discovered Vipre Email Security has what's called Attachment Filter .albeit it doesn't quite work AS OF YET, and no one [including Vipre Support] is able to say why. For the Vipre Security users out there.check out the Rules tab. Now this looks like something with tremendous DLP potential. Now if we can just get it to work. Cheers -J From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, May 06, 2011 4:24 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I asked that question as I have been involved in stolen/leaked Intellectual Property issues where someone was faxing CAD drawings to a competitor. If this data is truly considered 'the secret sauce' then as others have suggested, get a real DLP solution in place. There is no perfect security in business since you have to let the pesky end users, customers and sales folks interact. Good luck! -Jeff Steward On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thank you Jeff. The CAD operators cannot print the items of sensitivity [again we need to prevent the possibility to email only]. Many of these items [documents] represent Standards or dimensions which the engineers use for all projects, and are located in one folder. These docs are large, including roughly 130 pages each, and would easily allow other manufacturing firms to replicate the same exact pieces. This is VERY Similar to the secret recipes for the odors of Crayola crayons, or Papa John's Pizza garlic sauce, etc., etc. Ps. The latter is something I would LOVE getting my hands on. I would make a HUGE batch for home use to dip the crust of *any* pizza!! From: Jeff Steward [mailto: mailto:jstew...@gmail.com jstew...@gmail.com] Sent: Wednesday, May 04, 2011 8:14 PM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... Can the CAD operators print? Seriously, if the owners need to protect their intellectually property at that level, have the engineers upload the docs to a directory for review and approval and let a 3rd party review them prior to sending them to an external destination. -Jeff Steward On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thanks Martin We too were thinking that might be a viable option. If seems NOT good for two reasons. 1) That is a Global setting, whereby the entire company would be effected by the one Exchange server 2) This department needs to transfer large files MOSTLY internally, but on rare occasions outside Sorry I forgot to mention this in our original post
RE: BLOCKING end-users from ATTACHING and EMAILING...
Agreed! .and thank you for your worthy replies. We recently discovered Vipre Email Security has what's called Attachment Filter .albeit it doesn't quite work AS OF YET, and no one [including Vipre Support] is able to say why. For the Vipre Security users out there.check out the Rules tab. Now this looks like something with tremendous DLP potential. Now if we can just get it to work. Cheers -J From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Friday, May 06, 2011 4:24 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I asked that question as I have been involved in stolen/leaked Intellectual Property issues where someone was faxing CAD drawings to a competitor. If this data is truly considered 'the secret sauce' then as others have suggested, get a real DLP solution in place. There is no perfect security in business since you have to let the pesky end users, customers and sales folks interact. Good luck! -Jeff Steward On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thank you Jeff. The CAD operators cannot print the items of sensitivity [again we need to prevent the possibility to email only]. Many of these items [documents] represent Standards or dimensions which the engineers use for all projects, and are located in one folder. These docs are large, including roughly 130 pages each, and would easily allow other manufacturing firms to replicate the same exact pieces. This is VERY Similar to the secret recipes for the odors of Crayola crayons, or Papa John's Pizza garlic sauce, etc., etc. Ps. The latter is something I would LOVE getting my hands on. I would make a HUGE batch for home use to dip the crust of *any* pizza!! From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Wednesday, May 04, 2011 8:14 PM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... Can the CAD operators print? Seriously, if the owners need to protect their intellectually property at that level, have the engineers upload the docs to a directory for review and approval and let a 3rd party review them prior to sending them to an external destination. -Jeff Steward On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thanks Martin We too were thinking that might be a viable option. If seems NOT good for two reasons. 1) That is a Global setting, whereby the entire company would be effected by the one Exchange server 2) This department needs to transfer large files MOSTLY internally, but on rare occasions outside Sorry I forgot to mention this in our original post. -J From: Martin Blackstone [mailto:mblackst...@gmail.com] Sent: Wednesday, May 04, 2011 2:50 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... You could just put such a small attachment size restriction on them that nothing would go. Say 1K. From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Wednesday, May 04, 2011 1:47 PM To: NT System Admin Issues Subject: BLOCKING end-users from ATTACHING and EMAILING... We are searching for a method to BLOCK end-users from ATTACHING and EMAILING [sensitive] docs located on a SPECIFIC FOLDER of the share. What we have accomplished thus far: 1) Using Sophos we activated Device Control preventing end-user from coping to Storage, Network, or Short Range devices 2) Using Sophos we also activated Data Control. thus creating email alerts detailing the sender /recipient, time /date, and name /location of attachment 3) All documents are converted to PDF with security options that prevent copy /paste, and printing 4) End-users are NOT allowed Internet access Owners are left *totally* unsatisfied with all the above, as these measures are not preventative enough. Leaving any of the end-users without ability to email is NOT an option. Leaving a [public] workstation open, available with access to this SPECIFIC FOLDER, and then having no email /Internet is NOT an option. These end-users are all in the CAD design department. Given the nature of the business, suffice-it-to-say, one drawing in email could represent a significant loss. Sadly, the owners feel they cannot entirely rely on the loyalty of generously paid employees [with great benefits], company policies, and or legalese. Thanks in advance for any suggestions. comments. Cheers, -J EMPLOYEE Supposition: Surely in created the level of sophistication placed in Sophos with Device Data Control suggests that a greater need exists to protect the employer's intellectual property. Along with these concepts, the end-users themselves have become more sophisticated and perhaps unfortunately [these days] more-willing to place their positions on the line. I guess if we've done our IT job. than the end-users ONLY option is to snap a photo using a cell-phone. What
RE: BLOCKING end-users from ATTACHING and EMAILING...
Thank you Jeff. The CAD operators cannot print the items of sensitivity [again we need to prevent the possibility to email only]. Many of these items [documents] represent Standards or dimensions which the engineers use for all projects, and are located in one folder. These docs are large, including roughly 130 pages each, and would easily allow other manufacturing firms to replicate the same exact pieces. This is VERY Similar to the secret recipes for the odors of Crayola crayons, or Papa John's Pizza garlic sauce, etc., etc. Ps. The latter is something I would LOVE getting my hands on. I would make a HUGE batch for home use to dip the crust of *any* pizza!! From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Wednesday, May 04, 2011 8:14 PM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... Can the CAD operators print? Seriously, if the owners need to protect their intellectually property at that level, have the engineers upload the docs to a directory for review and approval and let a 3rd party review them prior to sending them to an external destination. -Jeff Steward On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Thanks Martin We too were thinking that might be a viable option. If seems NOT good for two reasons. 1) That is a Global setting, whereby the entire company would be effected by the one Exchange server 2) This department needs to transfer large files MOSTLY internally, but on rare occasions outside Sorry I forgot to mention this in our original post. -J From: Martin Blackstone [mailto:mblackst...@gmail.com] Sent: Wednesday, May 04, 2011 2:50 PM To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... You could just put such a small attachment size restriction on them that nothing would go. Say 1K. From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Wednesday, May 04, 2011 1:47 PM To: NT System Admin Issues Subject: BLOCKING end-users from ATTACHING and EMAILING... We are searching for a method to BLOCK end-users from ATTACHING and EMAILING [sensitive] docs located on a SPECIFIC FOLDER of the share. What we have accomplished thus far: 1) Using Sophos we activated Device Control preventing end-user from coping to Storage, Network, or Short Range devices 2) Using Sophos we also activated Data Control. thus creating email alerts detailing the sender /recipient, time /date, and name /location of attachment 3) All documents are converted to PDF with security options that prevent copy /paste, and printing 4) End-users are NOT allowed Internet access Owners are left *totally* unsatisfied with all the above, as these measures are not preventative enough. Leaving any of the end-users without ability to email is NOT an option. Leaving a [public] workstation open, available with access to this SPECIFIC FOLDER, and then having no email /Internet is NOT an option. These end-users are all in the CAD design department. Given the nature of the business, suffice-it-to-say, one drawing in email could represent a significant loss. Sadly, the owners feel they cannot entirely rely on the loyalty of generously paid employees [with great benefits], company policies, and or legalese. Thanks in advance for any suggestions. comments. Cheers, -J EMPLOYEE Supposition: Surely in created the level of sophistication placed in Sophos with Device Data Control suggests that a greater need exists to protect the employer's intellectual property. Along with these concepts, the end-users themselves have become more sophisticated and perhaps unfortunately [these days] more-willing to place their positions on the line. I guess if we've done our IT job. than the end-users ONLY option is to snap a photo using a cell-phone. What then will the employer do?? Add company policy to include NO CELL PHONES?? Imagine a world AT WORK without texting, tweeting, and the occasional personal call??? Ouch! EMPLOYER Supposition [slave-master]: Add video surveillance too :--/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt
RE: Sophos vs. Vipre Enterprise (now that we have tested both)
BS'D Comments below. From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Saturday, August 14, 2010 6:51 AM To: NT System Admin Issues Cc: Jason Chronowitz Subject: RE: Sophos vs. Vipre Enterprise (now that we have tested both) Jeff -- thanks for this. This will sound odd, but I like having VIPRE compared to Sophos, as opposed to many others. It's a very decent product and a product we look at as being in the same class as VIPRE. With regard to your points: Exclusions -- the next major release of VIPRE (Q4) will have best-practices templates, which will pre-define roles for various types of systems. This will dramatically help in pre-defining exclusions for servers. Updates -- We actually turned on hourly updates a few months ago, and found users didn't like it. I think a lot of that had to do with the updating scheme inside the product, which spiked CPU usage when applying the update. The next minor update to VIPRE has code written in it to allow going back to hourly updates. 24/7 support -- Got it. We are working on improving weekend support, and I expect you'll find things getting quite a bit better. Your general comments about support are also perfectly reasonable and we will continue to improve. Reboots -- New code is being written to separate non-boot required functions from boot-required functions, which will enable us to only require a reboot in certain occasions. Our developers have been beaten into submission on this subject, and they are now terrified of releasing update which requires a reboot ;-) Sophos actually does require reboots, but they schedule it around major upgrades, and they push all the reboot-required functions into one release (I believe they have a policy of only doing reboots once a year). Might be the case.and a schedule that we can live with. However, not doing a reboot around a deployment --- I would like some more information on this. Was this on Vista/Windows 7 machines? Or on XP machines? On XP and below, it is technically impossible not to require a reboot, based on the driver model (there are some exceptions to this, but it's a long technical discussion). Empirically yes, NO reboots are required for the agent deployment of XP and Server 2003 only. http://www.sophos.com/support/knowledgebase/article/11006.html Once again, thanks for the frank evaluation, and I can assure you this email has plenty of readers inside the organization. BTW Good to Great, by Jim Collins is a excellent read. The answers to what makes a good company great are in this book. IMHO Sunbelt Software is experiencing Level 5 Leadership. Sorry, off-topic, and I don't mean to patronize, just my frank observation!! Continued success. http://www.bizsum.com/articles/art_good-to-great.php Alex Alex Eckelberry, CEO Sunbelt Software 33 N. Garden Avenue, Clearwater, FL 33755 p: 727-562-0101 x220 e: a...@sunbeltsoftware.com MSN: alex...@hotmail.com w: file:///C:\Documents%20and%20Settings\exec3\Application%20Data\Microsoft\Si gnatures\www.sunbeltsoftware.com www.sunbeltsoftware.com b: file:///C:\Documents%20and%20Settings\exec3\Application%20Data\Microsoft\Si gnatures\www.sunbeltblog.com www.sunbeltblog.com _ From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] Sent: Wednesday, August 11, 2010 4:56 PM To: NT System Admin Issues Subject: Sophos vs. Vipre Enterprise (now that we have tested both) We are in an SMB environment of roughly 60 servers and 1000 hosts, including Server 2003, 2008, SBS2003, SBS2008, XP Pro SP3, Windows 7, and Vista workstations. Sophos Endpoint Security along with PureMessaging, and Vipre Enterprise Premium along with Vipre Email Security are being put to the test head-to-head. We are staunch fans of Sunbelt Software. Our experiences with Vipre Email Security (much improved over Ninja) has been great over the years. For over 10-years we have placed our trust in Trend Micro, something that has deteriorated slowly over the past 24-months. In any event, we are hoping that our published comparisons will meet objectivity, and help to give reassurance to future Vipre users regardless of the decisions we ultimately made. The Sunbelt 'NT System Admin Issues' forum has been a great help, dating back to April, more specifically. 4/01/2010 Subject: Enterprise Anti-Virus, rz...@qwest.net 4/21/2010 Subject: Sophos vs. Vipre Enterprise, jholmg...@xlhealth.com 5/06/2010 Subject: NOD32 Antivirus, jda...@asmail.ucdavis.edu 5/09/2010 Subject: Life just keeps getting better, kurt.b...@gmail.com 7/29/2010 Subject: Vipre effectiveness false positives, c.house...@gmail.com 1) Installation / Deployment Server installs both went smooth. In deployment Sophos had few if any issues. Viper deployment to server required countless exclusions (painfully so). in fact when our server crashed, we were told that a few exclusions were missing (Agh!). Viper deployment
RE: Sophos vs. Vipre Enterprise (now that we have tested both)
. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 Jeff S. Gottlieb jeff.s.gottl...@gmail.com 8/11/2010 4:56 PM We are in an SMB environment of roughly 60 servers and 1000 hosts, including Server 2003, 2008, SBS2003, SBS2008, XP Pro SP3, Windows 7, and Vista workstations. Sophos Endpoint Security along with PureMessaging, and Vipre Enterprise Premium along with Vipre Email Security are being put to the test head-to-head. We are staunch fans of Sunbelt Software. Our experiences with Vipre Email Security (much improved over Ninja) has been great over the years. For over 10-years we have placed our trust in Trend Micro, something that has deteriorated slowly over the past 24-months. In any event, we are hoping that our published comparisons will meet objectivity, and help to give reassurance to future Vipre users regardless of the decisions we ultimately made. The Sunbelt 'NT System Admin Issues' forum has been a great help, dating back to April, more specifically… 4/01/2010 Subject: Enterprise Anti-Virus, rz...@qwest.net 4/21/2010 Subject: Sophos vs. Vipre Enterprise, jholmg...@xlhealth.com 5/06/2010 Subject: NOD32 Antivirus, jda...@asmail.ucdavis.edu 5/09/2010 Subject: Life just keeps getting better, kurt.b...@gmail.com 7/29/2010 Subject: Vipre effectiveness false positives, c.house...@gmail.com 1) Installation / Deployment Server installs both went smooth. In deployment Sophos had few if any issues. Viper deployment to server required countless exclusions (painfully so)… in fact when our server crashed, we were told that a few exclusions were missing (Agh!). Viper deployment to host on two systems came with MANY surprises. The Vipre agent loaded a “NDIS IM” element in the TCPIP stack, causing CISCO (IPSec) clients to connect… oddly not allowing us to remote TS, Dameware, and other remote applications. SonicWall VPN clients remained unaffected. Vipre even caused slowness, freezing during printing, multi-tasking, and issues with Adobe Acrobat. Some of these issues we just gave up on attempting to resolve and disabled the firewall entirely. When a MSP firm cannot remote access…this is serious!! We couldn’t get support soon enough… and unfortunately cases remain open 4-5 days after the fact. Vipre left our accounting department, using a PSA software (ConnectWise), locked out for an entire day. 2) Post Installation Sophos agent with firewall was documented as utilizing up to 150+ MB of RAM (enormous)… we were told, “…the price you pay for good protection”. We were not comforted, despite this fact the users never complained about slower speeds. Vipre utilized a fraction of this, maybe 7 MB… albeit given the deployment issues (above) we remain unimpressed by any benefit there might be. Sophos comes along with definitions updated hourly, Vipre (so we are told) is heading in this direction too. Vipre currently is defaulted to update every 3-hours, and that default can be changed (…the value??). 3) 24-hour Enterprise support Vipre Enterprise technicians we found were skilled, sadly they are scantily available on weekend (evenings). Sophos Endpoint Security we found were equally skilled and *always* available. Despite not having a “Premium” support agreement, we found Sophos enthusiastic when it came to remote access (LogMeIn). If (in the rare occasion) Vipre was asked to remote, remote was either unavailable or they were flat out reluctant. Vipre on several occasions seemed overwhelmed… Sophos *never* gave us that feeling. 4) Additional Items Sophos PureMessaging (SPAM filter) catches SPAM well (notice we didn’t say unsolicited advertisements). If you differentiate (most do) between the two you will NOT enjoy PureMessaging. Additionally with PureMessaging each account receives email called “spam digest”, there are options to either Delete or Deliver. In either event chosen, this is a singular event… it does NOT automatically allow or block these addresses on a going forward basis. It’s impossible meeting the demands of users wanting NOT to receive Golf Digest solicitations, eBay, Amazon, LL Bean, Victoria Secrets (no joke!), all that legitimate stuff that gets overwhelming. Ah… then there’s Vipre Email Security!!! If *anything* unwanted makes it to the Inbox (a rare occasion), the individual users can manage without support. More systems like this create nearly passive income for us. Vipre has agent (not definition) updates. These agent updates require reboots… can you imagine 200 users rebooting their workstations for updates?? We cannot, and furthermore in the 6 long weeks we have been in proof-of-concept, Sophos has never needed an agent reboot… not even following deployment (Nice!) We invite your comments and encourage you to make the same comparisons and let us know your results. If we are wrong on any account… or seem less than objective
Sophos vs. Vipre Enterprise (now that we have tested both)
We are in an SMB environment of roughly 60 servers and 1000 hosts, including Server 2003, 2008, SBS2003, SBS2008, XP Pro SP3, Windows 7, and Vista workstations. Sophos Endpoint Security along with PureMessaging, and Vipre Enterprise Premium along with Vipre Email Security are being put to the test head-to-head. We are staunch fans of Sunbelt Software. Our experiences with Vipre Email Security (much improved over Ninja) has been great over the years. For over 10-years we have placed our trust in Trend Micro, something that has deteriorated slowly over the past 24-months. In any event, we are hoping that our published comparisons will meet objectivity, and help to give reassurance to future Vipre users regardless of the decisions we ultimately made. The Sunbelt 'NT System Admin Issues' forum has been a great help, dating back to April, more specifically. 4/01/2010 Subject: Enterprise Anti-Virus, rz...@qwest.net 4/21/2010 Subject: Sophos vs. Vipre Enterprise, jholmg...@xlhealth.com 5/06/2010 Subject: NOD32 Antivirus, jda...@asmail.ucdavis.edu 5/09/2010 Subject: Life just keeps getting better, kurt.b...@gmail.com 7/29/2010 Subject: Vipre effectiveness false positives, c.house...@gmail.com 1) Installation / Deployment Server installs both went smooth. In deployment Sophos had few if any issues. Viper deployment to server required countless exclusions (painfully so). in fact when our server crashed, we were told that a few exclusions were missing (Agh!). Viper deployment to host on two systems came with MANY surprises. The Vipre agent loaded a NDIS IM element in the TCPIP stack, causing CISCO (IPSec) clients to connect. oddly not allowing us to remote TS, Dameware, and other remote applications. SonicWall VPN clients remained unaffected. Vipre even caused slowness, freezing during printing, multi-tasking, and issues with Adobe Acrobat. Some of these issues we just gave up on attempting to resolve and disabled the firewall entirely. When a MSP firm cannot remote access.this is serious!! We couldn't get support soon enough. and unfortunately cases remain open 4-5 days after the fact. Vipre left our accounting department, using a PSA software (ConnectWise), locked out for an entire day. 2) Post Installation Sophos agent with firewall was documented as utilizing up to 150+ MB of RAM (enormous). we were told, .the price you pay for good protection. We were not comforted, despite this fact the users never complained about slower speeds. Vipre utilized a fraction of this, maybe 7 MB. albeit given the deployment issues (above) we remain unimpressed by any benefit there might be. Sophos comes along with definitions updated hourly, Vipre (so we are told) is heading in this direction too. Vipre currently is defaulted to update every 3-hours, and that default can be changed (.the value??). 3) 24-hour Enterprise support Vipre Enterprise technicians we found were skilled, sadly they are scantily available on weekend (evenings). Sophos Endpoint Security we found were equally skilled and *always* available. Despite not having a Premium support agreement, we found Sophos enthusiastic when it came to remote access (LogMeIn). If (in the rare occasion) Vipre was asked to remote, remote was either unavailable or they were flat out reluctant. Vipre on several occasions seemed overwhelmed. Sophos *never* gave us that feeling. 4) Additional Items Sophos PureMessaging (SPAM filter) catches SPAM well (notice we didn't say unsolicited advertisements). If you differentiate (most do) between the two you will NOT enjoy PureMessaging. Additionally with PureMessaging each account receives email called spam digest, there are options to either Delete or Deliver. In either event chosen, this is a singular event. it does NOT automatically allow or block these addresses on a going forward basis. It's impossible meeting the demands of users wanting NOT to receive Golf Digest solicitations, eBay, Amazon, LL Bean, Victoria Secrets (no joke!), all that legitimate stuff that gets overwhelming. Ah. then there's Vipre Email Security!!! If *anything* unwanted makes it to the Inbox (a rare occasion), the individual users can manage without support. More systems like this create nearly passive income for us. Vipre has agent (not definition) updates. These agent updates require reboots. can you imagine 200 users rebooting their workstations for updates?? We cannot, and furthermore in the 6 long weeks we have been in proof-of-concept, Sophos has never needed an agent reboot. not even following deployment (Nice!) We invite your comments and encourage you to make the same comparisons and let us know your results. If we are wrong on any account. or seem less than objective, please let us know. We are expecting this thread will live for quite awhile. and Alex will have a lot to say. Turning down Vipre Enterprise (Sunbelt Software) hurts, especially understanding the culture of the company. the best
No Disclaimers in VIPER (caused by use of email digital certificates)
We just closed a case with Sunbelt.disclaimers appeared in all email accounts except those using digital certificates. Was wondering if anyone else experienced the same. - Jeff Exchange 2003 Outlook 2007 Digital Security COMODO ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
VIPER: NO Disclaimers in email (caused by email digital certificates)
We just closed a case with Sunbelt.disclaimers appeared in all Exchange email accounts except those using digital certificates. They have now explanation and no fix. Is anyone else experienced the same? Is anyone using email digital certificates, if yes from what company? Thanks - Cheers - Jeff Viper Enterprise v3.0.1.4.796 Exchange 2003 Outlook 2007 Digital Security COMODO ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VIPER: NO Disclaimers in email (caused by email digital certificates)
Kevin, I reworded and reposted this thread (minutes ago) hoping to stimulate more discussion.and before knowing you replied. Thank you. Interesting enough Sunbelt support, never saw anyone using a email digital certificate.thus could not offer a remedy. We do not represent the defense department so we can live without certificates, but since we are using, and with issues *maybe* someone has a quick remedy. Let's assume we were a VERY small minority and needed certificates.is this an issue with COMODO or all certificates in Viper? Based on your logic (below) all certificates would present Viper users with this issue. -J From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Friday, March 12, 2010 7:46 AM To: NT System Admin Issues Subject: Re: No Disclaimers in VIPER (caused by use of email digital certificates) I have no idea of that is a Viper feature or not, but I believe that is the way you would want it to operate isn't it? Otherwise, the insertion of the disclaimer would be modifying the email message, which would cause the signature to indicate tampering. On Fri, Mar 12, 2010 at 3:13 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: We just closed a case with Sunbelt.disclaimers appeared in all email accounts except those using digital certificates. Was wondering if anyone else experienced the same. - Jeff Exchange 2003 Outlook 2007 Digital Security COMODO ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: VIPER: NO Disclaimers in email (caused by email digital certificates)
Great! We can conclude.with a *much* better understanding of this issue and a workaround. Thank you Kevin. Alex. IMHO your tech(s) should be made aware (Ticket on this case was #137504). As For the record, despite his lack of understanding with certificates, he did a stand-up job (so I'm told) troubleshooting and correcting our corrupt Disclaimer Policy folder issues. This alluded our technical expertise.and that of two other SB techs. :~) -Jeff From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Friday, March 12, 2010 10:04 AM To: NT System Admin Issues Subject: RE: VIPER: NO Disclaimers in email (caused by email digital certificates) Kevin is right, and I'll make sure the techs know. Changing a signed document goes directly against what a signed document is supposed to be... Alex From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Friday, March 12, 2010 12:35 PM To: NT System Admin Issues Subject: Re: VIPER: NO Disclaimers in email (caused by email digital certificates) Yes, all certificate vendors would present this problem to ANY disclaimer system. It's not limited to Viper. If you think about what a digital signature is doing - alerting to any change to a message, this makes sense. A disclaimer is a change. So if Viper were to add a disclaimer, the recipient would get a signature warning. So the fact that Viper is not adding it is a working in your favor. Honestly, I am surprised that SB told you they never heard of anyone using signatures. I suspect that was really just the technicial you were dealing with. I wouldn't be surprised if it were actually a feature they included (but the technician didn't know about). Options: 1) tell people to use the cert only when needed (e.g. contract agreement, etc) 2) limit the certs to the small population that needs them - have them put the disclaimer in their normal signature file 3) integrate the certs into AD and use the transport rule as Michael suggested Kevin On Fri, Mar 12, 2010 at 11:34 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: Kevin, I reworded and reposted this thread (minutes ago) hoping to stimulate more discussion.and before knowing you replied. Thank you. Interesting enough Sunbelt support, never saw anyone using a email digital certificate.thus could not offer a remedy. We do not represent the defense department so we can live without certificates, but since we are using, and with issues *maybe* someone has a quick remedy. Let's assume we were a VERY small minority and needed certificates.is this an issue with COMODO or all certificates in Viper? Based on your logic (below) all certificates would present Viper users with this issue. -J From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Friday, March 12, 2010 7:46 AM To: NT System Admin Issues Subject: Re: No Disclaimers in VIPER (caused by use of email digital certificates) I have no idea of that is a Viper feature or not, but I believe that is the way you would want it to operate isn't it? Otherwise, the insertion of the disclaimer would be modifying the email message, which would cause the signature to indicate tampering. On Fri, Mar 12, 2010 at 3:13 AM, Jeff S. Gottlieb jeff.s.gottl...@gmail.com wrote: We just closed a case with Sunbelt.disclaimers appeared in all email accounts except those using digital certificates. Was wondering if anyone else experienced the same. - Jeff Exchange 2003 Outlook 2007 Digital Security COMODO ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~