Wednesday, May 26, 2010

Held Hostage By Symantec

In our Citrix environment, we needed good Anti-Virus/Anti-Malware protection since there will be a huge wave of users inhabiting each server on a daily basis. Our first choice was to deploy Symantec Endpoint Protection since we've already had pretty decent success with the product across our PCs. So, we dove in to adding it to our Citrix Environment.

A few weeks in we noticed some very odd things happening: Users access to network shares was excruciatingly slow. It would literally take minutes to enumerate all of the items in a given folder. Since our Start Menus were also redirected on the network, this meant their start menu would not show up for quite some time. Between this, slow log-on and log-off times and slow access to network shares (a main part of our business), this performance was unacceptable.

Naturally I started down the path of getting support. Now, Symantec support is pretty bad in my opinion in terms of wait times, turn-around-times, etc., but that's a different story. To make a very long story (approximately 3 months in time) shorter, it boiled down to the fact that there is a defect in their code that causes network scanning to stay turned on (in File-system auto-protect) even when you uncheck the box in the policy settings. So, in the end, Symantec acknowledged the defect, but as of now, still is unwilling to create the fix for it, or even provide a timeline for when this fix may show up in a future version. Since we've already had several hold ups on this project, this kind of indefinite wait was just unacceptable.

So -- now we're on to looking at our options. At the moment, Kaspersky is looking pretty good. How about any of you? Any experience deploying anti-virus in a Xenapp 5 environment running on Windows Server 2008 x64?

No comments: