none
AUDITORS SCREAMING!! SCCM ENDPOINT PROTECTION 2012 SP1!! Please HELP!

    Question

  • In a recent a "senior program manager" at Microsoft and stated Microsoft's malware protection is sub par / not enterprise quality. This happened but 1 day ago and i have 2 auditors already screaming at me I need help!
    We need to know how this affects SCCM ENDPOINT PROTECTION 2012 as we have this DEPLOYED in our enterprise. How and what are the benefits of keeping SCCM ENDPOINT? what are the differences between it and MSE? what more/better scanners  / engines etc does it use??? We need this answered as soon as possible as this is a possible huge AUDIT and SECURITY issue. This is installed in THOUSANDS of machines.

    Quote:
    "Holly Stewart, senior program manager of the Microsoft Malware Protection Center, admitted in an interview with Dennis Technology Labs, a company that performs anti-virus tests on a regular basis, that Security Essentials is indeed designed to remain “at the bottom” and is a "Baseline" antivirus product.

    Please help any assistance would be GREATLY appreciated!!!


    Mateo

    Thursday, September 26, 2013 2:38 PM

Answers

  • It's "baseline" because it doesn't include many of the things that other security suites include like firewall and full disk encryption -- those are part of the OS and don't need to be included. It's not baseline for any other reason.

    As for it being the same engine as security essentials, so what? There is no special thing as an enterprise AV engine: either you protect against threats or you don't. All of the vendors use the same engine and definitions for their consumer products as well as their enterprise products -- it doesn't make sense not to.

    And, for the "independent" labs results, first, you have to believe the "independent" title and then you have to believe that none of the other vendors are gaming the results.

    Microsoft is committed to providing the best technology and protection available against "real-world" threats, not some arbitrary lab tests that have no bearing on and are not a reflection of what is actually in the wild.

     

    Jason | http://blog.configmgrftw.com

    Friday, September 27, 2013 2:38 AM

All replies

  • My opinion: Use F-Secure. (www.f-secure.com). Includes USB device block out of the box also.

    Thursday, September 26, 2013 2:54 PM
  • Where is this quote taken from?

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, September 26, 2013 3:26 PM
  • Just search "holly stewart antivirus" set the search time to 1 week, she apparently said this and other things during and interview one day ago, and it's causing me all kinds of hell with auditors and managers wanting an explanation and a plan to move to another product if i can get no answer from anybody at microsoft. I posted here, emailed the SCCM tech blog writers, and opened a ticket on the free 365 ticket service which they closed and said they aren't allowed to transfer calls/tickets to those departments and i had to open a PAID ticket request!! I mean seriously this is bad mojo and going to cause lots of unexpected work if they dont step up. :(

    Mateo

    Thursday, September 26, 2013 3:50 PM
  • FWIW...

    [Microsoft] Security Essentials [sic] is designed to be bottom of the antivirus rankings
    http://www.pcpro.co.uk/news/security/384394/microsoft-security-essentials-is-designed-to-be-bottom-of-the-antivirus-rankings


    ~Robear Dyer (PA Bear) ~ MS MVP-Windows Client since 2002 ~ Disclaimer: MS MVPs neither represent nor work for Microsoft

    Thursday, September 26, 2013 8:53 PM
  • Redefine your question.  Are you asking Microsoft to recommend another product because Holly's comments reduce the performance of the product or are you asking Microsoft to redefine the deployment scenarios in which you should use SCCM versus another product?

    I suggest searching for independent studies for a best-of-breed or appropriate product for your specific needs; Gartner's Magic Quadrant or something similar.  The Verizon Threat Report puts SCCM Endpoint protection directly in the middle of the field with all other products according to their publicly available whitepapers so relying on one quote even from a MSFT senior manager doesn't really solve what your auditors are asking, does it?

    As we all know auditors will scream with no real reason and they always tend to be unclear in what they're screaming about because they're just not as technical as the average administrator.  Let your search engine be your guide and instead of asking support, try your Microsoft rep.  They can get you non-support answers on products and product road maps.

    NO one protects against zero day threats well.  If I am not understanding your issue, post a clearer question without the excitement.

    Thursday, September 26, 2013 9:23 PM
  • Read my post before posting a reply its clear enough, not very complicated.
    I understand how zero days work and those that exploit admin apps suck as java
    and flash but auditors don't care as you said. If a Senior or any representative
    states product X is less than advertised and it a vital security product i have every right
    to ask them for information as their immediate response should be a answer that
    this only represents the public product not endpoint etc but nothing yet. So as i have 
    people to deal with, so must they deal with my question. and read it in its entirety. 

    as for google being your guide you have apparently never googled antivirus products

    this of coarse leads to hundreds of pages of opinions and very little facts. As most of the reviews tend to be rewording other reviewers websites and dont understand how av engines / malware / nps engines may work or even that there is more then one scanner... regardless it sucks.


    Mateo

    Thursday, September 26, 2013 10:54 PM
  • You need to check your sources and your quote...

    System Center Endpoint Protection is an enterprise quality product.

    Security Essentials is a home user product and not designed for use in enterprises.  As it has been superseded by the built-in Windows Defender on current operating systems (Windows 8 and Windows 8.1), his quote makes sense.  They will not invest heavily in a legacy product.

    I hope that helps,

    Nash



    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".


    • Edited by NPhersonMVP Thursday, September 26, 2013 11:33 PM Edit
    Thursday, September 26, 2013 11:28 PM
  • Mateo;

    I did read your post several times before responding to assist.  My response is due to you posting your non-technical issues to a technical forum about corporate issues within Microsoft which should be routed to your Microsoft account manager.  Support would not be able to answer this question any better because this is not a technical issue.

    When I recommend Google, I assume you are a professional in the IT industry and somewhat versed at using search products properly to filter out non-relevant data.  Being an IT professional I assume you know the other major players in the AV industry to base your search criteria on; also assuming you know how analyze and rank products, then assuming you do research before posting a non-technical question to a technical forum; something all of us do as IT professionals.  You will not find your answer on TechNet. 

    I agree with you completely that someone from Microsoft needs to step in with some damage control for the comments of a senior product manager as SCCM was pitched to us also as an Enterprise solution.  However, I did compare AV tests from independent vendors, and found based off real world testing, SCCM isn't the bottom of the product list.  So while the product is very capable at protecting end points and internal systems, they need to redefine their product placement.

    I suggest finding a better tone before you ask Microsoft about this issue, because based off your original post, and your derogatory response to me, no one will want to help you and they don't have to.  This is a community forum where people are willing to help, using their own time and while I don't work for Microsoft, I hope you understand your lack of professionalism will probably prevent you from finding any answer or people willing to assist.

    Here's a bone: 

    Google or Bing "gartner antivirus magic quadrant" and then filter only images.  You get all of the magic quadrants for various types of AV security from mobile phones to message filtering and DLP.  From there you should be able to go and source your own materials and make your own decisions on how to answer your auditors (whom you still never stated what they were yelling about)

    Thursday, September 26, 2013 11:31 PM
  • You are correct Nash but aren't they the same product underneath meaning same Def & Engine files that will detect the same virus?  They are also developed by the same team at MS.  If that is the case, how different can they be?  We have been using SCEP for years now and are very happy with it.

    Shawn

    Thursday, September 26, 2013 11:46 PM
  • I agree with you El Veracruz on most of your points.  The best course of action would be to engage MS via sales/tech account manager channels and not on this forum. 

    I have been using it for years and have no problem with it.  We got burned bad by McAfee and it was a very easy decision to migrate to this as we already owned SCCM at the time.

    There is not going to be a perfect AV out there as they all have there pro's and cons.  Rather then trying to replace SCEP with something else, get some additional protection software for your clients such as Bit9 or FireEye..

    Shawn

    Thursday, September 26, 2013 11:51 PM
  • Microsoft is aware of the statement and is preparing a public response but suffice it to say that the PM was misquoted and Microsoft is dedicated to SCEP.

    Also note that Security Essentials ans SCEP do in fact use the same scan engine and definitions.


    Jason | http://blog.configmgrftw.com

    Friday, September 27, 2013 12:01 AM

  • As stated by Jason and another the reason why the auditors are upset

    http://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx

    QUOTE MS SITE:

    System Center 2012 Endpoint Protection uses the same industry-leading antimalware engine as Microsoft Security Essentials to protect your employees against the latest malware and rootkits.
     
    The engine protects against both known and unknown threats with a combination of highly accurate signatures and behavioral detection techniques. It has been highly ranked in independent third-party tests, such as those by AV-Comparatives and VirusBulletin, with special distinction for its low false positive rate.


    Mateo

    Friday, September 27, 2013 12:20 AM
  • Like said, SCEP is refered as a 'baseline' in many reviews:

    http://www.av-test.org/en/tests/corporate-user/windows-8/janfeb-2013/

    Personally I'm not interested in SCEP at all because it's just Security Essentials repackaged, it isn't by far that good as the other companies offerings. Reason for this? AV isn't the main business for Microsoft.

    Friday, September 27, 2013 2:18 AM
  • It's "baseline" because it doesn't include many of the things that other security suites include like firewall and full disk encryption -- those are part of the OS and don't need to be included. It's not baseline for any other reason.

    As for it being the same engine as security essentials, so what? There is no special thing as an enterprise AV engine: either you protect against threats or you don't. All of the vendors use the same engine and definitions for their consumer products as well as their enterprise products -- it doesn't make sense not to.

    And, for the "independent" labs results, first, you have to believe the "independent" title and then you have to believe that none of the other vendors are gaming the results.

    Microsoft is committed to providing the best technology and protection available against "real-world" threats, not some arbitrary lab tests that have no bearing on and are not a reflection of what is actually in the wild.

     

    Jason | http://blog.configmgrftw.com

    Friday, September 27, 2013 2:38 AM
  • I'm not going to argue with you Jason, so let's just say that you've got your opinion and I've got mine.

    My point (and honest opinion) was (and still is) that if you really want to get protected, use some other software, they are better.

    Friday, September 27, 2013 6:26 AM
  • Well I can assure you this much.

    MSE detects and removes far more than what McAfee Enterprise Edition does!!

    So even if EP doesn't suffice as the best AV product on the market, I know what at least it's doing something.

    I've heard quite a lot of trainers and consultants commenting about how good MSE is.

    I like the way you can integrate EP through SCCM and how they have left the option for you to keep your existing AV product.

    We used to run McAfee and MSE on our machines and found that worked better for us.

    Some threats will always fall under the radar and others will be caught etc.

    One size doesn't fit all.

    I've seen people with up to three different AV products on their machines!!

    SCEP is a MS Product but remember MS are not a dedicated AV company.

    Saying that, try some of the other products out there and ask yourself why do you want to be paying for them.

    You need to find something that is cost effective and gives your the best ROI.

    With AV you want a company that stand behind their product and have a reliable technical department. It is important that they adhere to their SLA's and take your concerns seriously.

    The aftercare is as important as the product.  

      


    • Edited by midi25 Friday, September 27, 2013 7:31 AM error
    Friday, September 27, 2013 7:30 AM