I work for an IT Company which provides security products to other companies. One of our clients was using Symantec antivirus corporate edition 10.1.which we had suggested to them and were supporting. The client had no issue with the Symantec Antivirus. Their network applications were running without any problem which is most important to them as it was a production environment which their company relied heavily on. They were using Symantec antivirus on windows 2003 Application server and windows Xp professional clients. The client used it for 1 year without any major problem. (Yes there were occasional times when Symantec was unable to detect new threat. I logged case in Symantec and submitted the threat to the security response team after which they provided the rapid release definition within few hours or maximum 1 day. One thing to note that within that one year period I have never faced any case of false positive detection and for which I am 100% sure that Symantec never detects any false positives. I have never seen it in my career. For which I prefer Symantec over others.)
After one year a representative of another IT farm came to meet the customer with a suggestion to move to another AV product which has better detection rate than Symantec according to him. He showed some websites where some comparisons are there between AV Products and googled for the comparisons of some AV products which clearly showed better detection rate than Symantec. He showed the price comparison also which is less as compared to Symantec. In this way he convinced our client to move from Symantec to the other Antivirus which they did within 1 month or so.
The client's engineer installed antivirus server and for a test deployed 30 clients in the IT department which was completed after some minor problems. In next phase they went to production areas and installed their antivirus on 15 clients which detected the running network application as threat and stopped the application to run. Now the real problem came as they called their customer care and informed the problem. The customer care guys were not taking this issue as serious as it actually was. So they removed their antivirus from 14 clients out of 15 installed and left 1 machine installed with their antivirus to diagnose and rectify the problem. The customer care took 3 days to give a solution and after that entire networked computers (more than 1500 PCs) were installed with that antivirus.
After few days a new threat hit the customer network (It was W32.SillyFDC according to Symantec) which creates an .exe file within each folder and names it according to the folder name. It spread through network share, pen drive etc. Suddenly all the PCs were infected with this virus and became immensely slow. The security team of that antivirus company was contacted and they asked to submit the virus infected file to them which was done early and the client expected early response from them. After 24 hours there was no solution provided and no fair response from them either.
So customer tested that virus with Symantec and it detected. But the problem was the other antivirus which was unable to detect and their security team also not responding to the user’s problem as almost all the PCs in the network were infected by that time.
It’s the support that maters most in this type of situation which will come now and then. No antivirus can provide 100% security/protection from virus/malware.
After 3-4 days the antivirus company released definition for that virus which later detected the virus but till then the damage was done already. One common problem found in all of the machines was that no one able to open task manager and registry, and unable to see the folder option in control panel.
After this incident customer wanted to change the antivirus but they had already paid for one year license fee. That antivirus detected more false positives than Symantec which was more harassment for customer and the AV Admin. After 6 months or so the customer again asked our company to provide Symantec Antivirus which we did and deployed Symantec to all PCs across network without any problem. Yes there are some time when Symantec also fails to protect from new threat but the response from Symantec security response team is remarkable. They team up with us till the problem is solved. And also they provide the solution quickly if the situation is critical. After Endpoint protection customer is happier then ever as its network threat protection and firewall works great.