SAV 10- What’s New

The SAV Installation Guide (savinst.pdf in the docs directory or check the support site) lists what is new in this release.
Security Risk Detection and Removal
This is Symantec’s code for spyware, adware and assorted security risks. In this version Symantec can now detect spyware via autoprotect. This is an important improvement from SAV 9 which could only scan for this stuff during manual and scheduled scans.
We also now have the ability to have exception lists. Unfortunately rather than being able to add an EXE to ignore, we must ignore the entire spyware detection. Usually this is ok. For example with SAV 9, I have users who are constantly getting a virus detection for aports or Radmin. If I determine that is ok, then I would just whitelist it and never be bothered again.
Taking a page from the anti-spyware vendors, Symantec now has a quickscan that checks common hooks in the operating systems using by viruses and crap ware to autostart.
By default, the quickscan runs at every boot. Some people are finding this uses a lot of resources at logon. You can disable this behavior with a .reg file you can find at the Symantec support site.
You can run a quickscan at the beginning of a full system scan also if so desired.
Kill Kill Kill
No, that’s not the voices in your head. Symantec now has the ability to kill processes or stop services. So all those times, Symantec couldn’t remove a file because it was a currently running process…that’s in the past. This sounds like a huge improvement.
Tamper Protection
We’ve all seen it. When a virus slips by an antivirus product, the first thing it does is disable the antivirus. Or perhaps it wasn’t a virus, just a user deciding they didn’t need to conform to company policy so they figure out how to disable it. Tamper Protection watch for this sort of thing.
The problem with Tamper Protection is that it cannot be used if you have any other real time security software. There are also reports of SMS causing many alerts.
I think the manual also says that Tamper Protection will remove the ability of non-administrative users to run liveupdate (assuming you allow anyone to manually run live update in your environment).
Test it in your environment, but it sounds to me like this is not ready for prime time.
Role Based Accounts
Instead of having one password giving access to the SSC, you can now create role based accounts to provide read only, administrator, Central Quarantine and gateway security accounts.
These are separate accounts and cannot use Active Directory accounts.
SSL is now used to secure the communications between management consoles (SSC), the parent server, and the clients.
This adds some complexity for disaster recovery and server migration. Make sure you read the manual on this area.
Alternative Data Streams
Now supports scanning for viruses in alternate data streams. I dont know of any viruses using this. But the virus researchers have been agitating for vendors to add support for this.

64 bit amd support

We’ve been waiting for this. I dont think we’ve installed it yet so I cant comment. I did see in the readme that updates are through liveupdate only, no VDTM.
IPXSPX Support is gone
I notice that under server tuning, you need to check a bot to support downlevel clients.
I have only installed the server. Not having installed it on the clients yet, I cannot review the product. Just passing on a few notes from what I’ve seen and read thus far. Looks l like a solid step forward. McAfee still seems to be better about stopping web exploits and I dont see anything in this release that will change that.