Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 1740 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Opinion on the updater snafu from a Senior Admin

Pagjsp

I've been in this business over 30 years, and I have, believe me, gone through Hell with a lot of previous anti-virus products in the past. Sophos was, and still is in my opinion, the best and easiest to administer. So, it's amusing to read some of the posts on the Internet from rookie admins doing a good imitation of a Drama Queen. Knee-jerk reactions won't do you any good when something like this happens. I too, could not get through to Sophos yesterday afternoon. But, I understood that their phone lines were probably overtaxed, so I just waited for them to fix the problem, applied the fixes from other admins I found on the Net, and by the time I went home to a cold supper, things were more or less back to normal.

Now, having said all that, and holding Sophos in such high esteem for so long, I'm as disappointed as anyone over this. I expect, in fact I demand, more from Sophos. If they want to be held up as the gold standard in this business, they'd better review procedures and try to make sure this doesn't happen again. Furthermore, a supreme gesture of good faith would be some sort of discount on their loyal customer's next maintenance contract.

:31353


This thread was automatically locked due to age.
Parents
  • 0

    To a certain extent - agreed with both. Roughly the same time spent in this business as Pagjsp.

    Some remarks though:

    Really bad is not the issue with AutoUpdate but with all the other updaters. If you had Move or Delete in your policy recovery will be very painful. But IMHO there was an overreaction by some (so called) rookie admins.

    I've learnt that the first thing to do when disaster strikes is: unplug your phone (or turn off your mobile), get yourself a coffee, lean back and assess the situation: AutoUpdate is broken. Impact? - No identity updates until it is fixed. Scanner? - Works. Slighlty increased risk that brand-new threats slip in, otherwise no immediate danger. Similar to your managment server going belly up. No need to panic.

    there's absolutely no way any testing was done

    Agreed that generic detections have to be tested very very carefully. I can imagine though that testing has been done but that it was flawed. for use with our Live Protection system suggests a rather complex identity, furthermore identities (or IDEs) are not idependent. The slip-up might as well have happened when the update was finally released - guess many of us know such situations. May those of us who never made a (potentially disastrous) mistake speak up :smileyhappy:.

    I'm not cynical - had my share of horror and anger when I came in at 8am and saw about a third of my endpoints (not 20.000 but several thousand anyway) having sent in an alert - and we don't have administrative access to most of them ...

    Don't expect detailed explanations and heads rolling at this point - it'd be just to please the masses. And don't forget - it might be much worse for all the support staff any many others at Sophos than for us.

    Christian

    :31477
Reply
  • 0

    To a certain extent - agreed with both. Roughly the same time spent in this business as Pagjsp.

    Some remarks though:

    Really bad is not the issue with AutoUpdate but with all the other updaters. If you had Move or Delete in your policy recovery will be very painful. But IMHO there was an overreaction by some (so called) rookie admins.

    I've learnt that the first thing to do when disaster strikes is: unplug your phone (or turn off your mobile), get yourself a coffee, lean back and assess the situation: AutoUpdate is broken. Impact? - No identity updates until it is fixed. Scanner? - Works. Slighlty increased risk that brand-new threats slip in, otherwise no immediate danger. Similar to your managment server going belly up. No need to panic.

    there's absolutely no way any testing was done

    Agreed that generic detections have to be tested very very carefully. I can imagine though that testing has been done but that it was flawed. for use with our Live Protection system suggests a rather complex identity, furthermore identities (or IDEs) are not idependent. The slip-up might as well have happened when the update was finally released - guess many of us know such situations. May those of us who never made a (potentially disastrous) mistake speak up :smileyhappy:.

    I'm not cynical - had my share of horror and anger when I came in at 8am and saw about a third of my endpoints (not 20.000 but several thousand anyway) having sent in an alert - and we don't have administrative access to most of them ...

    Don't expect detailed explanations and heads rolling at this point - it'd be just to please the masses. And don't forget - it might be much worse for all the support staff any many others at Sophos than for us.

    Christian

    :31477
Children
No Data