Vipre Enterprised hosed as of 4pm 03/02/2009

What caused this?

This was caused by a large removal of CRC8 data, which was done in an attempt to avoid false positives. This update will process eventually, however the load that is created on the machine is simply that of the agent applying the changes to the machine- this will be remedied in 5020.

Thanks!

-Nick

I have this same problem only on PCs that received the 5018 update. 5017 and 5019 seem to be fine. The above solution was missing one part--need to turn off updates on the server or the offending updates get downloaded again right away. I also deleted 5018 as it was causing me the problem, not 5019. The problem on some PCs was solved by uninstall/reinstall after removing the definitions, but not all. When is the next definition 5020 due out?

This is extremely frustrating as I am in the middle of rolling out VIPRE, which I have promised my users is "great!" and "much better than Symantec". Please get this resolved right away and restore my confidence in your software!

I, too, am just now rolling out Vipre Enterprise after singing its praises to management. I was "lucky" and did not get hit by the 5019 fiasco, but my confidence has been shaken none the less. This continues the 3.2 core release shaking I got just last week (and slowed my rollout plans). I'm not ready to give up ... yet (I still have 8 days to cancel and get my money back) but I am watching very, very closely.

Chuck-

I apologize for the trouble that this may have caused, but please be assured that we're auditing our releases to ensure that this doesn't happen again and that support is standing by to help- if you see any troubles at all, please do not hesitate to call us or e-mail.

Thanks!

-Nick

__________

Nick Shorts
Tier 2 Enterprise Support Technician

Sunbelt Software
Support E-mail: Support@SunbeltSoftware.com
Voice: 877.673.1153 x500
Fax: 727.562.5199
Web: www.Sunbelt-Software.com
33 N Garden Ave - Suite 1200
Clearwater, Fl 33755 - USA

-------------------------------------------------------------------------------
If you do not want further emails from us, please forward
this message to listmanager@sunbeltsoftware.com with
the word 'unsubscribe' in the subject of you email
--------------------------------------------------------------------------------

GinIT-

5020 is due out later today (Wednesday), due in part to a large testing initiative. We will be testing the distribution and application of these definition files more so than normal releases to ensure that there will be no issues.

Thanks!

-Nick

__________

Nick Shorts
Tier 2 Enterprise Support Technician

Sunbelt Software
Support E-mail: Support@SunbeltSoftware.com
Voice: 877.673.1153 x500
Fax: 727.562.5199
Web: www.Sunbelt-Software.com
33 N Garden Ave - Suite 1200
Clearwater, Fl 33755 - USA

-------------------------------------------------------------------------------
If you do not want further emails from us, please forward
this message to listmanager@sunbeltsoftware.com with
the word 'unsubscribe' in the subject of you email
--------------------------------------------------------------------------------

So why not send out a brief info on this serious issue (and skip the next bloated newsletter).

I have posted Alex (our CEO)'s response below:

--------------------

Over the past several weeks, you probably experienced difficulties or issues with your VIPRE or CounterSpy updates. These problems included false positives, delayed or mis-timed updates, or high resource usage.

These issues were inexcusable.

To provide a bit of context as to why these problems occurred, a bit of background is necessary.

In the many years our team has been involved in security, nothing comes close to the extraordinary amount of malware we now see released daily by malware authors – up to 50,000 individual samples get submitted to our virus labs every single day. Our own malware repository is over 19 million threats and growing rapidly. Our staff has grown considerably as well, with multiple teams running virtually 24 hours a day on a global basis.

The challenges for all antivirus companies in keeping up with this deluge are extreme. The sheer quantity completely changes the normal processes and procedures of a typical security company. Methods of detection, processing strategies, testing methodologies all have to be re-thought in light of the volume. Additionally, antivirus vendors are increasingly leaning on heuristics and behavior detection, as opposed to classic signature detection, in order to protect their customers from emerging threats.

With an eye to dealing with today's threat landscape, we released the 3.2 core engine update on February 20th. This was a major update, which added significant heuristic and behavior detections. It also added a large number of additional signatures (about 5.4 million).

3.2 was in beta testing for weeks. We finally prepared it for release on the 18th of February, but met significant challenges during our testing due to the size of the update. As a result, we decided to split-up 3.2 into more manageable pieces over a week-long period, starting with the initial release on the 20th. Subsequent updates were released which completed the 3.2 update.

Then, on Monday March 2nd, we released a final update which was designed to “clean-up” the pattern database. However, the update itself took a large amount of CPU and RAM to apply, and resulted in systems that had the apparency of being "hung".

We have conducted detailed internal reviews of our processes. It would be a vast understatement to say that we don't want to have these events happen again.

As a result our review, there are a number of changes being made internally in our organization:

1. We have restructured our management layer, so that software development and threat research are now all under one vice president of research and development. This greatly improves inter-departmental communication and processes.

2. Our research services department is now responsible for all customer communication regarding definitions and threat issues; and our technical support department is responsible for technical bulletins. This moves us away from the past practice of having scattered communications coming from product managers, technical support people, and so on. This does not mean that the latter will not be active on our various discussion lists, but it does mean that we will be more consistent.

3. We are no longer going to do "monolithic" updates – large packages which roll up an array of different detection types into one package. These are difficult for our customers, as well for our own testing staff. This is not to say that there won’t be large updates in the future. But the 3.2 update was unique in that it had a lot of moving parts – too many. We also will provide correct advance notice for these updates.

4. We have restructured our internal processes so that we can deliver "rapid-response" updates for enterprise customers, to deal with late-breaking issues and threats.

5. We have instituted firm policy internally in terms of standard testing procedures. It was a break from our standard testing procedure that resulted, for example, in the 5019 definition update that was the cause of so many issues. This will not happen again.

6. We are greatly expanding our false positive test repository. We do test every single detection that goes out to you, but we clearly need to expand our universe of “good” files to test against.

7. We are aggregating our various disparate tools into our new research center and restructuring our technical support portal to provide a richer customer experience, and staffing the area to improve content.

8. Our internal processes are being examined with a fine-toothed comb, to find any further inefficiencies or possibilities of mis-communication.

In addition, we have greatly improved our internal processes to deal with the speed of getting detections out to you. I expect a number of significant improvements over the coming weeks which will continue to evolve VIPRE’s detection capabilities.

I want to assure you that the past 10 days is not in keeping the 14-year tradition of excellence and customer satisfaction that we are proud of as a company. We are committed to your satisfaction and will continue to work to earn it.

You can also reach me personally if you are not ever satisfied with the product, or anything from our company.

Sincerely,

Alex Eckelberry

Thanks Nick and Alex.
Things may happen, just keep the communication up so people out there know - in brief - what happened and what to do.

Still, a guide how to quickly overcome the 5019 "applying updates" for the SOHO version is missing. You may let the machine run for a night to finnish the update, but at many clients this is not doable. Vipre is currently disabled at those machines.