I'm currently running SEP on 150+ nodes. It looks pretty, and sounds great in theory but in the end, I wind up manually cleaning the more persistent malware.

Specifically sited was Antivirus 2009. SEP found it, I cleaned it. I've just come to accept that SEP is mostly a tripwire for the more serious malware. Something that alerts me so I know what machine to go fix.

However, I have found myself wondering why I'm stuck cleaning systems when we're spending major cash on bloated products.