I've long been of the opinion that AV software was overpriced and mostly useless and I've seen plenty of infection careen through at least three layers of different AV software completely undetected. I've seen a cryptowall infection come in through our mail servers AV (which are in turn protected by a cloud-based AV and anti-spam), through into a users mailbox and straight past the client-side AV.
Was an embedded office file disguised as a court summons or jury service of some sort IIRC (we only allow attachments from whitelisted domains but of course that's assuming you're not getting the mail from a contact in a company that just got pwned - and we were), exploiting a zero-day that was due to be patched that weekend. The AV on the client didn't spot it encrypting all files the user had access to, the AV on the file servers didn't spot the files being changed but DID spot a bunch of files being replaced with $filename.encrypted (which modern cryptoware doesn't do IIRC). But the security team who got all the alerts didn't think anything peculiar about this until hours later when everyone had gone home and some teleworkers phoned up and said they couldn't open up any files. Cue frantic shutting down/suspending machines, network traces, restoring and diffing multiple sets of backups, forensic analysis to see what else this user touched to see what else might have been infected, etc etc.
Sure the security team got well and truly carpeted for that but AV software just doesn't work reliably enough IMHO. Attack surfaces on most clients are just fecking huuuuuge without really onerous security measures which some business can't afford or won't put up with.
AC for obvious reasons but I know for a fact it's far from a rare occurrence.
Biting the hand that feeds IT
