Best Corporate Anti Virus

[3aFaReeT]

Dear Friends,

We are in our way to implement an anti virus for our green field environment

we have the below technologies in summery:

Microsoft platform OS & Applications (Exchange, SharePoint, SCCM, Lync, Active Directory)

Red Hat Linux

Oracle Solaris

SQL DBs

Oracle DBs

Windows 7 Clients

Windows 8 Clients

VMWare vSphere 5.1

VMware view 5.2

The current proposal is on Symantec End point Protection

after reading the reviews at AV-Comparatives & Virus-Bulletin; I'm confused now.

I need practical experiences and pros & cons of the product you recommend

we are also looking for a product which should Isolate the Computer when a High Risk Virus is found (this action to be taken manually)

please provide me with your views ASAP

thanks a lot for sharing your experiences

[cluberti]

If you're already using SCCM 2007 or 2012, using FEP or SCEP along with SCCM's NAP/NAC options might be your best, and cheapest, bet. If you're using SCCM 2012, you can even add DCM into the mix to have even more control over NAP/NAC when a threat is found - if you're on SC 2012, you can even add in SCOM and/or Service Center to provide automation and visibility (automatically) into boxes that need remediation once found, too.

Note that the very latest release of SEP isn't a bad product, but you've already got the entire infrastructure to support antivirus installation, configuration, and reporting already if you're using SCCM and AD. I'm not necessarily pushing one over the other, but within reason they're all quite similar in the A/V department - it's the additional features that A/V products bring to the table nowadays that help make (or break) determination on which to use. McAfee is fine, but HIPS is awful with regards to performance. SEP is fine, but their firewall and intrusion protection components perform poorly. When you're protecting clients and servers, you want a good mix of security and performance, and you get that with some products and not with others (or with *portions* of some products.... be forewarned).

Also note that VirusBulletin and AV-Comparatives test MSE, not the corporate (controllable, configurable) versions of Microsoft's engine, which isn't quite the valid test you might think it is. I'm biased as I use SCEP in my environments, but we have no performance complaints, users aren't running as admins on clients (which goes a *long* way towards keeping things at bay), and servers aren't logged onto unless they need to be updated or modified - and ALL systems are managed remotely with tools on an admin's workstation if at all possible versus having local logons to domain machines, client OR server, to mitigate other issues like pass the hash attacks on admin accounts. We've not had a virus outbreak in close to 6 years in any environment I manage (and there are many, from small to very very large), and that coincides with all environments being finished migrating to Vista by the end of 2007, getting users to no longer need to run as admin (and that did take some appcompat work in some environments, I will not lie), and running Windows Servers (2008 and higher) wherever possible in Server Core mode, and only running 2003 servers or XP desktops as exceptions rather than the rule.

Once you remember and remind yourself that antivirus products are NOT security, they are PIECES of a security model, you will find most major products will work fine in your environment. Configure the environment to be more secure, and it's even less of an issue :).

[TPreston]

Once you remember and remind yourself that antivirus products are NOT security, they are PIECES of a security model, you will find most major products will work fine in your environment. Configure the environment to be more secure, and it's even less of an issue :).

Like, For home and business Risk Mitigation is where most of the effort should go.

ESET secure enterprise is worth a look as they have editions for pretty much any os all managed through the same console.

[fusi0n]

The last job I had, they used ESET.. It was pretty good.. I think the server interface could have been a bit better.. but I think it is one of the best..

Symantec End point Protection.. Stay far..far.. away.. End-Point was horrible for the five plus years we used it.. It was great at telling you had a virus.. but never cleaned or prevented..

With that said, the company got hit with a virus that had not been discovered and Symantec was able to VPN in and figure out what was going on and made us a special update database.. That was a fun 72+ hour work day :D We also had their high level of support though.. A year later I migrated everyone to forefront and never looked back.

[3aFaReeT]

If you're already using SCCM 2007 or 2012, using FEP or SCEP along with SCCM's NAP/NAC options might be your best, and cheapest, bet. If you're using SCCM 2012, you can even add DCM into the mix to have even more control over NAP/NAC when a threat is found - if you're on SC 2012, you can even add in SCOM and/or Service Center to provide automation and visibility (automatically) into boxes that need remediation once found, too.

Note that the very latest release of SEP isn't a bad product, but you've already got the entire infrastructure to support antivirus installation, configuration, and reporting already if you're using SCCM and AD. I'm not necessarily pushing one over the other, but within reason they're all quite similar in the A/V department - it's the additional features that A/V products bring to the table nowadays that help make (or break) determination on which to use. McAfee is fine, but HIPS is awful with regards to performance. SEP is fine, but their firewall and intrusion protection components perform poorly. When you're protecting clients and servers, you want a good mix of security and performance, and you get that with some products and not with others (or with *portions* of some products.... be forewarned).

Also note that VirusBulletin and AV-Comparatives test MSE, not the corporate (controllable, configurable) versions of Microsoft's engine, which isn't quite the valid test you might think it is. I'm biased as I use SCEP in my environments, but we have no performance complaints, users aren't running as admins on clients (which goes a *long* way towards keeping things at bay), and servers aren't logged onto unless they need to be updated or modified - and ALL systems are managed remotely with tools on an admin's workstation if at all possible versus having local logons to domain machines, client OR server, to mitigate other issues like pass the hash attacks on admin accounts. We've not had a virus outbreak in close to 6 years in any environment I manage (and there are many, from small to very very large), and that coincides with all environments being finished migrating to Vista by the end of 2007, getting users to no longer need to run as admin (and that did take some appcompat work in some environments, I will not lie), and running Windows Servers (2008 and higher) wherever possible in Server Core mode, and only running 2003 servers or XP desktops as exceptions rather than the rule.

Once you remember and remind yourself that antivirus products are NOT security, they are PIECES of a security model, you will find most major products will work fine in your environment. Configure the environment to be more secure, and it's even less of an issue :).

Thanks a lot; This is really great to hear... we will be having SCCM 2012 in place; I'm just wondering weather it will also protect non Microsoft products.like

Oracle Solaris x86 & x64

Red Hat Linux

Susi Linux

As well as, Can it be integrated with VMware vShield? since out environment will be running VDI?

[3aFaReeT]

Like, For home and business Risk Mitigation is where most of the effort should go.

ESET secure enterprise is worth a look as they have editions for pretty much any os all managed through the same console.

I remember doing a POC for ESET before 3 years... I know it's very light and effective product. this only this which i saw that it was having a poor management console and I couldn't really do a lot with it.

I'm not sure how it looks at this time, but as a product it was very strong in catching viruses and very light on PC as well.

Does it integrate with VMware vShield?

[goretsky Supervisor]

Hello,

I think ESET has gone through at two versions of their management console in the past couple of years; that does not necessarily mean that it would be easier for you to use, or do the things you want it to do, though. Given your mixed environment, I would strongly suggest looking at the various vendors, though, obtaining some trial licenses and then performing some pilot roll-outs to see what works best in your environment. That way, you actually have a chance to do some testing and make sure none of your line of business apps or workflow have any problems with the product you end up with. Also, if will give you a chance to test tech support, which, after all, is a large part of what you're really paying for when you purchase anti-malware software.

Regards,

Aryeh Goretsky

I remember doing a POC for ESET before 3 years... I know it's very light and effective product. this only this which i saw that it was having a poor management console and I couldn't really do a lot with it.

I'm not sure how it looks at this time, but as a product it was very strong in catching viruses and very light on PC as well.

Does it integrate with VMware vShield?

[syobon999]

I can't think of other beside MSE of ESET Endpoint.

[bguy_1986]

Anybody find any good cloud based anti-virus management?

We're in the process of looking at new program. Not a huge fan of Symantec, and have had nothing but problems with Kaspersky (been a nightmare..). Just want something that we can set up, it will send us logs and we don't really have to deal with everyday.

I've gotta deal with Lotus Notes/Domino, SQL, VMware. I'm considering buying something specifically for the servers and then something cloud based for clients possibly. Would that make sense at all?

[goretsky Supervisor]

Hello,

 

For the most part, cloud-based detection is used to supplement and not replace traditional anti-malware technologies in a corporate environment because of the higher false positive rate.  For example, internally-developed (or even heavily customized OTS) software could be flagged as unsafe since it does not show up anywhere else in the vendor's cloud-based reputation system.  Cloud-based detection has its uses for helping to detect outbreaks early and allow the vendor to better fine-tune things like their cleansets, but it's not a panacea for threat detection.  Cloud technology has more utility In the home-use space because over there the higher false-positive rate won't trigger the same kind of problem as if you were to shut down a large business for a day because their line-of-business app got quarantined. 

 

As far as cloud-based management goes, you can probably stick your management servers somewhere on the public Internet, but I'm not sure why you would want to do this, since it increases the risks of your users systems' not getting managed when they cannot reach the management servers, plus opens the servers up to exploitation (i.e., bad guy gets it, disables protection for the entire company).

 

Hope that explains things adequately.  If not, let me know.

 

Regards,

 

Aryeh Goretsky

[MidnightDevil]

I'm a McAfee ePO Orchestrator Administrator and I can't complain! It has everything an admin needs to manage his network security! Those products included. You will need to manage it constantly as you add systems and manage exceptions (specially for database, backup servers, and so on), but everything is there. With know-how and patience you'll enjoy the experience, and learn a lot too.

[Daedroth]

I've worked in three schools now, and all three use Sophos Endpoint as the corporate anti-virus solution. It isn't cheap, but it sure does the job.

[bguy_1986]

Hello,

 

For the most part, cloud-based detection is used to supplement and not replace traditional anti-malware technologies in a corporate environment because of the higher false positive rate.  For example, internally-developed (or even heavily customized OTS) software could be flagged as unsafe since it does not show up anywhere else in the vendor's cloud-based reputation system.  Cloud-based detection has its uses for helping to detect outbreaks early and allow the vendor to better fine-tune things like their cleansets, but it's not a panacea for threat detection.  Cloud technology has more utility In the home-use space because over there the higher false-positive rate won't trigger the same kind of problem as if you were to shut down a large business for a day because their line-of-business app got quarantined. 

 

As far as cloud-based management goes, you can probably stick your management servers somewhere on the public Internet, but I'm not sure why you would want to do this, since it increases the risks of your users systems' not getting managed when they cannot reach the management servers, plus opens the servers up to exploitation (i.e., bad guy gets it, disables protection for the entire company).

 

Hope that explains things adequately.  If not, let me know.

 

Regards,

 

Aryeh Goretsky

I've never heard that before but it makes sense. Thanks!

[MagicMan]

I've worked in three schools now, and all three use Sophos Endpoint as the corporate anti-virus solution. It isn't cheap, but it sure does the job.

+1 but in 4 separate businesses. The added Encryption options and MDM make it worth it for me :)

[bguy_1986]

+1 but in 4 separate businesses. The added Encryption options and MDM make it worth it for me :)

I used it at my last Job (Bank).  Encryption was great and didn't have to many problems with it.  My Boss isn't a big fan of it... and it is expensive.