proit Posted February 23, 2015 Share Posted February 23, 2015 Im wondering the best way to run a central antivirus on WS2012R2 for domain clients. How exactly does it work? What pros and cons are there? Its for more or less 25-30 clients. Link to comment Share on other sites More sharing options...
0 xendrome Posted February 23, 2015 Share Posted February 23, 2015 TrendMicro OfficeScan works great and can be deployed/managed centrally from WS2012R2 Link to comment Share on other sites More sharing options...
0 Roger H. Veteran Posted February 23, 2015 Veteran Share Posted February 23, 2015 I have ESET Remote Administration running. Good so ypu can see status of all machines and push out updates if an; infection breaks out. goretsky 1 Share Link to comment Share on other sites More sharing options...
0 Daedroth Posted February 23, 2015 Share Posted February 23, 2015 I've worked in several schools and all of them have used Sophos Endpoint to centrally manage the anti-virus needs. It isn't cheap, but it must be good, at least in the education sector as it is very popular. Link to comment Share on other sites More sharing options...
0 sc302 Veteran Posted February 23, 2015 Veteran Share Posted February 23, 2015 Domain clients there are quote a few. http://www.av-test.org/en/antivirus/business-windows-client/ Trend Micro Worry Free Business Security (can be bought 1 by 1) Symantec Endpoint Security (Minimum is 5) Kaspersky Endpoint Security BitDefender Endpoint Security Sophos Endpoint Security Benefits are a centrally located administrative interface for an administrator to pin point exactly what has an issue vs going to every machine or having emails sent from every machine. Cons really are really none provided you have something that can host it. I would have a dedicated server or put it on with a file server, leaving your AD server alone. Link to comment Share on other sites More sharing options...
0 proit Posted February 24, 2015 Author Share Posted February 24, 2015 I must say it is difficult to get pricing on these 1: You call them and leave a message 2: They ask you to call one of their local partners in the area (Symantec's partner was about 50km away) Why make it so difficult for a small business to buy your product? Link to comment Share on other sites More sharing options...
0 sc302 Veteran Posted February 24, 2015 Veteran Share Posted February 24, 2015 Call cdw for pricing. Symantec sells through warehousing partners not direct. Shi and insight are also partners. These partners should be able to get you pricing on all of these. Us sites: http://www.cdw.com http://www.shi.com http://www.insight.com They are all global so they do have other country sites. Also establishing an account usually gets better pricing. Link to comment Share on other sites More sharing options...
0 rafter109 Posted February 24, 2015 Share Posted February 24, 2015 I have ESET Remote Administration running. Good so ypu can see status of all machines and push out updates if an; infection breaks out. I second ESET. Have used it for mutiple businesses I have managed. Central management works great for monitoring clients, built in update repo for reduced internet bandwidth consumption, can also use it to push out installs of other programs as well but never used it for that. ESET also has a long track record of being one of the top tier vendors in detection/removal from multiple independent test labs. TPreston and goretsky 2 Share Link to comment Share on other sites More sharing options...
0 NiteJammin Posted February 25, 2015 Share Posted February 25, 2015 I third ESET, im not a huge fan of their latest ESET Remote Administration (ERA) software but it works well still and the detection rate is one of the best I tested. We switched from Kaspersky last year and I tested Sophos, ESET, and BitDefender's options. ESET was the only one to actively block virus's being placed on the drive remotely via a second computer and a copy and paste and cut and paste to the disk. I downloaded a few thousand viruses from some different websites and ESET was the only one to catch 99% of them during remote and local extraction of the files in to a folder tree and remove them after only navigating to the folder where they existed. Sophos did not find or block anything until I attempted execution of the different virus's or manually scan the folder. Their response to my question on why their product is acting this way was "It is not a valid test and not a real world scenario." After that I stopped all testing with them due to that because it is a real world test, and a valid scenario since anyone could attempt to do this with a USB drive or even accessing a personal storage option. I would rather problems get caught before execution rather than during. BitDefender did ok but not as well as expected and it was causing a lot of slow down on older computers where ESET was not, Sophos did ok on speed as well but ESET felt faster to our test user base. Anyways that's just my 2c. goretsky 1 Share Link to comment Share on other sites More sharing options...
0 sc302 Veteran Posted February 25, 2015 Veteran Share Posted February 25, 2015 Technically a copy/paste isn't a real world test. Real world is stop at execution. That is what a scan is for, which can usually be optioned in (scan new files, scan attached drives). Smart scans or active scans would cover anything attempting to run in the background without you noticing or by you inadvertently running a app. Link to comment Share on other sites More sharing options...
0 proit Posted February 25, 2015 Author Share Posted February 25, 2015 I like ESET because they make it simple to buy. Everyone I have to look up their local partner to get their software and its kind of annoying(and wasteful) goretsky 1 Share Link to comment Share on other sites More sharing options...
0 +InsaneNutter MVC Posted February 25, 2015 MVC Share Posted February 25, 2015 I like Sophos Endpoint Security. I've always found Sophos to be light on resources and essentially just do what its supposed to without any bother. To setup you install the enterprise console on a server, this is where you will manage all your client computers from. Once configured you can simply deploy Sophos to any computer on your domain from the console, without physically going to that machine and installing / configuring. After you have deployed those computers will update their definitions and security policy from your server, which in turn updates from Sophos. All you really need to do after that is keep an eye on the enterprise console and see if any machines have had any problems. Everything is nice and easy to manage from one central location. Sophos support is really good and goes above and beyond if you need any help. I've only ever had to contact them once and was really impressed with the quality of service i received. The only down side is like someone else mentioned is you have to purchase licences though a local partner, i would personally much prefer to go directly to Sophos. Maybe it's just me but it annoys me when I get random calls / email's trying to sell me things. I guess that's good customer service in a way, i'd sooner just go to them if I want something, not randomly be contacted. Link to comment Share on other sites More sharing options...
0 proit Posted February 26, 2015 Author Share Posted February 26, 2015 The only down side is like someone else mentioned is you have to purchase licences though a local partner, i would personally much prefer to go directly to Sophos. Maybe it's just me but it annoys me when I get random calls / email's trying to sell me things. I guess that's good customer service in a way, i'd sooner just go to them if I want something, not randomly be contacted.Yeah, thats something Im really starting to dislike. I understand with thousands of clients worldwide, it is easier to distribute your product thru authorized partners, but I just want to buy the software and be done with it. Another thing, it takes weeks (sometimes months) to get a reply. For example, I needed to buy a few licenses for MySQL Enterprise Edition server and I contacted a few partners here and there and I got them in about 2 weeks or so. A month after that, someone calls me and tells me "Hello. I heard that you left a voice message intrested in our products" and I honestly did not even remember WHY I called them or why I needed the licenses... Link to comment Share on other sites More sharing options...
0 grunger106 Posted February 26, 2015 Share Posted February 26, 2015 Sophos / SEP if you want on-premises console Symantec.Cloud if you want cloud-based deployment rather than server based. (You can still deploy via GroupPolicy) Link to comment Share on other sites More sharing options...
0 binaryzero Posted February 26, 2015 Share Posted February 26, 2015 ^ What he said. I've been using SEPM for years - but I look forward to the day I get the chance to use Sophos, looks cool. Link to comment Share on other sites More sharing options...
0 rafter109 Posted February 26, 2015 Share Posted February 26, 2015 Technically a copy/paste isn't a real world test. Real world is stop at execution. That is what a scan is for, which can usually be optioned in (scan new files, scan attached drives). Smart scans or active scans would cover anything attempting to run in the background without you noticing or by you inadvertently running a app. I hate to burst your bubble but an On-Access scanning engine should check under any type of access, file writes, copies, reads, and executions. Eset's behavior in this area is likely why it is so effective where other big names often fail. If you wait until file execution you run the risk of missing malware durring your one and only shot to catch it. goretsky 1 Share Link to comment Share on other sites More sharing options...
0 sc302 Veteran Posted February 26, 2015 Veteran Share Posted February 26, 2015 On-Access scanning should be done when the system accesses a file. This should be done on usb insertion. "smart scan" as trend puts it (every vendor has their own marketing term for it), does not necessarily mean that when a file is copied, it means when a file is opened. Open/run does not = copy/paste or = usb insertion. Symantec also scans when a file is copy/pasted or a usb is inserted. How you feel something should or should not be is irrelevant to what I wrote. It is how it is designed by the manufacturer and how it should work is what should be the case. Don't attack me for your inability to comprehend when a companies legal department wordsmiths the capabilities of a product. They make it seem like it is the same as every other product on the market. It may not do it in the same fashion as another product, or to your liking, but still accomplishes the same or similar goal. Link to comment Share on other sites More sharing options...
0 proit Posted February 27, 2015 Author Share Posted February 27, 2015 Symantec gives me a solution for about 900 euros ESET gives me a solution for about 530 euros Obvious choice is obvious. goretsky 1 Share Link to comment Share on other sites More sharing options...
0 rafter109 Posted March 4, 2015 Share Posted March 4, 2015 On-Access scanning should be done when the system accesses a file. This should be done on usb insertion. "smart scan" as trend puts it (every vendor has their own marketing term for it), does not necessarily mean that when a file is copied, it means when a file is opened. Open/run does not = copy/paste or = usb insertion. Symantec also scans when a file is copy/pasted or a usb is inserted. How you feel something should or should not be is irrelevant to what I wrote. It is how it is designed by the manufacturer and how it should work is what should be the case. Don't attack me for your inability to comprehend when a companies legal department wordsmiths the capabilities of a product. They make it seem like it is the same as every other product on the market. It may not do it in the same fashion as another product, or to your liking, but still accomplishes the same or similar goal. I wasn't attacking you and I'm sorry if my post made you feel that way. Was just stating what I have found, not only in my 15+ years experience in various IT capacities, but also substantiated in multiple independent tests. Eset has a solid track record with AV-Comparatives, ICSA Labs, Virus Bulletin, and West Coast Labs to name a few. They have gotten certification more often than just about any other product on the market. Not saying they are perfect or that there aren't other good products out there but I based my decision on what the records say. Link to comment Share on other sites More sharing options...
0 binaryzero Posted March 4, 2015 Share Posted March 4, 2015 Calm down precious egos. Link to comment Share on other sites More sharing options...
Question
proit
Im wondering the best way to run a central antivirus on WS2012R2 for domain clients.
How exactly does it work? What pros and cons are there?
Its for more or less 25-30 clients.
Link to comment
Share on other sites
19 answers to this question
Recommended Posts