• 0

Running a central antivirus on WS2012R2 for domain clients


Question

19 answers to this question

Recommended Posts

  • 0

I've worked in several schools and all of them have used Sophos Endpoint to centrally manage the anti-virus needs. It isn't cheap, but it must be good, at least in the education sector as it is very popular.

Link to comment
Share on other sites

  • 0

Domain clients there are quote a few.

 

http://www.av-test.org/en/antivirus/business-windows-client/

 

Trend Micro Worry Free Business Security (can be bought 1 by 1)

Symantec Endpoint Security (Minimum is 5)

Kaspersky Endpoint Security

BitDefender Endpoint Security

Sophos Endpoint Security

 

Benefits are a centrally located administrative interface for an administrator to pin point exactly what has an issue vs going to every machine or having emails sent from every machine.  Cons really are really none provided you have something that can host it.  I would have a dedicated server or put it on with a file server, leaving your AD server alone.

Link to comment
Share on other sites

  • 0

I must say it is difficult to get pricing on these

1: You call them and leave a message

2: They ask you to call one of their local partners in the area (Symantec's partner was about 50km away)

Why make it so difficult for a small business to buy your product?

Link to comment
Share on other sites

  • 0

Call cdw for pricing. Symantec sells through warehousing partners not direct. Shi and insight are also partners. These partners should be able to get you pricing on all of these.

Us sites:

http://www.cdw.com

http://www.shi.com

http://www.insight.com

They are all global so they do have other country sites. Also establishing an account usually gets better pricing.

Link to comment
Share on other sites

  • 0

I have ESET Remote Administration running. :)

Good so ypu can see status of all machines and push out updates if an; infection breaks out.

I second ESET. Have used it for mutiple businesses I have managed. Central management works great for monitoring clients, built in update repo for reduced internet bandwidth consumption, can also use it to push out installs of other programs as well but never used it for that. ESET also has a long track record of being one of the top tier vendors in detection/removal from multiple independent test labs.

  • Like 2
Link to comment
Share on other sites

  • 0

I third ESET, im not a huge fan of their latest ESET Remote Administration (ERA) software but it works well still and the detection rate is one of the best I tested.  We switched from Kaspersky last year and I tested Sophos, ESET, and BitDefender's options.  ESET was the only one to actively block virus's being placed on the drive remotely via a second computer and a copy and paste and cut and paste to the disk. I downloaded a few thousand viruses from some different websites and ESET was the only one to catch 99% of them during remote and local extraction of the files in to a folder tree and remove them after only navigating to the folder where they existed.

Sophos did not find or block anything until I attempted execution of the different virus's or manually scan the folder.  Their response to my question on why their product is acting this way was "It is not a valid test and not a real world scenario."  After that I stopped all testing with them due to that because it is a real world test, and a valid scenario since anyone could attempt to do this with a USB drive or even accessing a personal storage option.  I would rather problems get caught before execution rather than during. 

BitDefender did ok but not as well as expected and it was causing a lot of slow down on older computers where ESET was not, Sophos did ok on speed as well but ESET felt faster to our test user base. 

 

Anyways that's just my 2c.

Link to comment
Share on other sites

  • 0

Technically a copy/paste isn't a real world test. Real world is stop at execution.

That is what a scan is for, which can usually be optioned in (scan new files, scan attached drives). Smart scans or active scans would cover anything attempting to run in the background without you noticing or by you inadvertently running a app.

Link to comment
Share on other sites

  • 0

I like Sophos Endpoint Security. I've always found Sophos to be light on resources and essentially just do what its supposed to without any bother. To setup you install the enterprise console on a server, this is where you will manage all your client computers from. Once configured you can simply deploy Sophos to any computer on your domain from the console, without physically going to that machine and installing / configuring.

After you have deployed those computers will update their definitions and security policy from your server, which in turn updates from Sophos. All you really need to do after that is keep an eye on the enterprise console and see if any machines have had any problems. Everything is nice and easy to manage from one central location.

 

Sophos support is really good and goes above and beyond if you need any help. I've only ever had to contact them once and was really impressed with the quality of service i received.

 

The only down side is like someone else mentioned is you have to purchase licences though a local partner, i would personally much prefer to go directly to Sophos. Maybe it's just me but it annoys me when I get random calls / email's trying to sell me things. I guess that's good customer service in a way, i'd sooner just go to them if I want something, not randomly be contacted.

Link to comment
Share on other sites

  • 0

The only down side is like someone else mentioned is you have to purchase licences though a local partner, i would personally much prefer to go directly to Sophos. Maybe it's just me but it annoys me when I get random calls / email's trying to sell me things. I guess that's good customer service in a way, i'd sooner just go to them if I want something, not randomly be contacted.

Yeah, thats something Im really starting to dislike. I understand with thousands of clients worldwide, it is easier to distribute your product thru authorized partners, but I just want to buy the software and be done with it.

Another thing, it takes weeks (sometimes months) to get a reply.

For example, I needed to buy a few licenses for MySQL Enterprise Edition server and I contacted a few partners here and there and I got them in about 2 weeks or so. A month after that, someone calls me and tells me "Hello. I heard that you left a voice message intrested in our products" and I honestly did not even remember WHY I called them or why I needed the licenses...

Link to comment
Share on other sites

  • 0

Technically a copy/paste isn't a real world test. Real world is stop at execution.

That is what a scan is for, which can usually be optioned in (scan new files, scan attached drives). Smart scans or active scans would cover anything attempting to run in the background without you noticing or by you inadvertently running a app.

I hate to burst your bubble but an On-Access scanning engine should check under any type of access, file writes, copies, reads, and executions. Eset's behavior in this area is likely why it is so effective where other big names often fail. If you wait until file execution you run the risk of missing malware durring your one and only shot to catch it.

Link to comment
Share on other sites

  • 0

On-Access scanning should be done when the system accesses a file.  This should be done on usb insertion.  "smart scan" as trend puts it (every vendor has their own marketing term for it), does not necessarily mean that when a file is copied, it means when a file is opened.  Open/run does not = copy/paste or = usb insertion.  Symantec also scans when a file is copy/pasted or a usb is inserted.

 

How you feel something should or should not be is irrelevant to what I wrote.  It is how it is designed by the manufacturer and how it should work is what should be the case.  Don't attack me for your inability to comprehend when a companies legal department wordsmiths the capabilities of a product. They make it seem like it is the same as every other product on the market. It may not do it in the same fashion as another product, or to your liking, but still accomplishes the same or similar goal.

Link to comment
Share on other sites

  • 0

On-Access scanning should be done when the system accesses a file.  This should be done on usb insertion.  "smart scan" as trend puts it (every vendor has their own marketing term for it), does not necessarily mean that when a file is copied, it means when a file is opened.  Open/run does not = copy/paste or = usb insertion.  Symantec also scans when a file is copy/pasted or a usb is inserted.

 

How you feel something should or should not be is irrelevant to what I wrote.  It is how it is designed by the manufacturer and how it should work is what should be the case.  Don't attack me for your inability to comprehend when a companies legal department wordsmiths the capabilities of a product. They make it seem like it is the same as every other product on the market. It may not do it in the same fashion as another product, or to your liking, but still accomplishes the same or similar goal.

 

I wasn't attacking you and I'm sorry if my post made you feel that way. Was just stating what I have found, not only in my 15+ years experience in various IT capacities, but also substantiated in multiple independent tests. Eset has a solid track record with AV-Comparatives, ICSA Labs, Virus Bulletin, and West Coast Labs to name a few. They have gotten certification more often than just about any other product on the market. Not saying they are perfect or that there aren't other good products out there but I based my decision on what the records say.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.