Centralized AV for Server 2012

[BeerFan]

Hello folks,

I'm just wondering if there is a AV product out yet that is designed for Server 2012 environments. I'd like to be able to deploy AV clients to Windows 7, Vista, and XP machines on my LAN via my Server 2012 box. Based on the small amount of reading I've done, FEP doesn't yet support Server 2012. Are there other alternatives?

[farmeunit]

FEP is now System Center 2012 Endpoint Protection and does have support in System Center 2012 SP1 for both Win8 and Server 2012.

I haven't installed System Center yet, so I can't say how well it works or licensing for System Center itself. We have an EES Agreement for MS, so it's not bad for us.

I can't speak for alternatives. We just got Server 2012 installed around the first of the year and haven't got too in-depth yet.

[goretsky Supervisor]

Hello,

I would think that just about any anti-malware vendor that has a Microsoft Windows 8 compatible product out has a Windows Server 2012 compatible product out, or at least one that is going through the certification process right now.

Regards,

Aryeh Goretsky

[Japlabot]

Kaspersky Endpoint Security 10 for Windows (for file servers) supports Server 2012

http://support.kaspersky.com/kes10fs#requirements

Just go with Kaspersky.

Symantec Endpoint Protection 12.1.2 is also compatible (also a lot cheaper than Kaspersky)

http://www.symantec.com/business/support/index?page=content&id=TECH195325

http://www.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-symantec-endpoint-protection-121-ru2

[remixedcat]

I do think Sophos has a great interface for managing it was very easy to deploy it.

[TPreston]

ESET has solutions for server core, server, client, gateway etc supports the latest windows editions with remote administration and update mirroring.

[BeerFan]

Thanks to all for the info. (Y) I'm going to take a closer look at System Center 2012 EP. Busy installing & configuring WSUS (required) at the moment.

[Japlabot]

Honestly, System Centre is okay, it is the same as Microsoft Security Essentials, but if you are going to pay for an AV, you might as well buy a higher rated protection than that

[sc302 Veteran]

please go with a better program than system center. I am testing out system center and I see it as a very unintuitive pain in the rear package. ease of use as well as ability to protect your systems should be your goal, and from what I am reading it can't protect your systems and it isn't very easy to use (initially).

[BeerFan]

It's just a test environment. Not production. So I'll dig in and learn it, then make an informed decision later on. Thanks for the input, all.

[ITFiend]

please go with a better program than system center. I am testing out system center and I see it as a very unintuitive pain in the rear package. ease of use as well as ability to protect your systems should be your goal, and from what I am reading it can't protect your systems and it isn't very easy to use (initially).

Huh? How exactly is SCEP or FEP more complicated than any other antimalware package that has centralized control and reporting over multiple platforms? I've been using it since before it was integrated with SCCM 2007 R3, and SCEP/FEP itself is pretty damn easy to manage. You don't even require SCCM if you don't want centralized reporting, you can use a GPO instead (mind, I haven't bothered doing a GPO for it since SCCM 2012 was released).

I currently have SCEP deployed to over 500 systems running Mac OS 10.8, Mac OS 10.7, Windows 8 & 2012, Windows 7 & 2008 R2, and Red Hat Enterprise Linux. I'm extremely happy with it now that it supports every platform I also support. Any entity supports many platforms should definitely give SCEP consideration.

I won't deny that Configuration Manager as an entire entity is a beast, but I'd say the Antimalware components of it are pretty damn easy, and very powerful from an Administrative viewpoint.

[ITFiend]

FEP is now System Center 2012 Endpoint Protection and does have support in System Center 2012 SP1 for both Win8 and Server 2012.

I haven't installed System Center yet, so I can't say how well it works or licensing for System Center itself. We have an EES Agreement for MS, so it's not bad for us.

I have the EES Enterprise Agreement. If you are on this tier of the EES already, SCEP is extremely cheap to implement for desktops. You?ll probably just need one System Center Suite Standard or Datacenter license, and you can then use all aspects of System Center against your desktops. Costs may go up a fair bit however if you plan to support servers with it, as it?s highly unlikely your existing agreement covers server management CAL's unless some aspect of your infrastructure is already supported by System Center.

It?s been a very long time since I was on the EES Standard Agreement, but if you are on that agreement, you may find you only have partial desktop management coverage. It may cover part of System Center, but is unlikely to cover all of it. Either way, talk to your vendor to discover the limits of your existing agreement.

[sc302 Veteran]

it is the sccm as a whole. it really is a pain...

Lets go into deploying a client...where is the verification in the admin console that it has been pushed successfully, it has been installed successfully, or if it failed for that matter. Lets go into managing a client that may or may not have the client pushed, how do you tell it was pushed, how do you tell it wasn't, how do you tell if it is in the process of. Lets go into attempting to view anything...connection fails because of a firewall issue..all the ports are open, hell the firewall is disabled...how can it be a firewall issue???

Just about every other management console based software has a way to monitor deployments from start to finish and have a way to be able to tell exactly what is stopping them for the admin to fix the issue. I have used many, kaseya, altiris, level platforms, and labtech and all of them you can tell what is going on at any given point during just about whatever you are doing and you get things like logs and error codes. If ms would just steal one of these management suites it would be beneficial to the rest of us.

If you care to prove differently I have a nice test environment that shows otherwise and would be more than happy to give you a brief tour of what I am complaining about.

[BeerFan]

Brief tour? I'm all ears! (And eyes)

So there really is no confirmation in a console once you've pushed the EP client to a device? That does seem like a huge omission of data / features.

[sc302 Veteran]

let me know when available. I can do a join.me session.

[Dan~]

McAfee + EPO

[cluberti]

it is the sccm as a whole. it really is a pain...

Lets go into deploying a client...where is the verification in the admin console that it has been pushed successfully, it has been installed successfully, or if it failed for that matter. Lets go into managing a client that may or may not have the client pushed, how do you tell it was pushed, how do you tell it wasn't, how do you tell if it is in the process of. Lets go into attempting to view anything...connection fails because of a firewall issue..all the ports are open, hell the firewall is disabled...how can it be a firewall issue???

Just about every other management console based software has a way to monitor deployments from start to finish and have a way to be able to tell exactly what is stopping them for the admin to fix the issue. I have used many, kaseya, altiris, level platforms, and labtech and all of them you can tell what is going on at any given point during just about whatever you are doing and you get things like logs and error codes. If ms would just steal one of these management suites it would be beneficial to the rest of us.

If you care to prove differently I have a nice test environment that shows otherwise and would be more than happy to give you a brief tour of what I am complaining about.

Windows already has a gigantic servicing engine that logs just about anything, and an SCCM task sequence can monitor this - in addition, a task sequence that uses MDT integration offers even more (logging and TS customization). As someone who's used most of the deployment products out there at this point, SCCM is in fact at least as powerful and configurable, and the fact it's a lifecycle management product (versus just an OSD product) makes it (and SCEP) worth the price when coupled with the other products in the suite. If you need a management console to troubleshoot for you, you're already behind the 8 ball as you're trusting information from someone or something that may or may not be the OS making judgement calls on failures. Any SCCM OSD should have pre-flight checks so that if failures are going to occur, you catch (and log) them before you start touching the client machine to be (re)installed.

I'd put SCCM and SCEP (+DCM, NAP, and DA) up against any lifecycle management product any day of the week - heck, you get licensing to SCOM and Orchestrator as well with your System Center purchase, which also means endpoint monitoring, reporting, and automation as desired based on things like performance data, event logs, and DCM / NAP configuration.

Honestly, most environments that fail to get the most out of the System Center suite (especially with the 2012 version) comes down to the admins not knowing how to set it up and manage it properly, rather than the software.

[sc302 Veteran]

We mainly use sccm for the remote control feature, a simple feature that any of these products support. Sccm fails at connecting almost 40 percent of the time. Some random error about firewall or network connectivity. I can connect with any other software pushing clients to the computer even connecting with rdp, but sccm ha an issue. This is random, sometimes it connects and sometimes it doesn't. If it can't do something this simple we cannot trust it to do anything else.

Firewall is not an issue, we completely disabled it as a test, Dns isn't an issue we can connect to the computer many different ways, network connectivity isn't an issue see previous comment. It doesn't give an error to properly troubleshoot this. We cannot trust a product like this but my predecessor decided this was a good product to go with and we are stuck with something that works half assed.

For craps and giggles, I created a 2012 sccm server in a test environment, that same issue may or may not be there but after I push there is no status on the console to tell you what/where the install is or if it failed or succeeded. He'll I can push to a pc that has been retired, no error no status, nothing. And you probably will see this as no problem....while this is a small environmental test of around 50 live, the production is several thousand some are turned off in the it closet that won't be deployed. The push from sccm is very poorly designed. I would even say the the remote tools also fall in that category. I wouldn't trust this for a proper inventory or to push packages out.

[cluberti]

I deal with environments of 100,000 PCs or more, and setting up reporting (real time and otherwise) isn't that hard. Push works fine, and reporting does too. If you're seeing retired machines still in SCCM, or having issues pushing packages, that would be an issue to be investigated. Perhaps it's easier for me because I do it for a living and know how to use SQL reporting and SQL in general.

[sc302 Veteran]

It is very easy for me to recommend other utilities because I too do it for a living and have been exposed to many tools not just given one package and told to deal with it. I see it from the user side, the admin side, and the tech side. I can't say with 100% certainty that this package is good or worth the money. I have seen many packages from initial testing to production roll out and have trained many. I can tell you in this environment this system doesn't work properly. it is my first go at sccm which was preinstalled to me coming in and dealing with it. From what I see this is a very cumbersome, unfriendly, and near hostile piece of software. For a tool that is supposed to help you it does a lot of fighting against you and makes you job counter productive.

[remixedcat]

I can honestly say the Sophos, still, by far was the easiest to setup and configure. I have been busy testing AV suites over the past few days and I still vote for Sophos for large networks.

[cluberti]

Sophos might be easy to set up, but it's performance impact compared to just about any other A/V product is pretty horrible. There's more to an A/V product than how easy it is to manage.

For what it's worth, other than FEP/SCEP, the very latest Symantec A/V release (12.1.2) actually has a very light performance impact for a good A/V product.

[xendrome]

Trendmicro OfficeScan works well for us.

[remixedcat]

Sophos might be easy to set up, but it's performance impact compared to just about any other A/V product is pretty horrible. There's more to an A/V product than how easy it is to manage.

For what it's worth, other than FEP/SCEP, the very latest Symantec A/V release (12.1.2) actually has a very light performance impact for a good A/V product.

That was the opposite for my setup. Mine was very low resource usage.

[PGHammer]

Hello folks,

I'm just wondering if there is a AV product out yet that is designed for Server 2012 environments. I'd like to be able to deploy AV clients to Windows 7, Vista, and XP machines on my LAN via my Server 2012 box. Based on the small amount of reading I've done, FEP doesn't yet support Server 2012. Are there other alternatives?

That's because FEP was pretty much replaced by System Center Endpoint Protection (it's the same product, actually) - it's why I'm having to get my feet wet with SCCM for my virtualization test lab. The test lab will have a mixed bag of Windows and Linux clients (I'm adding a Sabayon 11 client right now as I type this). I'm hoping to not need to do a kitchen-sink; preferably, I'll only need CM/EP and VMM along with their prereqs. I have SQL Server 2012 Express SP1 installed with the defaults (it will only be used by System Center). Now I'm trying to figure out the proper settings for SCVMM to link to the SQL Server Express DE - for some reason, I get no warnings, yet the install always bombs connecting to the DE.