Hi! A friend of mine has a medium business, and he wants to buy an AV to protect his computers. What do you think is the best AV solution for a business with 30-40 computers?

Thanks!

for 30-40 PCs. Your friend should hire a tech guy and give him a CIO title.

Symantec , if you ask me.

F-Prot Corporate license.
Solid no-nonsense protection.
30-40 mach.s = $130 - $170.

definitely not sophos.

Trend is also a very good one

Another vote for F-Prot

also avira antivir has a good corporate antivirus.

:thumb:

Corporate AV? Depends. If you want a cost effective solution then AVG is good. Otherwise I can recommend McAfee, AntiVir, F-Prot and Trend Micro. AVG doesn't have a very user friendly interface, but in all other respects it is pretty good. So, it depends on whether your priority is cost, or ease of use/deployment. :)

Finjan (http://www.finjan.com/Content.aspx?id=1272) (AVs) (http://www.finjan.com/content.aspx?id=267) or Astaro (http://www.astaro.com/products/astaro_security_gateway)

{QUOTE-> Trend is also a very good one <-QUOTE}

We currently use Trend and are actively looking for a replacement. Our problems with Trend can be summarized in three points:

1. Clients that mysteriously stop updating to the latest pattern. Sometimes we get an email alert. Sometimes we don't. Thus, we are forced to review the pattern deployment for every machine weekly by flipping through the security groups in the management console. Solving update problems usually involves uninstalling and reinstalling Trend on the client.

2. Overall abysmal performance in benchmarking tests. Trend has apparently stopped participating in benchmarking tests, because they know the news will be bad. Their VB100 testing history is 15 pass, 8 fail and 27 no entry. They've never received better than a Standard rating on av-comparatives and nothing in recent history.

When av-comparatives did a one-off test of Trend, they concluded that even with a two-month advantage in pattern updates, Trend barely qualified for Standard. The suspicion is that its detection rate would have been less than 80% had it been tested at the same time as the other products.

3. The latest version of their SMB suite (3.5) has caused problems on one of our domain controllers, placing it in a non-functioning state. Trend has acknowledged that other users have reported similar problems on various machines since the update, but they didn't have a fix for us other than rolling back to 3.0. BTW, the big benefit of 3.5 was integrated spyware protection.

I will concede that other than the above, Trend is rock solid.

/jab

{QUOTE-> also avira antivir has a good corporate antivirus.

:thumb: <-QUOTE}

I've been evaluating AntiVir corporate products, and I really want to like them, but it is clear that they aren't quite ready for primetime in the corporate world. Their management tool, SMC, just isn't built for effectively managing large numbers of clients.

Here are the outstanding issues I have with AntiVir:

1. No alert emails if client patterns go out-of-date.

2. Scheduled tasks set to execute even if the client is offline (not in communication with SMC) aren't displayed at the security group level, even though you can create them there and they are obviously stored there in some way. To delete one of these client tasks, you have to click on every single client in the security group and delete the tasks individually.

3. Viewing AntiVir Server log files from SMC is an exercise in frustration. The logs are not intuitively named, nor do they include the date and time the log was generated, so you have to play a bit of a guessing game to find the right one. Strangely, this isn't a problem with AntiVir Workstation logs viewed from SMC.

4. No rootkit detection in AntiVir Server and no plans to introduce it.

5. If a scheduled scan is running and the client receives a pattern update, the scan is restarted. However, no notifications are sent regarding malware detected (and possibly dealt with) during the aborted scan.

6. SMC cannot automatically download new versions of products stored in its repository. Attempting to do so produces a 628 error. Known bug to be fixed in a future release. Workaround is to delete the old versions, download new ones and manually place them in the repository.

7. AFAIK, it is impossible to produce a report showing the patterns installed on AntiVir Workstation clients. Reports only include AntiVir Server clients. Given that there is no email notification in the event of outdated patterns, this is a deal killer for me. This issue has been escalated by technical support.

8. Despite installing the English version of the product, all reports have reverted to German. Reinstallation doesn't help. This issue has been escalated by technical support.

The positives? Great VB100 record and great av-comparatives results. Reportedly, superb detection, very fast and excellent heuristics.

/jab

And, while I'm at it, I might as well share the following discovered during my search for a new corporate AV:

Eset:

1. Cannot exclude folders or files from an on-demand scan, making on-demand scans practically unusable on domain controllers, exchange servers and presumably certain other servers.

2. Recent failures in detection, apparent lack of responsiveness to submitted malware and poor detect showing in the latest av-test have me concerned.

Positives for Eset are of course a sterling VB100 record, great av-comparatives performance, fast scans and great heuristics.

Kaspersky:

1. I terminated the trial when Kaspersky locked up my computer consistently upon scanning a particular file.

2. High performance hit during web browsing is a concern.

3. Concerned about heuristic/pro-active defense performance in a non-interactive environment. Does PDM even come into play on a server? Obviously, you can't respond to pop-ups on an unattended server.

Positives for Kaspersky are their fantastic reputation for responding to submitted malware, rapid updates and stellar detection rates.

I'm about ready to concede defeat and try Symantec.

/jab

Personally I would give F-prot corporate license a try. It's a good offer and if needed the support on their forum for both private and corporate users is excellent.

My concern with F-Prot is that they perform well neither on the VB100 nor on av-comparatives. Plus, their proactive detection isn't very good. From a technical perspective, Symantec would seem to be a better choice.

/jab

drweb of course,

must be good enough, as the russian ministry of defence use it :)

if not that, ive heard nod32 have a good buisiness solution, although its not cheap.

F-Prot is on the rise. They achieved and advanced rating on the last av-comparatives and should do well on the upcoming retrospective. The heuristics have improved dramatically.

As an addendum, I would recommend trying out eSafe and Fortinet. They're good corporate solutions, with decent detection rates (not too sure about eSafe but I hope they are still using the KAV engine as backup, but Fortinet is definitely good).

{QUOTE-> As an addendum, I would recommend trying out eSafe and Fortinet. They're good corporate solutions, with decent detection rates (not too sure about eSafe but I hope they are still using the KAV engine as backup, but Fortinet is definitely good). <-QUOTE}The Inspector has posted interesting comments about Fortinet.:o

{QUOTE-> but Fortinet is definitely good <-QUOTE}

:wacko: :wacko: :wacko:

Other products (which often get VB 100% and Advanced+) are good , Fortinet is not good .

Multi-engine products in general have slow scan speeds, which might not be suitable for servers in a production environment.

/jab

Symantec is the market leader for enterprise level AV protection, that is what you should get.

True, and sad as it is, it may be what I end up with, but here's what I don't like about Symantec:

1. A relatively mediocre track record at av-comparatives. They only made Advanced+ once in the past four tests. In total, they've only made Advanced+ 31% of the time. And, they've gotten a Standard rating 38% of the time.

2. Their proactive detection rate is poor.

Those two points may be the lesser of the available evils for enterprise protection. But, I wouldn't purchase Symantec just because they are the market leader.

/jab

JAB, I think because business needs more comprehensive security solution, they aren't too worried about detection rates of AVs. Because a business relying on an AV with a supposedly high detection rate is obviously not a good security model. AV is just one piece of the jigsaw puzzle - personally I wouldn't worry too much about poor av-comparative results, and probably worry more about impact within the workplace, how it would fit in etc. So if you were really satisfied with f-prot or norton or whatever then detection rates shouldn't deter you (within reason).

Just my opinion anyway.

Relying solely on AV is definitely a poor decision. However, I see no reason to compromise on relatively poor AV detection if it's not necessary. I want it all! :)

Honestly, for corporate protection, you want good detection, good heuristics, fast scanning, low false positives and manageability. That leaves only a few choices:

1. Eset - except for lack of exclusions
2. Avira - except for manageability
3. Symantec - except for heuristics
4. McAfee - except for heuristics

/jab

{QUOTE-> The Inspector has posted interesting comments about Fortinet.:o <-QUOTE}
I missed those comments, can you show me the post? :)

{QUOTE-> I missed those comments, can you show me the post? :) <-QUOTE} Here it is. See post #16 in this thread http://www.wilderssecurity.com/showthread.php?p=990144#post990144 Also see posts by Inspector and Stefan Kurtzhals #77 to 80 in this thread http://www.wilderssecurity.com/showthread.php?p=933673#post933673