Thoughts on NOD32® Enterprise Edition, real world usage

[Mathew J]

Hello,

So I am currently involved with evaluating new client AV products for our environment, not only because we are running on a slightly dated system (SAV 10) but also in anticipation of a Win 7 rollout...

With that said I was looking for some real world experiences of NOD32 Enterprise...specifically what the management interface is like, how effective it seems to be, do they provide a utility to remove other currently installed products or only one to deploy their own, does the product do realtime download scanning and what are the other advanced features when compared to the consumer product.

Any info or advice is appreciated as currently we are exploring all options.

Thanks

[SmackyTheFrog]

They'll offer you a rip and replace script for your environment, for a price. I did my change-over from SAV 10 by making a machine shutdown script that invoked the misexec /x command to remove the old version and then Nod32 installed through policy on the next reboot (Nod32 won't install if it sees SAV10). The management console works about as well as I would expect as when I came off SAV. The model is a little different though, clients phone in instead of the server directly polling them which works better in my opinion. The next release will have centralized quarantine management which is something that the product was lacking for a while.

As for the product's abilities, it can scan HTTP, POP3, and Outlook and thunderbird through its modules and plugins in addition to the file-system scanning. I've been very happy with it overall and its a lot nicer on system performance than SAV10 ever was.

[3GUSER]

Quote:

Originally Posted by Mathew J

Hello,

So I am currently involved with evaluating new client AV products for our environment,

You could read my answer and also have a look at this thread:
http://www.wilderssecurity.com/showthread.php?t=266653

Quote:

not only because we are running on a slightly dated system (SAV 10)

Symantec offers upgrade to SEP 11

Quote:

but also in anticipation of a Win 7 rollout...

Most (if not ALL) security vendors provide Windows 7 compatible versions.

Quote:

With that said I was looking for some real world experiences of NOD32 Enterprise...

To start with , there is no (longer) such thing called NOD32 Enterprise edition . This names was valid about 3 years ago . Now this is called ESET Business edition.

Quote:

specifically what the management interface is like, how effective it seems to be,

This must be evauluated on your own . They offer free version (you'll be given Not-For-Resale licence) to trial the product.

Quote:

do they provide a utility to remove other currently installed products

No , not officially

Quote:

does the product do realtime download scanning

Yes

Quote:

and what are the other advanced features when compared to the consumer product.

No advanced feautures . ESET NOD32 is the most classical antivirus software , no cool or advanced feautures . Plain antivirus scanning files in real-time (using signatures and heuristic technologies) , scanning POP3/HTTP/HTTPs/POP3s traffics and provides email integration. It also monitors if your Windows is up-to-date . That's all.

[SmackyTheFrog]

Quote:

Originally Posted by 3GUSER

No advanced feautures . ESET NOD32 is the most classical antivirus software , no cool or advanced feautures . Plain antivirus scanning files in real-time (using signatures and heuristic technologies) , scanning POP3/HTTP/HTTPs/POP3s traffics and provides email integration. It also monitors if your Windows is up-to-date . That's all.

Self-protection and the rootkit detection in v4 ought to qualify here. HTTPs/POP3s filtering isn't exactly a common feature either, though you have to do some work to make sure it functions correctly. You can also set up dual-update profiles so mobile users can update from your mirror while on site and from eset when not.

[3GUSER]

Don't want to start a war but :

Quote:

Originally Posted by SmackyTheFrog

Self-protection

All other AVs have it. It is not an andvanced one but a must.

Quote:

and the rootkit detection

Isn't very useful . Have tried it on many rootkit samples.

Quote:

HTTPs/POP3s filtering isn't exactly a common feature either

Correct but do you use it? How often you come accross a malware spreading through encrypted traffic ?

[webyourbusiness]

removal of other systems? That's rip+replace.

How many workstations is this installation?

[Mathew J]

Quote:

Originally Posted by 3GUSER

You could read my answer and also have a look at this thread:
http://www.wilderssecurity.com/showthread.php?t=266653

Thanks, I will read that now with interest as it seems information on the product from a third party standpoint is rather lacking.

The products we are considering are as follows:

McAfee Enterprise (Not a top contender though upper management is interested from use in past environemnts)

SEP 11 (An updated port from our current SAV10 infrastructure, but reports indicate that it seems somewhat bloated.

ESET Business Edition (Took NOD32 Enterprise off of their website so I presumed it was the current name) - (This is the security teams product of interest as their assesment is that the engine is one of the most advanced out there and very complete from a security standpoint)

Landesk AV based of Kaspersky 8 (This would be for us the easiest solution as we already have a large Landesk deployment, the agent integrates the AV component into it, and they offer as a part of the agent deployment and integrated utility which we have tested will remove all facets of SAV 10 in one push)

Quote:

Symantec offers upgrade to SEP 11
Most (if not ALL) security vendors provide Windows 7 compatible versions.
To start with , there is no (longer) such thing called NOD32 Enterprise edition . This names was valid about 3 years ago . Now this is called ESET Business edition.

The issue is that the upgrade from SAV 10 to SEP 11 seems like somewhat of a pain, and thus is it worth it to consider, I haven't read up in a while but initial reports of SEP 11 performance were mixed.

We/I am leaning towards Landesk AV given that we don't have to stand up a dedicated client management server, pricing supposedly isn't horrible like SAV/McAfee, and the Kaspersky defs are reportedly pretty decent...though the security team is hoping the next AV solution we go with is more "feature rich" especially in the areas of realtime download scanning, a feature that the LD AV solution does not seem to have.

Quote:

This must be evauluated on your own . They offer free version (you'll be given Not-For-Resale licence) to trial the product.

With the eval I am presuming that you need to stand up a temp management server?

Quote:

No , not officially

This is another concern for us as SAV seems like something of a pain to remove, I believe Symantec has a removal utility that is available upon request though.

Quote:

Yes

Thanks

Quote:

No advanced feautures . ESET NOD32 is the most classical antivirus software , no cool or advanced feautures . Plain antivirus scanning files in real-time (using signatures and heuristic technologies) , scanning POP3/HTTP/HTTPs/POP3s traffics and provides email integration. It also monitors if your Windows is up-to-date . That's all.

Sounds interesting, I prefer simple...

Thanks

[GAN]

Since you already use SAV 10 i would also recommend taking a look at Symantec Endpoint Protection as well. I know there is a lot of Nod32 fans in this forum so i'm not going to start a Nod32 vs SEP discussion since there will never be a common agreement what is the best, but i think Symantec have a better product and better support which might be important for a company. It might also be cheaper to upgrade to a new version than switching to another product. I disagree with the bloated part and anyway it might be better to check it out for yourself to see what you think about the product and how it suits your company. Just my opinion and not going into some endless discussion about the best AV product here.

Since this is a Eset forum i'm sure most members here will recommend Nod32 and i'm sure the same thing would have been the case if you asked about Symantec in the Symantec forum. So might not get a neutral opinion in here, but that might be hard to get anywhere.

[Mathew J]

Quote:

Originally Posted by GAN

Since you already use SAV 10 i would also recommend taking a look at Symantec Endpoint Protection as well. I know there is a lot of Nod32 fans in this forum so i'm not going to start a Nod32 vs SEP discussion since there will never be a common agreement what is the best, but i think Symantec have a better product and better support which might be important for a company. It might also be cheaper to upgrade to a new version than switching to another product. I disagree with the bloated part and anyway it might be better to check it out for yourself to see what you think about the product and how it suits your company. Just my opinion and not going into some endless discussion about the best AV product here.

Since this is a Eset forum i'm sure most members here will recommend Nod32 and i'm sure the same thing would have been the case if you asked about Symantec in the Symantec forum. So might not get a neutral opinion in here, but that might be hard to get anywhere.

Thanks GAN,

My main issue with SEP is simply the cost of the licensing and then having to build out a new management server/vm or whatever and client deployment, plus the additional features in SEP seem to be a bit overbearing. I haven't demo'd the product but everything I have seen appears a bit "much" when what we are really looking for is just AV protection.

I will see if I can find other security communities out there to see what they say.

Thanks

[greencoconut]

you cannot compare SEP/SAV to NOD32. SEP uses at least the same amount of (f not more) resources as NOD32 while providing a far inferior level of protection. i've done about 15 SEP deployments, all of them ending in multiple support calls to Symantec and eventually replacing the product for something else. As for NOD32, I've done only a handful of smaller deployments and did not have any major issue

[GAN]

Quote:

Originally Posted by Mathew J

Thanks GAN,

My main issue with SEP is simply the cost of the licensing and then having to build out a new management server/vm or whatever and client deployment, plus the additional features in SEP seem to be a bit overbearing. I haven't demo'd the product but everything I have seen appears a bit "much" when what we are really looking for is just AV protection.

I will see if I can find other security communities out there to see what they say.

Thanks

You can choose to not install all of the features if you don't need/want them, but i guess you still have to pay for all the features. If you already did some research and didn't find it to be a good alternative for your company i won't argue You probably know what is best for your company. I didn't know that the licensing were that expensive.

[GAN]

Quote:

Originally Posted by greencoconut

while providing a far inferior level of protection

If this is really a fact it would be very interesting to see some real reports/research to confirm that statement.
As i said i'm not going into a "what is the best" with a lot of opinions, but i'm simply just interesting in reading reports that explain and support such a statement for any security product. I'm sure others would find that interesting as well. It have to be someone independent of course since we all know what the results will be if coming from Eset, Symantec or any other software manufacturer for such a product.

[bradtech]

Hello,

I am a Security Administrator for a state Government agency, and I championed bringing ESET in to replace an aging Symantec Infrastructure. I had 90-95% success rate on clients that were running Symantec on the rip and replace removal on around 2000 clients located in a central HQ, and also through off site rips. It is a simple tool which can be used through ESET Remote Administrator or through AD Group Policy.

Our year is up on the 28th of this month, and we are in the process of renewing the 2,000 licenses for another year. Almost everyone has been impressed from the grunts up to the management, and you can tell by the network traffic, and how the machines run now that ESET has more a drastic difference over the typical solutions that have been there in the past *Mcafee and then Symantec*.

I cannot emphasize how much crap, and how much stuff was on some of the machines with up to date Symantec. ESET is not perfect, and has let some stuff by but we have so many machines that it is to be expected, and you HAVE to plan and have it something else to combat infections such as Limited User Accounts, Centralized updates/patching, and Software Restriction Policies. Just by looking at detection logs I see where Java, Adobe products are used to exploit machines. Also IT personnel should understand that it is a business relationship. ESET will be only as good as you want it to be. Master the product, configure it correctly, and if something gets by, take the time to send in samples. If someone had done that for the infection on your box you would be thankful. This forum is your best tool to getting help, and to the people who actually code, and can get things done for you. This forum, and an individual on it saved ESET, and helped me a lot on a software conflict that required ESET to fix, and relase a pre-release version to send to me. Very good company working their @$$ off. I would not expect that level of help from a big dog who does not need to fight for my money, and business.

[bello832]

hi is there any update for eset nod 32 virus definition mine is in 4978 26/03/2010

[Cudni]

Quote:

Originally Posted by bello832

hi is there any update for eset nod 32 virus definition mine is in 4978 26/03/2010

Yes, 28th
http://www.eset.eu/support/update-xy1
also see
http://www.wilderssecurity.com/showthread.php?t=268671