Centrally Managed Antivirus?

I've searched and there don't seem to be many threads that focus/relate to a products ease of management when you're talking a few hundred machines.

So far I've looked at Kaspersky, NOD32 and F-Secure and all have pros and cons.

Realistically I can't look at every single vendor out there, and what might be a fantastic product installed on a single PC may not be a fantastic product if the central management is a dog.

Other than the three I've listed, does anyone have any recommendations of a product that is not only an excellent client product, but that also has good central management and monitoring?

Some of the features on my wish list are:

By default grab updates from LAN management box, if that's not available (i.e. a laptop away from the office default to check the vendors website).

Report unknown applications accessing the internet, or acting as a server.
Allow blocking of individual applications that try and access the Internet i.e. Skype.

Light client footprint - I want something that just sits in the system tray until there's a problem, no confusing pop-ups/windows every time something happens etc.

Excellent spyware/web threat detection.

A location aware firewall would be useful i.e. let everything in/out on our LAN but default to blocking inbound connections the rest of the time (user-selectable).

Windows XP 64 bit support.

 

Sophos Endpoint Security and Control (30-day Free Trial)

 

Sophos


Very easy to manage, deploy and control via the Enterprise Console... Synchs with active directory to discover new computers and then you can protect them all in one go by providing the EC with your domain admin credentials. Comes with optional HIPS and client firewall..... good for protecting corporate networks because it nukes anything that smells like a keygen and they are very business focussed so catch most recent email malware that our symantec mail gateway misses, and everything else that gets downloaded one way or another.

Tech support in the UK are very easy to reach and I usually get a reply within a few hours to any questions.

Highly configurable and very informative control panel gives you a summary of your networks health/status at a glance, and overall it was very nice to deploy and manage. Upgrades are relatively practical too.



-By default grab updates from LAN management box, if that's not available (i.e. a laptop away from the office default to check the vendors website).

Does that.

Report unknown applications accessing the internet, or acting as a server.
Allow blocking of individual applications that try and access the Internet i.e. Skype.

-Should do this too, but I havent really looked at this feature (it does have an "authorised apps" list AFAIK.

Light client footprint - I want something that just sits in the system tray until there's a problem, no confusing pop-ups/windows every time something happens etc.

-AV/HIPS policy set by EC and it will take the action you specify, only alerting the user to the fact that a virus was detected with a discrete popup, no desicions to be made (if you do not want to give them a choice)
Excellent spyware/web threat detection.

A location aware firewall would be useful i.e. let everything in/out on our LAN but default to blocking inbound connections the rest of the time (user-selectable).

-Not sure about this as I do not utilise the firewall portion.

Windows XP 64 bit support.

-Pretty sure they do this but best to check on their website.

 

Sophos has been on my list before, but it's that old chestnut that as a user of an existing product, the amount I have to spend is basically what the renewal would cost.

Last time I looked Sophos were very cheap if you were education or charity, but very expensive vs. everyone else if you were regular retail, and they didn't sound as if there was much flexibility.

 

trend micro office scan is good for corporate accounts. for business.

 

Sophos but not with max heuristics.

 

Most all of the antivirus brands will have some special versions designed for business/enterprise.

This allows you to centrally manage your network...create configuration files for the various types of computers you're managing, create push install packages so you can deploy it across the network without sitting in front of the destination machine, provide updates across the LAN so you pull down the update once to your main server, instead of having all clients pull down the updates from the internet (huge savings on your internet pipe), monitor clients, etc.

I'd say it's a matter of going with the antivirus that you prefer...combined with if it's compatible/supported by your primary line of business application(s). And pricing....retail or non profit pricing available to you.

I've used/had experience with most of the big names out there over the years as far as their business editions, Symantec, McAfee, Eset, AVG, Kaspersky, Trend Micro, Sophos, CA, ...I'm sure there are a few more I can't remember. They all provide you with pretty much the same features. Most of my experience has been with Symantec and NOD32....as I was a reseller of Symantec since version 5..but I started disliking it around version 9...and after trying quite a few others..went with NOD32.

The features are all pretty much the same as far as management consoles...just a preference of price, performance, etc.

 

+1 on this... And, if all this isn't enough to discourage you, then you deserve to suffer...

-1 here; wrt the above, SEP11 management console is a nasty joke, not a serious product. I'd strongly suggest that you test the enterprise products before you shell out $$$$ on them and start pulling your hair after that...

 

OK so far I'm struggling to see beyond Kaspersky or sticking with Trend.

NOD32 doesn't seem quite "polished" enough.
AVG and Avast don't appear to be in the same league for detection?
Symantec/McAfee/CA etc. are a bit too "corporate".
Avira didn't bother to respond to 2 emails to sales.

Is there anyone else that I have overlooked that people think I should be looking at?

XP 64 bit support is a must have.

 

We use McAfee Enterprise. Easy to remote install and manage. Maybe not the best detection in the world, but they're definitely not bad. Their support is decent and they're optimized for corporate environment/tools that you would mostly have.

Product to avoid, CA Enterprise Security. Although they have excellent support and manageability. Their detection is low and due to their modular design, having AV,AS,Firewall module will eat lots of memory.

 

"Diskless Angel" is another choice. It takes the OS to run in Ram as a virtual image. Once infection of virus occurs, just reboot the computer and all viruses will be destroyed as it is only a virutal image.

 

https://www.wilderssecurity.com/sear...arteronly=1&exactname=1&searchuser=hutchingsp
That's quite a read:
I am not the one to offer any real help, but what the hey I'll give it a shot:
Sophos here, but only tiny biz.
I Have multiple ( -ahem-cough- 7-10) endusers of varying expertise accessing the web. Run Virtual servers with workstations

Dont forget system policy set-ups for LUA accounts
Gateway appliances>> you not interested ??

You could check PrevX Corporate strategies.
Interesting Utility PrevX.

Virtualisation roll-outs ??
I use online back-up/sync and a local image file

Obviously very different scenario from you...

You previously mentioned '400' machines

If you are looking for "400's" of machines to protect: that implies some significant budget:

You seem to be asking the same Q every time and have sampled every available security solution?
Have you implemented any of the suggestions made?
-Perimeter HW etc

What happened?

 

We have around 400 active machines, if we were to try and catch every machine that may be on the network for 5 minutes once a week and gets switched off the rest of the time, then it's more.

Regards trialing solutions, I simply don't have the time/resource to test every product, especially as we have a very diverse machine base here, hence the number of questions - testing Antivirus takes time beyond "Oh it installed and my machine hasn't crashed in X days since I installed it" and it's also very hard to mimic the behaviour that folks seem to engage in that ends up with spyware droppers and malware trying to work its way onto their machines (I wish I knew how they manage it! ).

Budget - keep in mind we already have Trend, it's very difficult to justify spending more money than the renewal would cost, so solutions I look at need to be willing to deal to displace.

Gateway - we don't do gateway A/V scanning simply because we have a very fat Internet pipe and to get anything in place that would deal with our bandwidth with full virus scanning would be very expensive, though we do use web/reputation filtering at the gateways to try and keep the minimum of nasty sites visited to a minimum.

Products I have tried:

F-Secure v8 beta - liked the product, a bit resource hungry and no x64 product which is a real spanner in the works so pretty much ruled it out.

Kaspersky - like their Exchange product a lot. Desktop product (v6) impressions are mixed. Very thorough, seems a bit quirky, support is very good, however the slowdown on our machines was noticeable.

NOD32 - Only given this a brief go and may come back to it as I got hung up on a single issue that it turns out there is a workaround for.

Currently trying Avast, only installed it today and haven't even looked at the central admin function but first impressions are positive.

I have to say that if I only felt that Trend was a little more pro-active/thorough I'd sleep a lot easier - but it does seem to be detecting a lot of things and claiming to have dealt with them only to flag the same thing a few minutes later and claim it's dealt with it.. and so on until we go run drweb cureit or something on the PC.

PrevX looks interesting - I shall check that out and will go do a search on here .

 

have you tryed drweb?

 

I love their "cleanit" standalone, but their A/V is 32-bit only.

I'm going to give PrevX a try tomorrow as it looks "interesting" shall we say.

 

forgot drweb doesnt support 64bit yet.
try VIPRE
seems to be just what your looking for.

 

The two that I am familiar with are Symantec and McAfee, but honestly, I never used the management interface of either. As with consumer products Symanec is the 800 pound Gorilla here as well.

Regarding the clients, Symantec has some advanced features like their Sygate derived firewall and proactive detection. Mcafee definitely runs better on old hardware and is said to have lower prices. Trend Micro has products in this space, but I have no experience with them. That's about it.