Anti-malware for 600 PC's?

We currently use Avira on around 600 PCs. The license is up for renewal and whilst we're generally happy with Avira, it always pays to look at alternatives before renewing.

I'm conscious that these days the threat is leaning more toward malware than traditional viruses, and we see that in that most of the detections we get, and particularly those where we seem to find things get past Avira and need cleaning up are drive-by's and fake antivirus more than "traditional" viruses.

I'm familiar with most of the traditional a/v products, but I've no real experience with the more malware focussed products and their suitability as a replacement for traditional a/v.

Is there anything that you would say falls into that category, or are most of these products still intended as a complement/companion for "proper" antivirus?

(I would add that central management is a must - what makes for a great product on a single home computer can be totally impractical with 600).

 

Hello,

what sort of environment is this?

You could look at locking down what the PC's can do by hardening or introducing something like Malwarebytes AntiMalware enterprise (I think will be ready soon) with your av.

 

I would add Sandboxie no matter what AV you select.

 

In a 600 PC environment that just simply isnt economical at all.

Id look at Emsisoft Antimalware v6. So far they have been absolutely great.

With that many PC's though I would assume you need some type of LAN enabled protection rather than a stand alone AV for every work station.

 

Perhaps a Virtulization type like deeprfreeze for enterprise or maybe Vmware.

 

http://www.symantec.com/business/endpoint-protection

 

You might want to also look at.............
http://www.faronics.com/enterprise/total-layered-security/
for added protection.

 

I'd also look if there are business versions of f.i. the Sitecom Gigabit X series 2.0 routers that have HitmanPro3 cloud scanning implemented in the router, offering http scanning before internet traffic hits workstations. link
The home version router license is approx. 15 pounds a year.
Pretty cheap extra protection and a no-fuss solution, if cloud scanning is applicable that is.

 

Would DefenseWall be practical in a business environment? It doesn't really require user interaction.

 

DW requires whitelisting of applications that won't function int he sandbox.

 

Anyways, with a business it's really simple. Policy.

Users don't need to have admin rights - lock them down completely. Bitlocker if available.

Want something installed? Ask your IT guy (things should be installed by default via image rollouts.) It isn't for work? Than if doesn't belong on your computer.

 

Absolutley agree.If given employees to much freedom its almost a given that some will explore else where thats not work related and get there machines or networks infected.

 

Esset
Avira
AVG
Noron

 

We do that wherever we can.

However we do have a huge mix of specialist software, some of which is only known to the departments that use it, and much of which requires elevated rights to even work.

Given a few hours to experiment it may well be possible to work out the exact rights needed, but we don't have the resource to do this, plus you run into issues of supportability when you're using a package but aren't following the vendors requirements, however stupid they might be.

whitedragon551 is also absolutely correct that it has to be centrally managed. Also it needs to be mature, no 1.0 releases.

Baserk, we already have an enterprise grade firewall (Palo Alto) which does a ton of cool stuff to block threats, but as with anything it doesn't stop it all and layers are better.

My only real issues with Avira so far have been that their SMC management console isn't great, and we've found that it seems to give quite a few false positives on the default settings which is irritating.

I did download and install Vipre Business yesterday and it has a few features I like. The management console seems a little nicer, and the reporting is quite neat - I particularly like how it "grades" detections so our Help Desk have some idea of the severity of anything that is found.

Without wanting to turn this into a comparison thread which will be locked, I've pretty much ruled out Symantec Enterprise. I know they've come a long way but when I looked at SEP11 the management wasn't great. I may take a look at NOD32, but I know the last time I did, the management console wasn't very intuitive - trust me, when you have several hundred PC's, rightly or wrongly you sometimes have to compromise on outright detection in the endpoint product for visibility and control at the management end.

 

If FP and configuring is the case I would suggest switching avast business edition I am also working in such envt with approx 400 workstations.

Good luck

 

If you buy lots of EAM v6 license it can be hella cheap, on top of this it is not annoying if you disable the BB or educate the guys how to do it

 

For those computers that need admin rights you could try AppLocker so that only the whitelisted applications can run.

Of course once they have admin things are a bit harder since they can change all of that.

I know Symantic is popular but IMO not super effective (it's on a company that im familiar with and ive certainly seen infections.) MSE has an enterprise license but it's not exactly the best endpoint software.

 

my vote goes to emsisoft

centralized enterprise edition is available
->http://www.emsisoft.com/en/software/enterprise/

 

You can look into Appguard enterprise.www.blueridgenetworks.com

 

http://www.avast.com/business

 

You need an Endpoint solution...

 

I would suggest looking in to eset f-secure and sophos.

 

Combat Desktop Vulnerabilities and Improve Endpoint Protection

Microsoft Forefront Endpoint Protection 2010:
http://www.microsoft.com/en-us/server-cloud/forefront/endpoint-protection.aspx

EDIT: clarity


HKEY1952

 

Oh, yeah i forgot EAM created an enterprise version

 

does it have to be a traditional administrated solution or are "cheaper" solutions also welcome?
my first thought was to go away from windows to a secure linux.
depends on your used software.
second was a cisco remote desktop.
third now are thin clients with complete remote desktop on a server.

the idea behind is to centralize all processes and data instead investigating
in island solutions. security for me is not only an antivirus program.