Managing NOD32 | How can we see things improved?

Managing NOD32 | Discussing the (ideal?) architecture.

Hello there.

First things first. I'm a network administrator looking for a way to improve sollutions for managing antivirussoftware. I'm starting a discussion in this forum because I think NOD32 is a good piece of software. It works well and it's pretty easy to understand, or at least, the options are well spread out.

The discussion I want to start is NOT about the NOD32 scanner itself. Nor IMON, AMON,... but about the managing of multiple nodes. At this moment Eset uses the RAS(/RAC) combination for this matter, but I believe there are ways to improve this. Logically, this post is mainly ment for network administrators, and maybe also for NOD32 software developpers. I just want to spread some ideas about how thing can be done (better).
Don't be affraid to compare functionality's from other antivirussoftware as there may be idea's in that.

Before I post my idea's, I would like to know if you think this post is usefull. If I don't get some positive respons on that, I'm probably better of not starting this.
So now it's your turn... go ahead...

 

Hi vincent_vh, welcome to Wilders.

I think your thread is a very good idea, post away

Cheers

 

Any idea which improves nod32 is welcomed

 

Wrong.
Any idea which improves nod32 is highly welcomed.

 

Any idea which improves NOD32 is accustomed, acknowledged, allowed, approved, arrived, authorized, chosen, confirmed, conventional, credited, current, endorsed, established, fashionable, in, in vogue, kosher, legit, normal, okayed, orthodox, popular, preferred, received, recognized, regular, sanctioned, standard, straight, time-honored, touted, universal, unopposed, usual, Welcomed

 

Oh boy the peanut gallery has arrived

 

You do mean firecat right?

 

You know that firecat always completes my unfinished sentences 'coz lack of time

 

Hi,

i think this thread could be very interesting and useful i have some ideas/ problems in my head, too. but the are not ready to be written yet

regards
steffen

 

I have some problems in my head as well. At least that's what my wife tells me. And the little voices...

Vincent - You have looked at the RA Console improvement list that's in the first post here, right?

Jack

 

Some points I mentioned in that other thread....because I spent many years deploying/supporting Symantec Corp Edition setups. I have fully come aboard with NOD32 and only resell that, but I'll still state that I feel the install and deployment of the NOD32 Enterprise Edition still has some maturing to do, something with Symantecs CE with management console is quite ahead in.

Symantecs MMC would show you the IP address, and most importantly, the currently logged in user of that workstations. This was key, since many times some network computers are labeled in a non-descriptive way, such as ws-1, ws-2, ms-1, etc etc. So if you see a red flag in the management console, it was nice to see Sym CE MMC show you the logged in user, instead of trying to figure out where in the building ws-3 is.

By default setup a directory with a client install pre-packaged with the remote admin settings intact, that is shared. Much like Sym CE does with the VPHome share that has the clt-inst folder with a setup package ready to rock and roll right away.

 

I've got a few items in that list as well. We also used to run NAVCE before the switch. The RA Console already shows the IP address, and suggestion #27 under Remote Console asks for user id, for the same reason you mention. We have some machines named with the serial number, so you can only imagine what a pain in the rear that is... My PRIMARY request is listed as #2 under Remote Console - the assignment of a unique identifier (preferably MAC address) to all entries in the RA Console (and a way to clean the darn listing!) as detailed in post #27 of that thread. As to the default setup, we use a batch file to run the setup.exe file from a shared location, with it pointing to the XML file with the settings we want. About as close to a "canned custom install" as we could come up with, and it works well for us.

Jack

 

Well, glad to hear this is appreciated.
Let me answer some questions first:

To anotherjack :
(1) Yes, I've looked at the other post regarding the future improvements. Even though, I've been looking at 'Remote Admin'. This is what you mean by 'RA Console', right?

(2) I allready have something to say about your #2 request (UNIQUE identifier for all machines, preferably something like MAC address.)
Doesn't seem like a good idea, because computers with multiple network-cards would also create multiple entry's. Same thing for computers that would connect trough VPN occasionally.
It seems to me that a better way would be to create a unique ID on installation (fe calculated upon the MAC address and a random variable). This way you pretty much connect an installation to the used OS. Also usefull when using multiple OS'es on the computer.

To everyone:
It's not my goal here to copy the post about the future modifications list. I'm more looking at re-inventing the admin-part of NOD32.
I've been evaluating different enterprise versions of AV's and I've stumbled on incompactibility's upon our network propreties. To put it shortly, not a lot of enterprise AV's are designed to work on a NAT-environment.
I must admit NOD32 Administration module's is pretty much the only one that would work over NAT (I still have to do a proof of concept though, if my bosses let me...). Main reason for this is because NOD32 works completely on PULL principle.

All people can post their ideas of changing the software architecture of NOD32 administration reflecting their own network architecture, to improve things like bandwith controle, functionality's,... . I'll be mainly looking to tune things so it works in a NAT environment as this is where I have to find a solution for personnaly.

To give you an idea about an improvement:
Placing a server on each remote site, even for bandwith issues, is still a bit of a mess. A (good?) way to improve this is for computers on the same subnet to update each-other. If you want to know what I mean, look at Mcafee Virusscan ASaP(Rumor technology) and Panda Webadmin(can't find the page, but they have something similar).
Tell me what you think about this...

I hope to get some feedback

 

One thing that I would consider helpful, is a tree type view in the RA Console. This would allow you to group computers by configuration, and not have to remember what group they are in if you want to roll out a configuration change. We have machines that need file/directory exclusions, or imon configuration change to make them comaptible with software users are running, but don't want those changes on all machines. It would be easier if they could be permanently grouped in tree structures. Hopefully this makes sense.

 

Hmm, I don't get much reply's on my last point...
Let's get things straight first:
I'm not talking about a 100% webbased antivirus. I just think the way the agents update themselves is a bandwith-friendly and efficient way.
Policies and more important the approval to get a certain DAT-file installed SHOULD come from your (RAS) server.

Maybe I should put it this way:
Forget about all repository's. There is just one repository and that is the one on the internet from the vendor (Eset in this case).
For agents to update efficiently, they should try to find the updates on computers from the same subnet.
Still, I think the agent shouldn't blindly try to get the latest DAT-file available (some enterprises like to test them first). So I think the agent should check a certain (RAS-)server which DAT-file he can download and use.

This makes things much more simple. There is no hustling with repository's (which are, in my case (but not with Eset software), the place were lot of problems occur).
The only downside is that each agent should have a port listening (for the update purposes).

So, I hope I explained things well.
Now please... some feedback... Do you think this implementation s**ks? Or do you like the concept? This is what this post should be all about.

 

Please add license expiration/renewal tracking stats; and display in "Information". It's unbelieveable that this is still lacking!!!!

 

if it's not already on the wishlist, you might suggest it here:

https://www.wilderssecurity.com/showthread.php?t=49674

hth

Greg

 

Looks like it's there at #50