Anti-malware for 600 PC's?

Discussion in 'other anti-malware software' started by hutchingsp, Nov 18, 2011.

Thread Status:
Not open for further replies.
  1. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    We currently use Avira on around 600 PCs. The license is up for renewal and whilst we're generally happy with Avira, it always pays to look at alternatives before renewing.

    I'm conscious that these days the threat is leaning more toward malware than traditional viruses, and we see that in that most of the detections we get, and particularly those where we seem to find things get past Avira and need cleaning up are drive-by's and fake antivirus more than "traditional" viruses.

    I'm familiar with most of the traditional a/v products, but I've no real experience with the more malware focussed products and their suitability as a replacement for traditional a/v.

    Is there anything that you would say falls into that category, or are most of these products still intended as a complement/companion for "proper" antivirus?

    (I would add that central management is a must - what makes for a great product on a single home computer can be totally impractical with 600).
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hello,

    what sort of environment is this?

    You could look at locking down what the PC's can do by hardening or introducing something like Malwarebytes AntiMalware enterprise (I think will be ready soon) with your av.
     
    Last edited: Nov 18, 2011
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would add Sandboxie no matter what AV you select.
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    In a 600 PC environment that just simply isnt economical at all.

    Id look at Emsisoft Antimalware v6. So far they have been absolutely great.

    With that many PC's though I would assume you need some type of LAN enabled protection rather than a stand alone AV for every work station.
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Perhaps a Virtulization type like deeprfreeze for enterprise or maybe Vmware.
     
  6. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    I'd also look if there are business versions of f.i. the Sitecom Gigabit X series 2.0 routers that have HitmanPro3 cloud scanning implemented in the router, offering http scanning before internet traffic hits workstations. link
    The home version router license is approx. 15 pounds a year.
    Pretty cheap extra protection and a no-fuss solution, if cloud scanning is applicable that is.
     
  9. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Would DefenseWall be practical in a business environment? It doesn't really require user interaction.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    DW requires whitelisting of applications that won't function int he sandbox.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Anyways, with a business it's really simple. Policy.

    Users don't need to have admin rights - lock them down completely. Bitlocker if available.

    Want something installed? Ask your IT guy (things should be installed by default via image rollouts.) It isn't for work? Than if doesn't belong on your computer.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Absolutley agree.If given employees to much freedom its almost a given that some will explore else where thats not work related and get there machines or networks infected.
     
  13. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    Esset
    Avira
    AVG
    Noron
     
  14. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    We do that wherever we can.

    However we do have a huge mix of specialist software, some of which is only known to the departments that use it, and much of which requires elevated rights to even work.

    Given a few hours to experiment it may well be possible to work out the exact rights needed, but we don't have the resource to do this, plus you run into issues of supportability when you're using a package but aren't following the vendors requirements, however stupid they might be.

    whitedragon551 is also absolutely correct that it has to be centrally managed. Also it needs to be mature, no 1.0 releases.

    Baserk, we already have an enterprise grade firewall (Palo Alto) which does a ton of cool stuff to block threats, but as with anything it doesn't stop it all and layers are better.

    My only real issues with Avira so far have been that their SMC management console isn't great, and we've found that it seems to give quite a few false positives on the default settings which is irritating.

    I did download and install Vipre Business yesterday and it has a few features I like. The management console seems a little nicer, and the reporting is quite neat - I particularly like how it "grades" detections so our Help Desk have some idea of the severity of anything that is found.

    Without wanting to turn this into a comparison thread which will be locked, I've pretty much ruled out Symantec Enterprise. I know they've come a long way but when I looked at SEP11 the management wasn't great. I may take a look at NOD32, but I know the last time I did, the management console wasn't very intuitive - trust me, when you have several hundred PC's, rightly or wrongly you sometimes have to compromise on outright detection in the endpoint product for visibility and control at the management end.
     
    Last edited: Nov 19, 2011
  15. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    If FP and configuring is the case I would suggest switching avast business edition I am also working in such envt with approx 400 workstations.

    Good luck :)
     
  16. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    If you buy lots of EAM v6 license it can be hella cheap, on top of this it is not annoying if you disable the BB or educate the guys how to do it :D :thumb:
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    For those computers that need admin rights you could try AppLocker so that only the whitelisted applications can run.

    Of course once they have admin things are a bit harder since they can change all of that.

    I know Symantic is popular but IMO not super effective (it's on a company that im familiar with and ive certainly seen infections.) MSE has an enterprise license but it's not exactly the best endpoint software.
     
  18. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
  19. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  20. chabbo

    chabbo Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    350
  21. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    You need an Endpoint solution...;)
     
  22. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    I would suggest looking in to eset f-secure and sophos.
     
  23. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Combat Desktop Vulnerabilities and Improve Endpoint Protection

    Microsoft Forefront Endpoint Protection 2010:
    http://www.microsoft.com/en-us/server-cloud/forefront/endpoint-protection.aspx


    EDIT: clarity


    HKEY1952
     
    Last edited: Nov 19, 2011
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    does it have to be a traditional administrated solution or are "cheaper" solutions also welcome?
    my first thought was to go away from windows to a secure linux.
    depends on your used software.
    second was a cisco remote desktop.
    third now are thin clients with complete remote desktop on a server.

    the idea behind is to centralize all processes and data instead investigating
    in island solutions. security for me is not only an antivirus program.
     
Loading...
Thread Status:
Not open for further replies.