Centrally Managed Antivirus?

Discussion in 'other anti-virus software' started by hutchingsp, Jul 29, 2008.

Thread Status:
Not open for further replies.
  1. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    I've searched and there don't seem to be many threads that focus/relate to a products ease of management when you're talking a few hundred machines.

    So far I've looked at Kaspersky, NOD32 and F-Secure and all have pros and cons.

    Realistically I can't look at every single vendor out there, and what might be a fantastic product installed on a single PC may not be a fantastic product if the central management is a dog.

    Other than the three I've listed, does anyone have any recommendations of a product that is not only an excellent client product, but that also has good central management and monitoring?

    Some of the features on my wish list are:

    By default grab updates from LAN management box, if that's not available (i.e. a laptop away from the office default to check the vendors website).

    Report unknown applications accessing the internet, or acting as a server.
    Allow blocking of individual applications that try and access the Internet i.e. Skype.

    Light client footprint - I want something that just sits in the system tray until there's a problem, no confusing pop-ups/windows every time something happens etc.

    Excellent spyware/web threat detection.

    A location aware firewall would be useful i.e. let everything in/out on our LAN but default to blocking inbound connections the rest of the time (user-selectable).

    Windows XP 64 bit support.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    In order for this thread to not be considered just another "which is best" thread, any replies made need to focus on the key attribute: centralized management & monitoring for a large PC client base, as would be needed in a business that has hundreds of client PCs on a distributed network. See hutchingsp's other recent threads for background on his situation.
     
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
  4. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    Sophos :)


    Very easy to manage, deploy and control via the Enterprise Console... Synchs with active directory to discover new computers and then you can protect them all in one go by providing the EC with your domain admin credentials. Comes with optional HIPS and client firewall..... good for protecting corporate networks because it nukes anything that smells like a keygen and they are very business focussed so catch most recent email malware that our symantec mail gateway misses, and everything else that gets downloaded one way or another.

    Tech support in the UK are very easy to reach and I usually get a reply within a few hours to any questions.

    Highly configurable and very informative control panel gives you a summary of your networks health/status at a glance, and overall it was very nice to deploy and manage. Upgrades are relatively practical too.



    -By default grab updates from LAN management box, if that's not available (i.e. a laptop away from the office default to check the vendors website).

    Does that.

    Report unknown applications accessing the internet, or acting as a server.
    Allow blocking of individual applications that try and access the Internet i.e. Skype.

    -Should do this too, but I havent really looked at this feature (it does have an "authorised apps" list AFAIK.

    Light client footprint - I want something that just sits in the system tray until there's a problem, no confusing pop-ups/windows every time something happens etc.

    -AV/HIPS policy set by EC and it will take the action you specify, only alerting the user to the fact that a virus was detected with a discrete popup, no desicions to be made (if you do not want to give them a choice)
    Excellent spyware/web threat detection.

    A location aware firewall would be useful i.e. let everything in/out on our LAN but default to blocking inbound connections the rest of the time (user-selectable).

    -Not sure about this as I do not utilise the firewall portion.

    Windows XP 64 bit support.

    -Pretty sure they do this but best to check on their website.
     
  5. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    Sophos has been on my list before, but it's that old chestnut that as a user of an existing product, the amount I have to spend is basically what the renewal would cost.

    Last time I looked Sophos were very cheap if you were education or charity, but very expensive vs. everyone else if you were regular retail, and they didn't sound as if there was much flexibility.
     
  6. hex_614

    hex_614 Registered Member

    Joined:
    Jul 17, 2008
    Posts:
    155
    Location:
    Manila, Philippines
    trend micro office scan is good for corporate accounts. for business.
     
  7. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Sophos but not with max heuristics.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Most all of the antivirus brands will have some special versions designed for business/enterprise.

    This allows you to centrally manage your network...create configuration files for the various types of computers you're managing, create push install packages so you can deploy it across the network without sitting in front of the destination machine, provide updates across the LAN so you pull down the update once to your main server, instead of having all clients pull down the updates from the internet (huge savings on your internet pipe), monitor clients, etc.

    I'd say it's a matter of going with the antivirus that you prefer...combined with if it's compatible/supported by your primary line of business application(s). And pricing....retail or non profit pricing available to you.

    I've used/had experience with most of the big names out there over the years as far as their business editions, Symantec, McAfee, Eset, AVG, Kaspersky, Trend Micro, Sophos, CA, ...I'm sure there are a few more I can't remember. They all provide you with pretty much the same features. Most of my experience has been with Symantec and NOD32....as I was a reseller of Symantec since version 5..but I started disliking it around version 9...and after trying quite a few others..went with NOD32.

    The features are all pretty much the same as far as management consoles...just a preference of price, performance, etc.
     
  9. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    +1 on this... And, if all this isn't enough to discourage you, then you deserve to suffer...

    -1 here; wrt the above, SEP11 management console is a nasty joke, not a serious product. I'd strongly suggest that you test the enterprise products before you shell out $$$$ on them and start pulling your hair after that... o_O
     
  10. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    OK so far I'm struggling to see beyond Kaspersky or sticking with Trend.

    NOD32 doesn't seem quite "polished" enough.
    AVG and Avast don't appear to be in the same league for detection?
    Symantec/McAfee/CA etc. are a bit too "corporate".
    Avira didn't bother to respond to 2 emails to sales.

    Is there anyone else that I have overlooked that people think I should be looking at?

    XP 64 bit support is a must have.
     
  11. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    We use McAfee Enterprise. Easy to remote install and manage. Maybe not the best detection in the world, but they're definitely not bad. Their support is decent and they're optimized for corporate environment/tools that you would mostly have.

    Product to avoid, CA Enterprise Security. Although they have excellent support and manageability. Their detection is low and due to their modular design, having AV,AS,Firewall module will eat lots of memory.
     
  12. circlemoon

    circlemoon Registered Member

    Joined:
    May 31, 2007
    Posts:
    10
    "Diskless Angel" is another choice. It takes the OS to run in Ram as a virtual image. Once infection of virus occurs, just reboot the computer and all viruses will be destroyed as it is only a virutal image.
     
  13. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    https://www.wilderssecurity.com/sear...arteronly=1&exactname=1&searchuser=hutchingsp
    That's quite a read:
    I am not the one to offer any real help, but what the hey I'll give it a shot: :cautious:
    Sophos here, but only tiny biz. :)
    I Have multiple ( -ahem-cough- 7-10) endusers of varying expertise accessing the web. Run Virtual servers with workstations

    Dont forget system policy set-ups for LUA accounts
    Gateway appliances>> you not interested ??

    You could check PrevX Corporate strategies.
    Interesting Utility PrevX.

    Virtualisation roll-outs ??
    I use online back-up/sync and a local image file

    Obviously very different scenario from you...

    You previously mentioned '400' machines

    If you are looking for "400's" of machines to protect: that implies some significant budget:

    You seem to be asking the same Q every time and have sampled every available security solution?
    Have you implemented any of the suggestions made?
    -Perimeter HW etc
    What happened?
     
  14. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    We have around 400 active machines, if we were to try and catch every machine that may be on the network for 5 minutes once a week and gets switched off the rest of the time, then it's more.

    Regards trialing solutions, I simply don't have the time/resource to test every product, especially as we have a very diverse machine base here, hence the number of questions - testing Antivirus takes time beyond "Oh it installed and my machine hasn't crashed in X days since I installed it" and it's also very hard to mimic the behaviour that folks seem to engage in that ends up with spyware droppers and malware trying to work its way onto their machines (I wish I knew how they manage it! :)).

    Budget - keep in mind we already have Trend, it's very difficult to justify spending more money than the renewal would cost, so solutions I look at need to be willing to deal to displace.

    Gateway - we don't do gateway A/V scanning simply because we have a very fat Internet pipe and to get anything in place that would deal with our bandwidth with full virus scanning would be very expensive, though we do use web/reputation filtering at the gateways to try and keep the minimum of nasty sites visited to a minimum.

    Products I have tried:

    F-Secure v8 beta - liked the product, a bit resource hungry and no x64 product which is a real spanner in the works so pretty much ruled it out.

    Kaspersky - like their Exchange product a lot. Desktop product (v6) impressions are mixed. Very thorough, seems a bit quirky, support is very good, however the slowdown on our machines was noticeable.

    NOD32 - Only given this a brief go and may come back to it as I got hung up on a single issue that it turns out there is a workaround for.

    Currently trying Avast, only installed it today and haven't even looked at the central admin function but first impressions are positive.

    I have to say that if I only felt that Trend was a little more pro-active/thorough I'd sleep a lot easier - but it does seem to be detecting a lot of things and claiming to have dealt with them only to flag the same thing a few minutes later and claim it's dealt with it.. and so on until we go run drweb cureit or something on the PC.

    PrevX looks interesting - I shall check that out and will go do a search on here :thumb: .
     
  15. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    have you tryed drweb?
     
  16. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    I love their "cleanit" standalone, but their A/V is 32-bit only.

    I'm going to give PrevX a try tomorrow as it looks "interesting" shall we say.
     
  17. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    forgot drweb doesnt support 64bit yet.
    try VIPRE
    seems to be just what your looking for.
     
  18. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    The two that I am familiar with are Symantec and McAfee, but honestly, I never used the management interface of either. As with consumer products Symanec is the 800 pound Gorilla here as well.

    Regarding the clients, Symantec has some advanced features like their Sygate derived firewall and proactive detection. Mcafee definitely runs better on old hardware and is said to have lower prices. Trend Micro has products in this space, but I have no experience with them. That's about it.
     
Loading...
Thread Status:
Not open for further replies.