what's good with McAfee enterprise?

So one of those [supposedly] friends of mine was bugging me for a free AV...
that's when I turned to WSF...

Now the bugger tells me that he has 1 year's license of VSE from his Dad's office... So the foolish one now needs to know some things... I'm not a VSE guy, so I turn to you

He needs to know 2 things...

1. what does VSE lack?
2. how do I compensate [minimum money, minimum RAM, minimum hassle]?

He's already obtained AntiSpyware Enterprise...
He's willing to shed some $$ for AVs [off the shelf only... he doesn't like eCommerce much yet]... but he distrusts ATs....

I know what you're thinking... ~weird kid and his weird friends~
Well.... we're all weird down here

So... err... any advice?

 

1. Well before it use to be it only had weekly definition releases, but that is now basically gone with the daily weekday updates. Can't really complain about anything else.

2. I don't quite understand what you mean by "compensate." (minimum money? Isn't he getting it for free?)

In any case, the RAM usage isn't the lowest, but it's only one of three AVs I can run where it seems like it isn't even there. (others being NOD32 and F-Prot)
The detection is excellent, in the upper echelon of AV detection.
Very intuitive interface (unlike the consumer version).
Basically, good detection, solid interface, and low system impact.

I would pay for it if it wasn't free from the university. For me, it's the best thing I can actually run on my system without being annoyed. (anything KAV based is just too slow)

 

All AV's have strengths and weaknesses and compared to most others, IMHO, McAfee Enterprise AV is amongst the very top performers.

The only feature, which some people may prefer to see in VSE is a more specific email scanner, as it checks only Lotus Notes or Outlook. This is not a weakness in my view.

Although it places a number of processes in memory, with a RAM footprint of about 25-30MB, it has no perceivable slow-down on my laptop's performance. The RTM is very 'light' even though it scans archive files.

VikingStorm has noted the main advantages of this AV and with the newly released Spyware plugin, it continues to improve. Excellent protection against all malware and at the present time, my favorite AV.

 

as for the processes, you can safely disable some of them from starting automatically when windows starts....

tbmon.exe - for error reporting (i think)
updaterui.exe - just the GUI for manual updater (not needed when using auto update)
vstskmgr.exe - put to manual in services

 

My god... i will try to use it again. Does any one know how to disable the IDS in it?

 

VSE does not scan pop3/smtp mail. If your ISP scans the mail, then no problem. Otherwise, try to use an email client like Eudora that saves attachments by default so the on access scanning will pick it up. Actually, dumping Outlook Express is always a good move.

 

VikingStorm...
by "compensate" I meant "What additional AV should he purchase to suplement VSE?"
There have been a few [not many, but still a handful] of horror stories of VSE being unable to protect some people, and I guess he's looking at detection and removal rates. He'll buy a second AV if it fits the purpose [real time scanner that supplememnts VSE]

 

I use VSE 8.0i on access with nod as a back up scanner, the work well together.

bigc

 

If VSE isn't good enough, I'm not sure what is...
VirusScan is a proven technology and the only AV that I can think of that might have a slight edge in detection would be a KAV based scanner.

If your friend just wants an on-demand scanner to use along with McAfee, Bitdefender has a free version that works nicely. For paid software, F-prot or NOD32 would be nice choices for on-demand only.

 

hmm...
The thing is... there was some talk of VSE being slightly behind KAV on sig-based detection, and behind NOD/DrWeb in heuristics. So he wants to add another layer of protection [on access and on-demand] that can take care of what VSE is expected to miss.
But right now, he has happily installed a trial version [or two?] of some AVs he won't tell me about... some friend, huh?
Thanks for all your help guys.

[But now I want to know what VSE isn't good at catching... worms, trojans, script based virii, zoo samples, new ITW, or is it polymorphics too many buzzwords for one day... head spinny!]

 

Some friend!

Well McAfee's heuristics are actually just as good as KAV, but KAV's is not very stellar anyway, but its not bad either.

Both McAfee and KAV are able to catch many virii because they rely more on generic signatures than heuristics, which seems to help them well enough.

But AVs with a newer and stronger heuristics engine like ArcaVir and NOD32 do not need many generic signatures because the heuristics engine is able to catch most new ITW malware.

Have a great day!

Regards,
Firecat

 

dont tell me he's trying to run two AV in real time? (on-access) very bad idea...

VSE is very good especially with the new anti-spyware module...

if money is no object, i suggest he install KAV5 as primary on-access then custom install VSE as on-demand only... that way he'll have the best of both worlds...

 

Maybe he should just get a double-engine AV and get the issue done with!

 

He has observed an issue with KAV/KAH and VSE installed on the same XP machine... lsass.exe, svchost.exe and explorer.exe are terminated somehow causing a windows shutdown.

If anyone else has experienced this issue I can start a new thread. This is a pretty weird way these two have of hating each other.

 

Ah! the memory drag on a 256M Ram system would be waay too much. I tried FSIS 2005 [not the Microsoft.com version] and it was waay too much.
So I started thinking...
Suitable dietary supplements to VSE...
On access/On demand AT : A-squared, BoClean, Ewido
On Demand AT : TrojanHunter, Trojan remover
On Access (Heuristics) AV : ArcaVir, Dr. Web, Avast Pro, NOD32, AntiVir
On Demand AV : BitDefender Free, MWAV utility (old verrsion), Avast! Home, AntiVir

 

That seems good enough...

 

These are simply choices in front of me... If ever I get VSE [And I may never]... what do you think is the ideal choice?

Firefighter's tests say that VSE+Ewido is the best of the lot....
But can heuristics compensate??

 

No. While heuristics can make up a large part of that, there is no replacement for a dedicated AT scanner.

 

If you have VSE 8 as a backup scanner along with KAV as on access, you must disable Mcafee Shield or you will have one heck of a time booting up or even using the computer.
You have to disable the shield service even if you are not running the on access monitor.