Anti Virus

[Macola10]

What AntiVirus solution are you using? Do you deploy from the server or do you just have the software on the individual PCs? Are you satisfied with your solution?

We just recently updated to a MS Server from a Novell Server. Currently we run antivirus on our computer's that automatically updates (McAfee) but it has let several malware programs in.

Thanks in advance.

 

[technome]

Personally I use Symantec Endpoint corporate, server based, not one virus or malware has gotten through on a number of networks I administer in the last couple years. The previous Symantec corp version would let a number of the mentioned through. For a while I was contemplating using another AV, as Symantec was dropping the ball on program stability/releases with bugs, but the latest versions are good. Tech support is pretty good, though I have gotten foreign support, following the techs English can be a bit tuff, but again I have not needed it in a while. Mind you I use OpenDNS on most of the larger networks, my DNS servers forward to the OpenDNS servers, I only allow wks queries to my DNS servers, blocking other DNS queries from/to wks at the firewall (in case they do get something and are redirected to bypass my DNS servers). The management interface is robust, could be a bit daunting until your use to it. I would suggest no matter which AV you chose, understand all the choices/parameter you can make. As to resources it uses, reasonably fast servers and wks are not hampered, but very low end wks can be affected by scans the program does (if chosen). With Symantec Endpoint I let the server manage the nodes versus unmanaged whereby the nodes can make parameter changes; this help prevent virus/malware from taking over a machine if infected.


........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[karlisi]

ESET NOD32 Business Edition with remote administration. We installed it individually on every workstation, because there were different other AV before and we need to properly uninstall them. We have about 600 workstations in 90 separate LANs, using NOD32 one year, so far no big problems.

===
Karlis
ECDL; MCSA

 

[x11dude]

We use Trend Micro Client/Server. I like it OK; I have it installed on >40 machines and can administer it remotely.

It does trap the occasional virus and shows you whose machines have the most suspicious activity. You can spend lots more time than I do micromanaging it. For the most part it runs silently in the background, doing its job - which is ok with me.

Too bad Microsoft doesn't come out with decent OSs that aren't susceptible to the untold thousands of viruses, spyware, malware, worms, trojans, etc etc etc. But I digress...

Overall: I'd recommend TrendMicro - but maybe not with the same enthusiasm seen in the previous two posts.

 

[cajuntank]

We use AVG for about 2000 nodes and it works great for us. Mass deployment is fairly easy, especially in a domain environment, but scripted installs via login script are also straight forward if you still have a lot of Novell left. Being a K-12, they were also one of the more economic choices while Symantec, McAfee, and Trend (not as much, but still) were very "proud" of their software.

"x11dude", I agree Microsoft has to "tow the line", but they have come a long way with their security. Now a days, it's all Adobe's crappy security in their Flash and Reader that causes more virus and malware infections than anything. Some days I curse Steve Jobs for not allowing Flash on some of his products, but then realize he's a man ahead of his time and knows a piece of junk when he sees it.

 

[kmcferrin]

I've used Trend Micro in the past with good results. Whatever solution you choose, you have to make sure that it gets deployed everywhere AND that it is kept up to date, otherwise you might as well not have it at all. To this end, something with a centralized console that pushes updates out, reports on clients that are out of date, and alerts on those cases is key.

Even with such a solution, you can still get infections. The end user is usually the biggest risk, so make sure that your users are trained to recognize suspicious activity/emails/web sites/etc. And make sure that your web filtering/proxy software filters for malware and malicious sites.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

 

[irbk]

McAfee SaaS on about 180 desktops. Run VirusScan 8.8 on the servers along with GroupShield on the Exchange server. I'd agree that McAfee SaaS lets in more malware than I would like, but it's an anti-virus program, not an anti-malware program so I let it slide and keep MalwareBytes up to date. Way I figure it, it's more the web filtering software's job to keep malware out.

 

[Macola10]

Thanks for all the comments!