Enterprise antivirus solution opinions

DiscoDave · 21 Mar 2010 at 13:56

Hi all,

We've had Symantec Endpoint for the past year but we've not been very impressed with its detection rates or scanning engine. New laptops with dual core processors and 4GB of RAM would grind to a halt when Norton performs a full scan.

I've been given the task to have a look to see what else is out there, and I was hoping that perhaps some of you may be able to provide me with your opinions on other antivirus soltuions.

I'm currently looking into Mcafee and Sophos. I've not had a chance yet to test Sophos but I've got a test environment with Mcafee. Initial thoughts are the interface is pretty good, but I had some rather frustrating issues getting it integrated with AD. The help files bundled with the application simply state "Mcafee total protection for endpoint and be integrated with Microsoft Active Directory as a data source to manage and deploy clients", nothing actually mentioning how I configured it. I eventually had to look on Mcafee's KB from google to find out how to do it, why this information wasn't is the software to begin with I don't know. Anyway that's just picking at it.

Does anyone have any experience with Mcafee/Sophos/other in a business environment? if so, can you please tell me what your experiences are with them.

Thanks,

Xez · 21 Mar 2010 at 14:10

We use Mcafee EPO at work, quite a handy little web console which easily synchronises with AD. When we first deployed it a rare few got problems with the add-on for Outlook but is easily resolved by deleting a file (cant remember which). I'm not particually a fan of Mcafee and its the only Enterprise AV solution I've used.

Roland0 · 21 Mar 2010 at 15:20

We use McAfee at work, 8.5 to be exact. And its dire, but they we only use the plain AV and not the endpoint, but even then, it has been very poor with virii.

I have heard nothing but good stuff about sophos on the other hand!

atomiser · 21 Mar 2010 at 16:38

i have to use mcafee at work, which i dont like.

how many clients and servers are you looking to cater for?

if i were writing the cheques i would probably move over to something like eset nod32.

walnuts · 21 Mar 2010 at 16:40

I've been using Sophos for last 5 years and haven't regretted moving to it from Symantec.

Major plus points for me have been local support (England), really good anti-virus software for Exchange which has great spam filtering add-on and anti-virus software for desktops has worked well.

Latest version of Sophos has some nice features such as ability to block usb pendrives or block applications like Windows Media Player. I'm using Sophos for 180 desktops and 25 servers.

DiscoDave · 21 Mar 2010 at 17:24

Thanks for the comments so far everyone, interesting opinions.

atomiser said:
i have to use mcafee at work, which i dont like.

how many clients and servers are you looking to cater for?

if i were writing the cheques i would probably move over to something like eset nod32.

We have about 160 clients and about 30 servers.

CooK1E · 21 Mar 2010 at 18:17

We run Mcafee at work - although I'm not a huge fan, the management console is pretty good and the e-policy agent does a good job of monitoring clients. The newest version 8.7 includes options for forcing scans to only use a specific amount of resources rather than caning the whole machine (something which we used to have issues with)

400 or so users and about 30 servers btw

brainchylde · 21 Mar 2010 at 20:27

we use CA. It's horrid and the support is awful.

m4cc45 · 21 Mar 2010 at 22:53

I think you need to look into why Symantec Endpoint is running slow. I've found it to be a very good product. You need to tune it though and maybe make exclusions (i.e. Databases are a good thing to exclude on your real-time scan as they are constantly being accessed yet include them on the full daily scan).

Sophos is okay but nothing special. Out of the lot I'd take Symantec any day. McAfee I found awful (it was a while back) and the EPO agent was a pain to get rid of in them days - wouldn't trust it again.

M.

katana6434 · 22 Mar 2010 at 11:30

I have used McAffee, Symantec End Point and Sophos.

Symantec is the worst product I have ever used. We were in the middle of migrating from Sophos to symantec when we got hit with a virus. Basically, everything being protected by symantec got infected, while nothing protected by Sophos got infected. This caused us real headaches.

Symantec looked into why but could not answer why this happened. Out CIO then cancelled the contract with them.

It has been about 5 years since I used McAffee. I had no problems with the software and quite liked EPO.

As said we are currently using Sophos. We have had no real problems with it, and it has done the job well. I just don't like the management console... but thats just me.

katana6434 · 22 Mar 2010 at 11:33

Also Symantec Endpoint ground our Citrix servers to a halt and them unusable. i know this was a problem with a particular build of Endpoint, but it should never have happened.

ruffneck · 22 Mar 2010 at 11:42

We use McAfee with EPO 4.5. No issues what so ever, very good product.

Regards

stoofa · 22 Mar 2010 at 16:13

Symantec EndPoint is an excellent product.
We've been using it since release and so far we have not had a single infection.
Resource use by the client is minimal and the application itself doesn't bother the end user.
We don't use the Firewall, only the AV.

We've been a Symantec house since Corporate Symantec V8 and in all the time we've been running Symantec we've simply not had any infections.

The server side is extrmely easy to setup.
Creating and configuring packages for roll-out is straight forward and you have a lot of control over what you allow users to do.

Very much recommend this product - it is just perfect.

DustyMiller · 22 Mar 2010 at 19:28

Sophos Sophos Sophos.
Just moved to it from Symantec, and it was the best move we made, AD intergration is THE BEST. Content control, and application control is effortless. And with the Safeguard poduct to partner it for encryption, it is simply awesome.

kefkef · 22 Mar 2010 at 19:53

Sophos for us. We can have Forefront for pretty much free under our enterprise agreement, but we still cough up for Sophos.

Scooter72 · 23 Mar 2010 at 16:28

Having spent a lot of time with McAee, Symantec and others I would vote for Sophos.

All the vendors have plus points but on balance Sophos is better, you also get a lot of other stuff bundled in the Endpoint suite. Application, Device and Data Control as well as a good AV and Firewall

GJUK · 23 Mar 2010 at 16:52

Another 1500 + machines here using Sophos and some PC still only have 256MB ram, not to bad to roll out and manage

GJUK

Vertigo · 23 Mar 2010 at 23:22

I'm never going anywhere near McAfee ever again after a server install at a customer site years back had a lovely little bug which deleted BOOT.INI when it did its first check for updates. I kid you not and it took me an hour on the phone to their support to even get them to admit it was a known issue - basically they'd be told to deny everything by the management. Bunch of jokers.

CooK1E · 24 Mar 2010 at 13:38

Vertigo1 said:
I'm never going anywhere near McAfee ever again after a server install at a customer site years back had a lovely little bug which deleted BOOT.INI when it did its first check for updates. I kid you not and it took me an hour on the phone to their support to even get them to admit it was a known issue - basically they'd be told to deny everything by the management. Bunch of jokers.

The only issue we've had with McAfee is that a certain level of DAT's class VNC as a trojan and delete its services entires.