Corporate A/V

[enigmo]

Currently on a mini-project to look at the possibility of moving company-wide antivirus software. Anyone have any opinions on AVG vs Kaspersky? Any overriding corporate reasoning as to why one is better than the other? Factors that may sway opinion:
Not a large userbase (sub-1000 users)
70/30 mix of Linux/Windows, but this solution is going to be primarily for our Windows workstations and servers.
Budget is not huge. Currently have corporate AVG and not looking to bump that cost up too much.

 

[Lanz]

We use Kaspersky, its fine for workstation (managing about 4000 odd), but for servers it's got too many bells and whistles, we don't need half of that endpoint stuff, it makes it too bloated. Plus its always good to have different AV for servers and workstations imo.

 

[Hellsmk2]

Same AV should be on servers and clients. If you need two solutions you're doing it wrong.

Best enterprise AV I work with on a regular basis is Sophos. Worst is MS Forefront by a country mile.

 

[enigmo]

Worst is MS Forefront by a country mile.

Any reason for that? Same as Lanz, too much stuff to bother with?

 

[enigmo]

We use Kaspersky, its fine for workstation (managing about 4000 odd), but for servers it's got too many bells and whistles, we don't need half of that endpoint stuff, it makes it too bloated. Plus its always good to have different AV for servers and workstations imo.

I'm assuming it has a central management service of some sort. Is it usable? OK for pushing out updates?

Looks like no-one here uses AVG then

 

[Hellsmk2]

Any reason for that? Same as Lanz, too much stuff to bother with?

Using it with SCCM resembles a house of cards. It falls over for the most illogical of reasons.

It's also completely unintuitive and an absolute ball ache to manage.

 

[stoofa]

We use Sophos here and find it so very easy to use.
We can do everything remotely and it's so easy to setup and configure.
Pricing wasn't through the roof either.

 

[LostCorpse]

we recently changed from Symantec endpoint protection to Microsoft SCEP...
so far... i'm not impressed with it.

 

[oldbag]

Don't use trend, Kaspersky was ok when I last used it. Symantec was ok, it maybe worse now. Sophos was ok too.

 

[m4cc45]

Same AV should be on servers and clients. If you need two solutions you're doing it wrong.

Best enterprise AV I work with on a regular basis is Sophos. Worst is MS Forefront by a country mile.

A lot of companies are going for different AVs due to single points of failure. The most common is not necessarily desktop and server it's more server and DMZ servers though I have seen it a few times.

It's not a bad idea actually as if you have a client PC scanning the files it's accessing and a server scanning with an alternative then it should cover all bases. It's also good that many AV's are using multiple scan engines which is the same principle really.



M.

 

[Knubje]

we recently changed from Symantec endpoint protection to Microsoft SCEP...
so far... i'm not impressed with it.

Interesting. My organistaion is considering this after we have finished implementing SCCM 2012 and testing all the features.

My experience from SEP is that its fairly easy to implement on enterprise level and seems ok. However, our support teams are having a variety of users on a frequent level getting virueses on their machines. SEP is unable to pick them up yet running something like Malwarebytes detects it.

We run the AV and NTP features of the SEP client only, the firewall stuff was too troublesome for our estate. The main problem is why does MWB detect and Symantec not! WE used to run Sophos 2-3 years ago and didn't have as many problems.

I'm wondering if upgrading to SCCM SCEP will make much difference. Any comments?

 

[KIA]

My experience from SEP is that its fairly easy to implement on enterprise level and seems ok. However, our support teams are having a variety of users on a frequent level getting virueses on their machines.

Why is malware getting through in the first place?
Lack of web filtering?
Lack of software patching policy?

 

[zoomee]

PEBCAK

 

[Pigeon_Killer]

We use Sophos which has been very reliable so far. Having said that, we've taken a number of steps to prevent viruses getting on our network in the first place like forcing all Internet traffic through our proxy, disabling autorun and educating users to report suspicious emails and not click on links from unknown sources.

Our previous AV software (CA Antivirus) was, to put it bluntly, extremely dangerous. We ended up disabling realtime scanning because they released so many dodgy signature updates that wiped valid system files so we decided a virus would cause less problems

PEBCAK

Only heard that phrase for the first time two weeks ago

 

[mrbios]

Using it with SCCM resembles a house of cards. It falls over for the most illogical of reasons.

It's also completely unintuitive and an absolute ball ache to manage.

Moved from Sophos to SCEP about 6 months ago and i've not had any issues with it whatsoever yet, it does its job, updates as it should, cleans what it finds and is generally easy to manage/change settings for.

PEBCAK

I heard an alternative to PEBCAK the other day: "layer 8 error" Nice thing is "layer 8 error" sounds more technical and like an actual term unlike pebcak, so you can say it in regular conversation infront of people who aren't "IT" without it sounded like you're taking the mick

 

[Vertigo]

We've been using ESET for a few years now and pretty happy with it.

 

[Knubje]

Why is malware getting through in the first place?
Lack of web filtering?
Lack of software patching policy?

Realistically, it will be a bit of both. Without giving away too much information about where I work; there is a business requirement to have very minimal web filtering. Software is less likely to be the problem, it will be users being numpties and downloading and running crap on their machines. Which the AV software isn't picking up.

We do our best to educate users but it will only help so much. As far as I am aware with previous A/V we had less problems because they were better at detecting and cleanup. SEP seems a bit weak in all areas from my reading.

Ah well, will probably look at moving to SCEP and hopefully it might allivaite issues.

 

[Moeks]

The company I work for uses Sophos Endpoint, I can recommend it, it's easy to manage, has useful tools, is logical and well thought out, isn't too bloated (it runs ok and doesn't really interfere on my work computer which is a 6 year old C2D laptop with 2GB of ram) the management console is common across Windows, Linux and Apple aswell, you can also manage virtualised systems from it.

 

[RichIbizaSport]

The company I work for uses Sophos Endpoint, I can recommend it, it's easy to manage, has useful tools, is logical and well thought out, isn't too bloated (it runs ok and doesn't really interfere on my work computer which is a 6 year old C2D laptop with 2GB of ram) the management console is common across Windows, Linux and Apple aswell, you can also manage virtualised systems from it.

We also use Sophos - I would recommend it, very easy to manage, we're only a small company though, approx 200 hosts.

 

[kefkef]

Sophos here too. AV, SafeGuard, Web Filtering. Around 15000 desktops.