Enterprise AV

bigredshark · 27 Aug 2008 at 11:52

So we're reviewing our AV solution (first time in, um, forever actually...) and I'm hopelessly out of touch with the market, so what's everyone using, what works?

We're current with Sophos and I won't touch Symantec with barge pole...obviously messagelabs for email as well...

bigredshark · 27 Aug 2008 at 12:29

Actually the requirement is fairly odd, we are only deploying AV for the servers. (Desktop AV isn't my concern). In the region of 350 servers to protect for this environment so probably still enterprise level numbers...

bigredshark · 27 Aug 2008 at 15:01

Curiosityx said:
In that case i would lean towards Symantec, are the severs geographically distributed? It may come into play when placing Update/Management servers.

Regards

They are but we have 10Gbit dark fibre so it's not too much of a concern...

bigredshark · 27 Aug 2008 at 15:13

Do you know if it's changed much, I used it in a previous role about 3 years ago and it wasn't nice to manage...

bigredshark · 29 Aug 2008 at 23:44

ethos said:
We use NOD32 for the clients and exchange server, but at the moment nod32 XMON isn't picking up any viruses on email...and I can't figure out why

Not a massive problem, but a few have been getting through to the workstation and users crap the bed when they see the big red box even though no harm is done.

Not really a concern, we don't bother scanning mail on the mail servers. It all comes from messagelabs and goes through a gateway running mail marshal (which has yet to see a virus, it's just there for policy stuff day to day).

bigredshark · 30 Aug 2008 at 21:38

JonRohan said:
Symantec seems ok for us but we don't have massive networks (just lots of networks we look after).

They have a new product called End Point Security in which may be worth a trial. The latest enterprise version is 10.2 iirc.

To be honest we won't be looking at any special features, it's only for the server farms and it's largely pointless. AV on the servers has never detected a virus, the main entry point for viruses (email) is pretty well sealed separately and no CDs/memory sticks etc ever get connected directly to production servers.

We put one of the test viruses on there once every few months to check it's still functioning but thats all it ever does really. So all I care about is ease of deployment (not even that so much, it'll get integrated into the install routine rather than being network deployed) and management.

bigredshark · 30 Aug 2008 at 22:53

Deanje said:
Out of curiousity, how do you test for virus'?

There are some test viruses around which are standardized. Essentially they're in all the virus definitions from all the vendors, but they're harmless and do no damage. EICAR is the one which most people use, just dump in on a share or something and see how long your AV takes to notice...