Enterprise AV

[Burnsy2023]

Just moved from Sophos to ESET NOD32. It's actually really nice and good support, only on a relatively small network though (800 clients).

Burnsy

 

[a1ex2001]

Sophos here too. Not the best interface, EC3 improved from EC2. Overall good

That was one of the things I liked about sophos in my old place they seemed to be moving forward. My first job when I arrived was to migrate from version 4(Red lighning icon) to version 5 (Blue Shield) the new system was a massive improvement and it seems to have got steadily better and better with regular releases. We only ever had two significant issues one was with I think version 6 (Second blue shield release) when it first came out it would overwrite users cached credentials which caused us massive problems with remote users and the second was a false poitive which caused it to quarantine the executable file for WRQ reflections which was deployed on every machine in our environment. I know the license was renewed just before I left as it was much easier to put up with aa few minor quibles than rip and replace the system!

 

[ethos]

We use NOD32 for the clients and exchange server, but at the moment nod32 XMON isn't picking up any viruses on email...and I can't figure out why

Not a massive problem, but a few have been getting through to the workstation and users crap the bed when they see the big red box even though no harm is done.

 

[bigredshark]

We use NOD32 for the clients and exchange server, but at the moment nod32 XMON isn't picking up any viruses on email...and I can't figure out why

Not a massive problem, but a few have been getting through to the workstation and users crap the bed when they see the big red box even though no harm is done.

Not really a concern, we don't bother scanning mail on the mail servers. It all comes from messagelabs and goes through a gateway running mail marshal (which has yet to see a virus, it's just there for policy stuff day to day).

 

[zetec452]

Symantec seems ok for us but we don't have massive networks (just lots of networks we look after).

They have a new product called End Point Security in which may be worth a trial. The latest enterprise version is 10.2 iirc.

 

[bigredshark]

Symantec seems ok for us but we don't have massive networks (just lots of networks we look after).

They have a new product called End Point Security in which may be worth a trial. The latest enterprise version is 10.2 iirc.

To be honest we won't be looking at any special features, it's only for the server farms and it's largely pointless. AV on the servers has never detected a virus, the main entry point for viruses (email) is pretty well sealed separately and no CDs/memory sticks etc ever get connected directly to production servers.

We put one of the test viruses on there once every few months to check it's still functioning but thats all it ever does really. So all I care about is ease of deployment (not even that so much, it'll get integrated into the install routine rather than being network deployed) and management.

 

[Deanje]

We put one of the test viruses on there once every few months to check it's still functioning but thats all it ever does really. So all I care about is ease of deployment (not even that so much, it'll get integrated into the install routine rather than being network deployed) and management.

Out of curiousity, how do you test for virus'?

 

[m4cc45]

Symantec is the one I would go with. We originally trialled McAfee and had no end of troubles. We had three McAfee engineers on site for a week trying to sort out the deployment and no joy. Then when we had to remove it, it was a nightmare.

We eventually moved to Symantec. It was a breeze. We had three distribution servers and all worked fine. Console isn't the greatest but it works well.

Moving comanies we were a Sophos reseller and I don't like the product. It looks nice but (as I've just said in another thread funnily enough) anything that turns off server side scanning by default is scarey the deployment method isn't that nice either - it does work but not as well as it should. It also uninstalls the program on updates as well which, again, leaves you without any AV for a few seconds which is more than enough if someone is copying items off there memory stick.




M.

 

[bigredshark]

Out of curiousity, how do you test for virus'?

There are some test viruses around which are standardized. Essentially they're in all the virus definitions from all the vendors, but they're harmless and do no damage. EICAR is the one which most people use, just dump in on a share or something and see how long your AV takes to notice...

 

[RSR]

Ive just built a Sophos demo sever that i am trailing this week and soo far i am very impressed with it. It seems to be more informative then symantec and also the polices area very good idea.

Does any one uses the firewall on there? Ive also got a demo verison of Sophos NAC has any one used this and what are there opinons on it?

Does any know how much network traffic Sophos generates? Ive not had a chance to put wireshark on it it.

Andy

 

[Deanje]

There are some test viruses around which are standardized. Essentially they're in all the virus definitions from all the vendors, but they're harmless and do no damage. EICAR is the one which most people use, just dump in on a share or something and see how long your AV takes to notice...

Thanks for that.

 

[m4cc45]

Ive just built a Sophos demo sever that i am trailing this week and soo far i am very impressed with it. It seems to be more informative then symantec and also the polices area very good idea.

Does any one uses the firewall on there? Ive also got a demo verison of Sophos NAC has any one used this and what are there opinons on it?

Does any know how much network traffic Sophos generates? Ive not had a chance to put wireshark on it it.

Andy

NAC is horrible to configure. The documentation with it is just plain wrong in places. It does what it says on the tin but the GUI is not the nicest thing.

You can also deploy policies with Symantec.



M.

P.S. Did you notice that on your servers that the A/V isn't actually doing any real time scanning (grey shield)?

 

[matja]

They are but we have 10Gbit dark fibre so it's not too much of a concern...

Since when was dark fibre able to sync at any speed...

 

[teaboy5]

We have trend, but to be honest i dont like it.

We have it on 4 sites, but there doesn't seem to be a central control servers for it.

For example say i want to set the desktops to do a scan at 3pm, i have to make this change on 4 different servers.

 

[King Arthur]

we use f-secure at work and it works well, mean to be much better than Sophos, Symantec etc etc

Take a look here at the windows and linux versions

http://www.f-secure.com/enterprises/solutions/file_services.html

This link is info on the windows version, which has won some of awards

http://www.f-secure.com/enterprises/products/fsavsrv.html

Phil

 

[morfmedia]

I manage McAfee on 4000 desktops / laptops and around 800 servers with little hassle. Could be better but its not too bad apart from occasionally having to rebuild the master repository....

 

[BoomAM]

We use NOD32 everywhere here, servers & desktop.
Great central management features.

 

[Dangerous]

Endpoint is alright but management is hit and miss so we moved to CA - Only had it couple of weeks at the moment.

 

[sidethink]

Sophos is more than ok for AV and even malware control.

If you want an easy life stay away from SEP11 for a bit - it looks great on the surface but there are a few reasonably serious concerns over its footprint and performance. 3 major maintenance releases in 3 months is a bit steep.

We've been a Symantec house for 5 or 6 years and have 85000 machines to manage - seriously hacked off with Symantec at the moment.

 

[crestj]

We've been using EPOv4 for our servers (2500+) for years. Used v3.6 before that.

IMO its been perfect and highly customisable