What corporate antivirus?

D

Dale_tem

Suspended / Banned
Messages
2,839
Name
Dale
Edit My Images
Yes
Not the normal question on here, but thought I would ask those who work in IT.

What AV do you use at work and is it (a) effective (b) easy to use

I do not want Sophos, McAfee or Symantec

Looking through...

http://www.av-comparatives.org/wp-content/uploads/2014/10/avc_cor_201409_en.pdf

I like the sound of Bitdefender (even thought it killed our network 6 years ago due to firewall drivers on local machines) and F-Secure (never used) as they have cloud-based consoles

So any comments on any of the commercial AV offerings?
 
Sophos :D

Pluses: easy enterprise management, support is actually pretty good, detection rates aren't too bad, low false positives, not too resource intensive, Mac version available, client control options etc

For what it's worth before it got renewed I wanted forefront, but in hindsite with Mse detection rates being poor these days we got the lesser of two evils.

For what it's worth #2 I run avast on my work machines :p
 
Last edited:
We have had lots of support issues caused by Sophos, so not touching that one.

We have under 10 machines so use MSE at the moment, but just got hit by a dodgy email from Essex Council on one of the machines and MSE completely missed it.

Just need to find out about notifications, ESET links in with Pulseway monitoring which we use which is a bonus.
 
Interesting, if there's one thing good about Sophos it generally sits there and chomps away doing it's thing without any fuss.

A few of the enterprise console updates weren't straight forward but no biggy.

Oh well, I'm out :D
 
Hate Bitdefender after it frequently killed our servers and other client, Sophos was pretty good especially if you have the need for encryption as its easy management, however I've used ESET for years and had minimal issues, the management has been rock-solid and providing you know how to configure AV then its detection rate is good.

I'm of the opinion that the use of gateway AV via a UTM and a hosted anti-spam/av solution like Microsoft's EOP will significantly reduce the risks and should be considered for all enterprises/SMB's
 
BTW, we are Sophos and ESET partners so if you want any indicative pricing or further information I'd be happy to assist if needed
 
Cheers

We currently have a Sonicwall, but changing over to Smoothwall soon. We also use Office 365 so don't need to worry about scanning an exchange box.

PM on its way...
 
Used to use F-Secure at work before I retired. Never had a problem with it.
 
Dale_tem said:
Cheers

We currently have a Sonicwall, but changing over to Smoothwall soon. We also use Office 365 so don't need to worry about scanning an exchange box.

PM on its way...
Click to expand...

The smoothwall appliances have ClamAV built-in and although it may not be as comprehensive as some UTM's the granularity of the content-filtering and AV make it a formidable solution.

Only problem I had with it was getting applications working through the proxy when using it in NTLM Authentication or Identification mode.
 
i think clam is pretty wide spread on a lot of the hardware UTM and filtering appliances (as they're mostly linux based). trying to think what the 2nd scanner is on the sophos, i think it might be clam too.
 
Depends on how corporate Corporate is.

Security is a multi-layered, it could make life easier when management is consolidated. It could also depend on how updates will need to be distributed, what other Corporate applications you have, what end point security is in place, etc...For a corporate environment I do quite like the IBM Proventia range of products; the signatures provided by X-Force have been very good, timely, and operate very quickly as well both on network security appliances and end-point protection software.
 
Anti-Virus is a PITA.
I've experience with Symantec's Endpoint Protection and Bit Defender's cloud whatsit.

Symantec was a b****r to get working on a Windows 2012 Server - but it transpired the server was mis-configured. The software's failure mode didn't really offer any clues. Once I resolved the issue on the server, all was well. Deployment to clients was fairly straight forward and non-intrusive. Management interface was reasonably good. And there wasn't any of this cloudy nonsense. As much as I generally despise Symantec, I can't really fault it.

This time around, Bitdefender was chosen. Mainly because it scores highly for performance and detection. And we needed the cloudy nonsense for remote workers who seldom visit site. I'd personally have preferred to get them connecting the the VPN periodically to get their virus definitions rather than rely on a cloud dashboard talking directly to each external client and via a relay for each internal client. Persuading a sales team to dial into the VPN just for that though would have been a no go.

As JP (dejongj) says, it depends on your situation. We don't run it on servers - they are very closely monitored and protected behind a firewall and IDS. We'd detect any increase in average load, IO, network traffic very quickly - and I feel that's better than introducing software that behaves like a virus into strictly controlled environments. The biggest threats (in terms of malware) are workstations and end users. That's where products like Bitdefender come in - it's alerts have proved very useful in preventing further infection.
 
Just an update

I finally decided to go with ESET. This was mainly due to working with Pulseway (Mobile PC Monitor) so I get alerts through to my phone through the app along with all my other alerts.

Why is antivirus still struggling with user interface?? I have used so many over the years and I would of thought they would of got it better by now. Simple things seem foreign to them. With ESET you setup the Remote Administrator, load your license in, setup the user ID and password for updates and it is installed. Send out to the first computer and it works. Send out to the rest and then find out that it hasn't included any license information, no user ID etc. for updates and isn't setup to communicate with the server that has just installed the client. Now I have gone through the policy configurator and set it all up. I then found the default policy and it is all taken care off.

Why do the corporate antivirus not come with any default scanning set up? They all come with either no protection turned on or only realtime. You have to go 5 levels deep into the policy to find the section to set a schedule scan (found this out via google).

There is so much they can do to make life easier!

It is setup, scanning everything on the network and found 3 infections that Security Essentials missed. Setting up the remote laptops tomorrow which should be a doddle now I have worked out all of the above.
 
You must log in or register to reply here.
Back
Top