Anti-Malware for business

X

xtox

Limp Gawd
Joined
Jul 8, 2004
Messages
242
The company I work for use Symantec Endpoint exclusively for AV for all customers. However as most will know it's no good for anti-malware and stopping other rouge software. Everyone seems to think it is normal for malware to strike and then running malware bytes to get rid of it and call it a day, I'd love to know a better and more proactive way of fixing this problem.

What are you guys bundling with your chosen AV or what edge devices are good at filtering this stuff (no open source please)?

EDIT : No open source with no support options I should say.
 
i asked this a while ago, doesnt seem to be anything to good in this. mbam has a realtime scan with corporate licensing but i heard it wasn't too good at real time
 
I've had a noticeable drop in malware problems at clients that I've used Untangle at. Untangle is a UTM appliance, can act in transparent bridge mode..or as the edge router. I use it as the edge router at clients.

The free version has antivirus scanning (ClamAV) as well as an anti spyware module which is a combination of a lot of different components. There's a pay for add-on, Kaspersky.

At clients I've used it at, I really do have less problems. And..if a workstation gets bit by a rogue...it doesn't seem to get much into the system, very quick 'n easy to clean up. It's like..if a little bit gets through, the rest of it seems to get blocked from installing.

All other things are usually pretty much the same at all my clients, Eset antivirus at them all.

Another thing I do at all clients, is I use OpenDNS for their DNS forwarders. If any peer to peer networks..just set the OpenDNS servers for the routers DNS settings. For most of my clients, they're on active directory, so I set OpenDNS servers for the DNS forwarders. OpenDNS blocks resolution of known malware distribution sites, it's a constantly updated list. Your computer cannot download and run what it cannot resolve.

Also maintain your Microsoft Updates. And get to IE 8 if you can, it's bigtime much more secure.

Keep Java and Adobe Flash updated, as well as your PDF readers.

Layers of protection where you can. Obviously no one solution is a 100% guarantee..but if you utilize several layers of protection..the sum of them ends up being quite a help. ;)
 
your best bet is to protect the network with a web/malware filter such as astaro, ironport or untangle. then protect the client with a decent malware client like ESET NOD32. most of your problems with infections will go away if your endpoints can't go places they shouldn't or load web ads.
Posted via [H] Mobile Device
 
You really can't go wrong with a multilayer defense setup. Untangle will be your cheapest option followed by Astaro and then Ironport. Try to stop everything at the edge and then let your anti-virus take care of anything that gets past. OpenDNS is also your friend as YeOlde pointed out. I really can't say anything else since he hit all the relevant points. :)
 
Lock down workstations so users can't install random crap? That means we in IT sometimes have to install plugins for webinars and stuff for users, but it also means they aren't installing 20 toolbars and untold mountains of malware. We do also filter web and email, so that stops a lot of it from even getting through in the first place too.
 
You must log in or register to reply here.
Back
Top