Antivirus

USMCGrunt

2[H]4U
Joined
Mar 19, 2010
Messages
3,103
Curious to know what kind of antivirus you guys are using in your corporate environments. We are using Symantec Endpoint in a couple networks but it seems to be doing very little in the way of actually catching viruses on one of the networks and it's requiring a lot of manual intervention with other antivirus applications. They have gone through and verified that the end clients are being updated and that it's functioning properly. I just don't see that being what the larger corporations do and was wondering if there is a better more effective product out there.
 
We use Sophos and see very few infections. It does slow down the workstations a lot, but it's better than Symantec/McAfee endpoint.
 
Most of my clients use Sophos. It's pretty reliable, easy to use, has lots of features for centralized control. In general I find it less intrusive than other corporate packages. With that said, we did have some performance issues with it. One part of its "end-point" security package is a tool that monitors windows updates. On some systems this tool malfunctioned and used 100% CPU. Despite being a known issue for a while there hasn't been any fix and we simply disable this tool. Not the end of the world, but kind of annoying that a known issue for years has gone unfixed.
 
+1 for Vipre in the business environment.

I have hundreds of seats, works like a champ.
 
Vipre here..moved some customers from Eset to it...great so far...think the last customer will move soon...they got the FileCrypter Trojan today, Eset picked it up, but it was too late..Im still restoring files..
 
At work I've used Kaspersky, SCEP, and Trend Micro Officescan.

Of those three I'd pick Kaspersky. Detection wise it's not a whole lot better than Trend, but it doesn't seem to slow down the systems as much, plus it has better network/web protection. SCEP integrates nicely (say with WSUS), but like MSE it has poor detection rates of new malware.
 
I DO like what Vipre presents on their site, I've sent a recommendation for Vipre to my boss, see what he has to say. The network that's been attacked a few times belongs to a city hall so it's subject to more attacks than many networks of its size. They've been hit with cryptolocker viruses 2-3 times now and I know this last time they didn't have backups for one of the infected machines so a lot of data was lost. I also know this last time, the attack came from an attachment in a phishing email. Seems like email scanning would be something that SEPM would do but I guess not, or at least not in version 11.x.
 
We used to use Symantec. After a weird issue with users no longer being able to connect to the database we replaced it. Now running Sophos, which although not the best it works better then symantec.
 
I DO like what Vipre presents on their site, I've sent a recommendation for Vipre to my boss, see what he has to say. The network that's been attacked a few times belongs to a city hall so it's subject to more attacks than many networks of its size. They've been hit with cryptolocker viruses 2-3 times now and I know this last time they didn't have backups for one of the infected machines so a lot of data was lost. I also know this last time, the attack came from an attachment in a phishing email. Seems like email scanning would be something that SEPM would do but I guess not, or at least not in version 11.x.

This just sounds like the network is setup very poorly. Really the only time people get infected by crap in a business environment is because of poor network management and lack of training / awareness. And if people are getting infected they have to much free time :D
 
We use Quick heal Endpoint Security 5.3 at work. Its pretty good and covers the 8 systemes we have at our premises.
 
Trend Micro WFBS (8.0 currently though will be going to 9.0 soon).

So far, 0 problems since we started using it about 4-5 years ago.
 
We use Vipre on hundreds of workstations. It's MEH (which I sadly think is about the best you can expect).

It has so-so detection rates (it catches the common stuff), OK management (with some awesome bugs where you eat 2, 3, 4, ++ licenses with one system sometimes - though they aren't strict on the license numbers, so there's that), light touch on Windows (but total pile of crap on OSX), occasional false-positives (say 1-2 times a year) will totally wreck your day when every copy of Photoshop (or whatever other major program they fail to test for) is quarantined, It can't get rid of some of the more pervasive malware (IE Conduit - it can't seem to detect the installs but it sure can remove the same files every full scan and report on it), and we occasionally have it crash (along with DCOM and by virtue the system) but we're not sure if it's a chicken or egg problem with DCOM or Vipre starting the cascade but it's pretty rare and we can't blame Vipre yet.

All in all, it's the best we've used... That's not saying much though. Major selling points: Cheap. Saves more time than it costs. Reasonable management interface and deployment.
 
+1 for Viper.

Also, what is your email solution? in house hosted or somewhere else?

I have GFI Mail Essentials 2014 on my Exchange 2013 and between that and Viper, *knock on wood* no infections yet from emails.
 
I've recently switched from ESET to Kaspersky because of a better partner program. The protection seems to be similar. I would give the KAS console a slight nod over the ESET one, but the initial install/update for KAS seems to be huge in comparison. Takes forever for branch offices. I haven't played with it enough to see if I can slim it down, though.
 
Back
Top