Business/Corporate/Enterprise anti-virus/anti-malware

[HDClown]

What is everyones preference for business/corporate deployed anti-virus/anti-malware? I've used the following products, all the most recent versions available of the corporate/business/enteprise product: Symantec, Trend, McAfee, ESET NOD32. I've alo used Sophos, but that was about 3 years ago. Also used Webroot Spysweeper in terms of a dedicated anti-malware product.

A few that I'm interested in knowing some more about are Kaspersky and VIPRE Enterprise. Anyone have experience with them in the centrally controlled corporate environment?

I want to learn more about Kaspersky especially as their engines are used in a lot of products which take multi-engine approach, and their windows client has the basic stuff (anti-virus/anti-malware/e-mail protection) plus some things that are not in cetain other clients (desktop firewall, and web protection).

Also looking for other recommendations.

 

[vischo]

Sophos user

 

[Berg0]

I have used symantec, Kaspersky, Sophos and currently using ESET. Would say that I like ESET the best so far. it's lite on the resource usage and good central management and deployment.

 

[capnstabn]

I prefer Kaspersky.

 

[TechieSooner]

+1 on Kaspersky?

The guy suggested ESET... lol... READING FAIL!!!!!!!!!!!


At any rate, I use ESET right now myself, too. Even though it's gotten a little heavy and not as cutting edge as what it once was, it's still the best all around...

I've not done much research on it, but Microsoft's Forefront Security looks appealing, too. When my ESET sub comes due next year I may be looking at them.

 

[calvinj]

Symantec End Point 11.0.04 with only Anti-Virus and Spyware Installed. Left out the firewall and network threat protection. Runs well on 180 machines and over 15 servers

 

[Berg0]

+1 on Kaspersky?

The guy suggested ESET... lol... READING FAIL!!!!!!!!!!!


At any rate, I use ESET right now myself, too. Even though it's gotten a little heavy and not as cutting edge as what it once was, it's still the best all around...

I've not done much research on it, but Microsoft's Forefront Security looks appealing, too. When my ESET sub comes due next year I may be looking at them.

I use forefront for our mail scanning on exchange 2k7. works well, and uses other vendors scanning engines. Uses 5 or so simultaneously, but don't quote me on that, as it's been a while since I drank the marketing kool-aid.

 

[HDClown]

Forefront for Exchange is Sybari Antigen under the hood, which has always been one of the BEST Exchange A/V products. MS purchased Sybari and re-branded it into the Forefront products. So yes, it's a great product.

As for the desktop software (One Care/Forefront), I haven't played with it yet, but I'm unaware of MS buying any other desktop/file server AV companies, so it's probably their own ground-up product, and that makes me not interested.

 

[HDClown]

How is NOD32's malware capabilities? The one site where I admin NOD32 also has Webroot Spysweeper installed, so I don't have good representation of NOD32's capabilities by itself.

 

[TechieSooner]

As for the desktop software (One Care/Forefront), I haven't played with it yet, but I'm unaware of MS buying any other desktop/file server AV companies, so it's probably their own ground-up product, and that makes me not interested.

Well, they're nixing the OneCare stuff though, and bringing the Forefront engine to the client side.

Which, again, once they get this "All In One" deal figured out, it might be a very plausible tool.

How is NOD32's malware capabilities? The one site where I admin NOD32 also has Webroot Spysweeper installed, so I don't have good representation of NOD32's capabilities by itself.

Pretty good. I mean, it's got generally one of the best detection rates.

I had two malware intrusions in two months with NOD32 though, MalwareBytes took it right off and NOD32 didn't bat an eye. So like I said, my faith is dwindling, but there's really nothing inherently better at this point that would make me switch.

 

[HDClown]

Malware is far ahead of the curve of every major company selling anti-virus/anti-malware products. something like "Anti-Virus 2009" and malware that uses similar technology is generally not detected by anyones engines.

MalwareBytes and ComboFix are now defacto parts of my toolkit for business environment. If the guys at MalwareBytes would bundle MalwareBytes with a central mangement console, i think they could make some serious sales.

I don't understand why one of the big companies hasn't hired up the developers of ComboFix or MalwareBytes to integrate their detection/removal capabilities into a mainstream product. Desktop level anti-virus is more about anti-malware these days than viruses IMO.

 

[TechieSooner]

If the guys at MalwareBytes would bundle MalwareBytes with a central mangement console, i think they could make some serious sales.

I'd concur. I'd buy today.

 

[YeOldeStonecat]

I had two malware intrusions in two months with NOD32 though, MalwareBytes took it right off and NOD32 didn't bat an eye. So like I said, my faith is dwindling, but there's really nothing inherently better at this point that would make me switch.

I have many many clients with Eset...now and then some of the new vundu variants do slip past it. These rogue trojans are being released with 4-6 new variants per day....and it slips past every other antivirus out there...I have clients on other AV engines and they get zapped too. I've seen it slip past Avira, Kaspersky, Trend, Sophos, AVG (lots slips past AVG), ...

At the clients where I've put Untangle as their UTM appliance/firewall...I've noticed greatly reduced infection rates by these rogues. And if one does manage to "bite" a machine..it's not a big bite, seems to barely get a toehold and then I believe Untangles block list prevents the rest of the rogue from being downloaded/installed.

 

[YeOldeStonecat]

If the guys at MalwareBytes would bundle MalwareBytes with a central mangement console, i think they could make some serious sales.

.

I'll drink to that! True.

 

[HDClown]

Does NOD32 have web malware filtering? I don't recall off the top of my head

 

[TechieSooner]

I have many many clients with Eset...now and then some of the new vundu variants do slip past it. These rogue trojans are being released with 4-6 new variants per day....and it slips past every other antivirus out there...I have clients on other AV engines and they get zapped too. I've seen it slip past Avira, Kaspersky, Trend, Sophos, AVG (lots slips past AVG), ...

That's one thing I failed to do, I failed to download AntiVir and see if it caught it.
All I know is that MalwareBytes removed it, and it's not even doing the same deep-level checking that NOD32 does. So, why the hell can't ESET catch it?

At the clients where I've put Untangle as their UTM appliance/firewall...I've noticed greatly reduced infection rates by these rogues.

I've always ran that. My network is pretty clean. I think my problems are people that download shit online.

 

[YeOldeStonecat]

So, why the hell can't ESET catch it?

I dunno.....I agree though, MalwareBytes seems to be the best at keeping up with these rogues. It does make you wonder..."If MWB can do it, why can't antivirus companies keep up?" Because I see these rogues slip by every brand out there.

I'm hoping the fact that many AV companies are jumping onboard with this "cloud technology"...with almost constant updates...that we'll see some improvement here.

 

[TechieSooner]

I don't know, either. But all I know is if stuff keeps slipping past NOD32, and the client keeps growing in size, I'll be jumping ship next year (Assuming there's something good by that point. I've got high hopes for Microsoft's new anti-virus).

 

[YeOldeStonecat]

I've got high hopes for Microsoft's new anti-virus).

Me too.....it's been doing very VERY well at AV-Comparatives

 

[marley1]

I have the MS one running on my machine to test, its taking 10megs just idling =)

what i would like is a server/client version of this depending on how it works.

generally the profit margin on an all MS setup would be great so I can make more moeny.

and plenty of stuff slips through MBAM.

antivirus + combofix = golden

 

[kevinzak]

. If the guys at MalwareBytes would bundle MalwareBytes with a central mangement console, i think they could make some serious sales.

They'd have me as a customer, that's for sure.

I'm also very excited to test Microsoft's new AV. As YeOlde said, the AV Comparatives results look promising.

 

[joblo37pam]

If MWB can do it, why can't antivirus companies keep up?"

This has had me puzzled lately, too. Don't get me wrong, it's been good for business, but when I sell an antivirus package as 'the best available', and the client comes back a week later, it looks bad. Nevermind their browsing habits, it still reflects poorly on whatever AV package I sell them.

For my business clients, it's not as big of an issue, because I can get tougher with OpenDNS/Untangle, etc. Home users are a different story. I generally try not to interfere with them if possible.

 

[HDClown]

My action pack subscription includes Forefront Client Security licensing, so I'm going to give it a whirl on one of my VM's. I'm not a fan of it being subscription only personally. Many products you license and renew support. Even if support expires, you can still get updated definitions and be covered. Not the case with pure subscription model. And since it's volume license, I doubt there is a "competitive upgrade" option. I'll have to get some pricing for giggles.

You can change A/V products every year, they all usually leapfrog each other as the years go buy. It's too much time and money to change in the business world on a yearly basis. Even though McAfee has some issues I don't like, overall, it gets the job done, so I stuck with it for the past 3 years. As of late however, they have become very poor with basic updates taking forever, and I'm fed up with it, so I want to switch. They have also gotten even more resource intensive which is not fun on many of my aging systems. It's all about compromises at the end of the day. No one has a perfect product, nor will anyone ever have the perfect product. With much of the worst stuff coming in over the web, the filtering at that level becomes more important, and a lot of companies don't include the web filterng level.

Hasn't been much commenting on Kaspersky. Anyone who uses that care to comment? Otherwise, NOD32 may be the way to go. Their pricing is high however, so unless they offer a competitive upgrade option, it may be cost prohibitive.

I'm going to do a web demo of VIPRE Enterprise this week or next, it looks and sounds very interesting. Sunbelt's CounterSpy Enterprise product has gotten a lot of good press, and VIPRE has the CounterSpy technology in it. Sunbelt is still not very known in this segment though, so it's hard to find good info.

 

[TechieSooner]

I have the MS one running on my machine to test, its taking 10megs just idling =)

20% of what NOD32 has become.
And the new revamped Norton uses only 8MB when idle.

So again, Eset has been sitting on their asses lately. I just hope Version 5 is a brand new package.

 

[Vorex]

Enterprise McAfee offerings are great--ePO really does a great job.

 

[dbwillis]

I have one home office customer on the VipRe as well as my wifes laptop, its easy to use, easy to setup, doesnt pester you with pop ups/prompts, etc and doesnt hog the machines up.
when the home office guy is up for a license renew, I might try to get him to the version with the central management console (he added a few machines that came with 15 mo McAfee)

 

[YeOldeStonecat]

Hasn't been much commenting on Kaspersky. Anyone who uses that care to comment?

Years ago when I became tired of Symantecs Corp Edition for our business clients (right around version 9...and I absolutely detested version 10)..I started looking for a replacement as for my AV product of choice. I was looking at AVG, Trend, and Kaspersky...and fiddled with them. I found the management console of Kaspersky pretty good...typical I guess of most management consoles. I climbed onboard with Eset at that time as a reseller, because back then they were at version 2.5 and it was very light and they were tops in their game. The management console for Eset is a bit more..."daunting and overwhelming" compared to other brands management consoles, but it allows so much more granularity. Back at that time Kaspersky was very heavy on the client side...which was my primary reason for not going with it. It had a reputation of slowing PCs down more than average. As a note...they have gotten substantially lighter over the past few years.

I disagree about Eset being priced much higher...if you're interested in a quote, PM me with your network info...and I'll give you a quote. Number of servers, number of clients, number of Exchange mailboxes if any, and if you're non-profit/education/gov't or not.

 

[HDClown]

Enterprise McAfee offerings are great--ePO really does a great job.

McAfee has been doing a piss poor job with false detections. They even flagged a core windows file that would caused BSOD!! They are starting to tick off a lot of folks and I'm ready to dump them after 3 years. McAfee is the only player in town for HUGE deployments IMO (I'm talking 10k clients up to 50k clients) because nothing else scales as well as ePO, but I'm only 100 clients, so I can go anywhere.

I love the configurability and reporting of ePO, but they have one of the fattest client these days. Uptime on my Vista SP2 box is about a week now and I have VirusScan 8.7i Patch 1, with Anti-Spyware, and mcshield.exe is at.... 129 megs!! There are some serious CPU hogging issues during heavy real-time scan actions as well. I just can't live with the crap anymore.

 

[Vorex]

85k clients on our deployment, we've never seen BSOD for flagging some core windows file. McAfee may be a hog but they greatly out performed all the other big players during our POC.
mcsheild idles at 260k for me...

 

[HDClown]

With 85k clients, there really is no other option outside of McAfee with ePO. You can't effectively manage a deployment that big with anything other than ePO IMO.

VirusScan 8.7i Patch 1 with a certain DAT file caused the BSOD. It was very hit and miss. I think it was localized to selected 64bit versions of XP (based on reports I saw on some mailing lists).

But, McAfee has lagged far behind in detection for malware, and other issues like slow DAT releases, DAT files getting huge in size, and random other things. There are some LONG time McAfee users on a few mailing lists (I'm talking 10+ years) who would switch in a heartbeat, but their deployment are too big to loose ePO.

 

[marley1]

Can we discuss the Forefront model that comes with the Actionpack? Has anyone used it? What does it requre as far as the server? Will it work on 32 bit?

How is deployment? How is management? How is resources?

I have a client that would be willing to test it and may be a good experiment for me to report back.

Thanks,
Dan

 

[HDClown]

MAPS includes 1 license with 10 CALs for Forefront Client Security. I don't really know anything beyond that.

Reading the Forefront site, there are 3 Servers: Mangement, Database/Collection Database, Reporting. You can combine into one server, and I assume you can use a pre-existing SQL server for the Database portion.

From the Forefront site: "Microsoft Forefront Client Security is designed to protect Windows 2000 SP4 or later, Windows XP SP2 or later, Windows Server 2003 SP1 or later, Windows Server 2008, and Windows Vista SP1 Business, Enterprise, and Ultimate editions (x86 and x64)."

For the server components, 64bit is not a requirement. It must be server 2003 SP1 or Server 2008.

There is separate licensing for the Management Console, so I don't know if that's included with MAPS. The software media includes both client and server, so I assume the "1" license is the server, and the 10 CALs is then for deployed agents.

MS lists Forefrnt as for medium-to-large business, but price wise, the estimated are a little under $13/user or device, and $98 per server. That makes it cheap enough for small business.

I'm bringing my media to work to setup a pair of VMs to play with it. I'll let you guys know how it goes.

 

[marley1]

Yeah let me know, maybe some screen shots of the installation, to see how it goes and how to deploy them to workstations.

I would imagine the ActionPack has it all that is needed

 

[marley1]

Says it needs SQL 2005 Standard or Enterprise, so thats another expense as that isn't free right?

 

[TechieSooner]

Says it needs SQL 2005 Standard or Enterprise, so thats another expense as that isn't free right?

Yea, for a processor license, SQL is like $3K

 

[HDClown]

I don't see why you couldn't install it on SQL 2005/2008 Workgroup edition, which is a little bit cheaper, or even Express. I suppose if the installer does a version check you would be stuck. Workgroup supports unlimited DB size but only 4GB of RAM, so perhaps this is why MS says it's not supported. They are expecting miid-to-large implementationa and 4GB of RAM may not be enough.

Express has a 4GB DB size limit and 1GB RAM limit, which is probably going to be way to small and anemic for the intended deployments by MS, but for a small business, it would likely be adequate. But it would all come back to if the installer does a version check or not.

PS - SQL Standard is about $5k per processor licenses, and that's without SA. SQL Workgroup is in the low $3k range.

 

[mryerse]

I like Symantec for it's reporting capabilities. Has anyone used SESA?

 

[HDClown]

Well, I'm not going to bother with Forefront Client Security. It's going to take way too much involvement to lab it it. It's designed to be installed into an AD domain and I just don't have the time to get the environment setup. Reading through the documentaiton, MS has no intention of this being used in a small business environment either. It's pretty heavier all the way. Perhaps they'll come up with a lighter version in the future that will be worth looking into for smaller deployments.