• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Server AntiVirus software

F

fattmarrell

n00b
Joined
Feb 6, 2006
Messages
60
What is everyone using these days? I've never been a big fan of symantec products, but their original server AV was nice and lightweight. Looking for something effective yet doesn't hog system resources.
Tried doing a search but didn't pull much up.
 
I don't ,know if I can speak for "Everyone"...but "many" of us around here prefer Esets NOD32...I'm using their EAVB 2.7 on my clients servers.
 
I've always been fond of nod32, but recently it's seemed to get a bit bloated for my taste, I think that's when it hit 3.0 and now 4.0.

Seems 2.7 is still available from their site, thanks for the input :)
 
Some clients are symantec 10.2 and others are 11.. I have to say that I'm not a fan of SEP
 
NOD32.

Like an above poster said, its footprint is going. Yea, granted 45MB isn't that big, but come on... When the new revamped Norton is getting 8MB??????

I must say, I think I'm only going to renew NOD32 at 6 months or a year this next time to see how Eset plays out. If they keep increasing the RAM usage then I very well may make a switch to Symantec.
 
I'm a huge fan of ESET NOD32 , even the newer, more bloated versions.

Unfortunately I also have to use a lot of Symantec Endpoint Protection as well. It's better than SAV 10.2 but it still sucks.

I'm curious about Viper Enterprise. Looks good but I haven't had time to demo. Supposedly they give you a free home use license if you demo their new enterprise offering.
Posted via [H] Mobile Device
 
Symantec endpoint w/ only the AV portions, untangle UTM as my router.

I'm happy with it.
 
We use SEP 11 MR4 MP1. Currently have it running on 2 hosted servers servicing about 450 desktops and 75 servers across 20 or so SMBs. We love it. It's dropped spyware issues to 0 for our clients. We can manage all of our MSP clients in a single central console. Upgrading them is a pinch. Deploying new clients takes minutes.

We use the full suite, firewalls and all. It's pretty sweet being able to fully manage so many systems on separate networks with AV/AS and firewalls. The location based awareness for the SEP firewalls is also much easier to manage than the Vista firewall with GPOs (requiring users to have to pick the location is crap, glad they fixed that in 7)

I really couldn't be happier with it. And the pricing is great. We simply give it away for free with every contract. Ends up costing us on average about $0.80 a month per node.

We also deploy CounterSpy and Spybot in a managed fashion. All of that coupled with a SonicWALL with full Gateway Security Services and it's a tight little secure package for an SMB.
 
I will say... NOD32 slipped up a blatantly obvious case of the Antivirus 2009.
This variation called itself "Personal Anti-Virus". Installed BHO that I couldn't get rid of (even running in no-addons mode), MalwareBytes nuked it though.
 
Seconding Vipre. If you get the site license (something like $40) you can use it on an unlimited number of Windows desktops, laptops and servers.
 
what is everybodies opinion on clamwin i currently use it because its free (home server not work)
 
Yakyb said:
what is everybodies opinion on clamwin i currently use it because its free (home server not work)
Click to expand...

It doesn't do active/resident scanning. As long as you scan everything prior to running it, it's not bad.
 
I personally wouldn't use a free AV product like that myself.
If I want to chew out someone (My Eset rep) about why NOD32 missed a virus or otherwise didn't do something correctly, I have that option ;)
Can't do with free versions.
 
I use ESET, i'm a reseller so is YeOlde, but prices are about the same from ESET directly especially when paying with credit card =(
 
TechieSooner said:
I will say... NOD32 slipped up a blatantly obvious case of the Antivirus 2009.
This variation called itself "Personal Anti-Virus". Installed BHO that I couldn't get rid of (even running in no-addons mode), MalwareBytes nuked it though.
Click to expand...

I had this happen recently. I was embarrassed because I fought tooth and nail to get it in here over symantec. Oh well, I just pulled out the "nothing is 100%" shtick. :p
 
what did you have enabled?

Potentially Unwanted and Potentiall Unsafe?

Version 4 on the clients?
 
Both, iirc, but it was only version 3. We've yet to have shutdown time to deploy 4.
 
marley1 said:
what did you have enabled?

Potentially Unwanted and Potentiall Unsafe?

Version 4 on the clients?
Click to expand...
Mine? I have that disabled. I've actually had some of our apps (like our internal IM application) stop working with that setting turned on.

Inf0 said:
I had this happen recently. I was embarrassed because I fought tooth and nail to get it in here over symantec. Oh well, I just pulled out the "nothing is 100%" shtick. :p
Click to expand...
Same thing ESET told me.
I complained how painfully obvious it is ("Personal Anti Virus"? Come on now...) and that MalwareBytes found it in the first 10 seconds of the scan.

Of course they'd respond as expected (Well it's not 100%, and I can give you plenty of examples where MalwareBytes has failed, etc).

Inf0 said:
Both, iirc, but it was only version 3. We've yet to have shutdown time to deploy 4.
Click to expand...
Shutdown time? Heck I deployed 4 in the middle of business. Silent install FTW.
 
TechieSooner said:
Shutdown time? Heck I deployed 4 in the middle of business. Silent install FTW.
Click to expand...

No, no. I mean production shutdown time. We're 24hour manufacturing. As in, I get 20 minutes to go eat a day and hope I dont get called more than twice at night.

I'm going to overhaul the whole RAS to the new version, but it takes time I dont have.
 
Valnar said:
We have Vipre on our desktops but had to remove it from our servers. It slowed them down too much.
Click to expand...

I had avg8 on some server, and removed it in favor of vipre, runs much better than AVG8 at least
 
Inf0 said:
No, no. I mean production shutdown time. We're 24hour manufacturing. As in, I get 20 minutes to go eat a day and hope I dont get called more than twice at night.

I'm going to overhaul the whole RAS to the new version, but it takes time I dont have.
Click to expand...
Dang and you don't have other employees???

Valnar said:
We have Vipre on our desktops but had to remove it from our servers. It slowed them down too much.
Click to expand...

Ouch. NOD32 doesn't slow it down except when it does a scan... Which ESET suggested never doing full-in-depth scans on servers to me, that the main culprit you need to watch on a server is the operating memory.
 
we use trend at work. It isn't too bulky and it take about four hours to get a beta release for file submissions, and another four to get the official pattern release.
 
Captain Colonoscopy said:
I'm a huge fan of ESET NOD32 , even the newer, more bloated versions.

Unfortunately I also have to use a lot of Symantec Endpoint Protection as well. It's better than SAV 10.2 but it still sucks.

I'm curious about Viper Enterprise. Looks good but I haven't had time to demo. Supposedly they give you a free home use license if you demo their new enterprise offering.
Posted via [H] Mobile Device
Click to expand...

I'm not even sure if 11 is better then 10.2. It has caused us nothing but trouble. We had to remove it from a few servers and take them back to 10 because it was fucking up fileshares(08 server) and stopping backup exec on 03 server. One of are clients has been having an issue where symantec gets angry and just starts filling up the hard drives on the workstations. Haven't tried MR4 on them because their license is coming up next month. They are going to be moved to eset at that time.

Viper has a good deal going to get people off other av packages but the email av is pretty expensive through them.

vertices said:
We use SEP 11 MR4 MP1. Currently have it running on 2 hosted servers servicing about 450 desktops and 75 servers across 20 or so SMBs. We love it. It's dropped spyware issues to 0 for our clients. We can manage all of our MSP clients in a single central console. Upgrading them is a pinch. Deploying new clients takes minutes.

We use the full suite, firewalls and all. It's pretty sweet being able to fully manage so many systems on separate networks with AV/AS and firewalls. The location based awareness for the SEP firewalls is also much easier to manage than the Vista firewall with GPOs (requiring users to have to pick the location is crap, glad they fixed that in 7)

I really couldn't be happier with it. And the pricing is great. We simply give it away for free with every contract. Ends up costing us on average about $0.80 a month per node.

We also deploy CounterSpy and Spybot in a managed fashion. All of that coupled with a SonicWALL with full Gateway Security Services and it's a tight little secure package for an SMB.
Click to expand...

I've seen big issues with spyware in endpoint protection. We had a bunch of clients running spyware doctor enterprise next to it at first. In the end we moved away from symantec to other products. Kaspersky has stopped most spyware from hitting the machines although it can't stop av08/09/xp worth shit. Eset has been very good at keeping the machines clean. Most of are clients haven't had an issue since we installed it.

As far as eset goes we have a few clients still running 3. Newer ones are getting pushed to 4.
 
swatbat said:
I'm not even sure if 11 is better then 10.2. It has caused us nothing but trouble. We had to remove it from a few servers and take them back to 10 because it was fucking up fileshares(08 server) and stopping backup exec on 03 server. One of are clients has been having an issue where symantec gets angry and just starts filling up the hard drives on the workstations. Haven't tried MR4 on them because their license is coming up next month. They are going to be moved to eset at that time.

I've seen big issues with spyware in endpoint protection. We had a bunch of clients running spyware doctor enterprise next to it at first. In the end we moved away from symantec to other products.
Click to expand...

I will say that SEP MR4 MP1 is in fact better than 10.2. It's all in how you configure it, if you just do the defaults it will screw up servers and you only EVER install the AV portion on a server, even Symantec will tell you that. The spyware detection is hilarious, though. SEP will detect most malware but in my experience it is completely incapable of actually removing it.
 
yeah im pushing out v4 to workstations and keeping 2.7 on server as per YeOlde recommendation.

now that I got a xml file for the config its easy, few extra steps needed but working good.

I do have to say FUCK ESET Support, fucking horrible. 1.5 hour on phone the other day till I got fedup and left message, and then I got a generic email saying read the KB, told them i wanted call back and nothing still. One time a support guy said in some sarcastic way "try not calling during the day." Horrible support, most of time I can find answer on Wilder or bugging YeOlde =)
 
Captain Colonoscopy said:
I will say that SEP MR4 MP1 is in fact better than 10.2. It's all in how you configure it, if you just do the defaults it will screw up servers and you only EVER install the AV portion on a server, even Symantec will tell you that. The spyware detection is hilarious, though. SEP will detect most malware but in my experience it is completely incapable of actually removing it.
Click to expand...

I have downloaded MR4 MP2 to give it a try but haven't had a chance yet. With MR2/3 we had issues with it even when we installed it with just the av parts. 10.2 had its own problems. We had major issues with it just turning itself off in vista.

The backup exec issues where pretty funny. Endpoint with just AV installed would cause backup exec to stop sending data from a remote server but it would still act like it was running(ie backup exec would not error out). Went through it on 2 sites with symantec. Wasted a few hours trying to get it fixed. Gave up and took the servers to 10.1.7 or whatever the last release of 10.1 was(since 10.2 was for vista). Issues went right away. Can't remember how I got the fileshare issue fixed in 08.

marley1 said:
yeah im pushing out v4 to workstations and keeping 2.7 on server as per YeOlde recommendation.

now that I got a xml file for the config its easy, few extra steps needed but working good.

I do have to say FUCK ESET Support, fucking horrible. 1.5 hour on phone the other day till I got fedup and left message, and then I got a generic email saying read the KB, told them i wanted call back and nothing still. One time a support guy said in some sarcastic way "try not calling during the day." Horrible support, most of time I can find answer on Wilder or bugging YeOlde =)
Click to expand...

Other vendors are no better. Last year we took a church to 08 server and exchange 07 before 08 officially launched. They were ready to go with a new machine earlier then expected and we decided to go with 08 which at the time was only out via volume licensing(08 server for those who don't know soft launched like 4 months before it became available everywhere). Anyway Kaspersky told us their shit would run on 08. The exchange av would not load. I went back and forth with their shitty ass support for a week before they came back and said that 07 was not supported on server 08 yet. By that point I had already loaded an eset trial.

Symantec's support sucks ass as well. In the church's case dell had fucked up the quote and left the symantec exchange agent off. Dell made good on this and gave us a exchange agent backup exec license. When we registered it though it came up with some BS about not needing a serial number. Yea backup exec requires a serial for the agents. We went back and forth with symantec for weeks trying to get this straight. Had to argue with them how they couldn't see the license that was sitting in out symantec account on their site......
 
I must say, lots of good info in this thread...

Captain Colonoscopy said:
I will say that SEP MR4 MP1 is in fact better than 10.2. It's all in how you configure it, if you just do the defaults it will screw up servers and you only EVER install the AV portion on a server, even Symantec will tell you that. The spyware detection is hilarious, though. SEP will detect most malware but in my experience it is completely incapable of actually removing it.
Click to expand...
ESET is the same way. The default AV install will freaking bring a server to a grinding halt (I'm not kidding, either).

You've got to white list a bunch of directories, which I personally think decreases your security, but it's what ESET recommends.
 
We use Trend OfficeScan across all desktops and servers. ~3,500 desktops and ~550 servers.
 
swatbat said:
I'm not even sure if 11 is better then 10.2. It has caused us nothing but trouble. We had to remove it from a few servers and take them back to 10 because it was fucking up fileshares(08 server) and stopping backup exec on 03 server. One of are clients has been having an issue where symantec gets angry and just starts filling up the hard drives on the workstations. Haven't tried MR4 on them because their license is coming up next month. They are going to be moved to eset at that time.

Viper has a good deal going to get people off other av packages but the email av is pretty expensive through them.



I've seen big issues with spyware in endpoint protection. We had a bunch of clients running spyware doctor enterprise next to it at first. In the end we moved away from symantec to other products. Kaspersky has stopped most spyware from hitting the machines although it can't stop av08/09/xp worth shit. Eset has been very good at keeping the machines clean. Most of are clients haven't had an issue since we installed it.

As far as eset goes we have a few clients still running 3. Newer ones are getting pushed to 4.
Click to expand...



All I can tell you is that we've got a ton of clients on it. We used to regularly have to clean up malware. Now we don't. Take that it for what it's worth.
 
TechieSooner said:
I must say, lots of good info in this thread...


ESET is the same way. The default AV install will freaking bring a server to a grinding halt (I'm not kidding, either).

You've got to white list a bunch of directories, which I personally think decreases your security, but it's what ESET recommends.
Click to expand...

I follow what Microsoft recommends..this link is for SBS, but you can separate what's for a DC, and what's for Exchange.
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137

The above is true regardless of what brand of antivirus you are running, and the above is actually more than what Esets install guide recommends.
 
You must log in or register to reply here.
Back
Top