The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
mojojoeoA block off the park, living the dream.Registered Userregular
edited April 2009
We use Symantec Endpoint Protection 11 and it is a bit of a mess. I admin the dedicated AV/print server.
Cons-
- System hog even with only anti spyware and virus running (no firewall/or net protection installed/running). While actively scanning it does slow down the PCs; but most AV does during active scans, right?
- Server randomly decides to stop updates. This has been fixed in the past by service packing the software (not an easy thing) or long support calls that dig into crazy deep levels to fix.
- Our users do not have admin priviledges, and the SEP client is up to date-> shit still gets through alot.
- One early service pack would not migrate-> their solution was to re-roll out the software everywhere. "Start over" is not a cool solution.
Pros-
- Once you get used to it theres a lot of customization in the security of the client and such.
- highly customizable reports, we have two daily ones that have all the important info. New Major threats give you an email alert. Etc... Reporting seems pretty good.
- Once its up and stable; i have not had to do too much to keep it going.
- Tech support has been pretty good. Waits are a bitch; but they are solid in thier support.
That said, we are looking at moving to kaspersky. Anyone have info on that one? http://www.kaspersky.com/
Im glad to help with SEP q's if you have them; Ive been hacking away at it for a year now.
Good luck man!
mojojoeo on
Chief Wiggum: "Ladies, please. All our founding fathers, astronauts, and World Series heroes have been either drunk or on cocaine."
I use ESET's NOD32 (70 licenses.) It has a central management install that allows you to push out XML configurations to individual clients or groups, as well as serving as an internal update server. ESET pushes out updates multiple times a day.
We switched from using McAfee less than 6 months ago. VirusScan and ePO were not cutting the mustard so to speak. Some clients would not keep up to date, it was clunky to manage, and it was just falling behind as far as intelligent scanning goes.
So far we've run into one problem with NOD32. It was blocking the motion detection capabilities in our Axis network cameras. Creating a config with an IP exception for the cameras was incredibly easy, and I was able to push it out to the video capture server and my admin station to resolve the issue.
I have not had a reason to contact their technical support.
They also have a 64-bit version that I run on my home computer without any problems.
With Nod32, does it push out new licences to the clients as well?
I don't know. I'll tell you in 2 years when we come upon our renewal. :P
(edit) Actually, yes. The licensing is just a key that you can plug into the config. I don't know that you even need to license the clients if they are pointing to the central server. You license the central server for the number of clients you have. For laptops, I then push out the licensing info so they can grab updates over the internet from ESET when working remote.
I'm using NOD32 as well, 270 licenses. We switched to it from Symantec. I like the mgmt much better, as well as the improved detection rate. We did have one false positive earlier this year that took out Adobe Acrobat for about 6 PC's out of 250 for a few hours. That is my only complaint so far. Just like any AV you will have to program some exceptions, especially for specific databases. I just use one master list of exceptions and include it in all my different config .xml's.
And yes, the license is centrally managed. There is no need to push anything when you update it as long as you're managing all your clients. Clients at remote sites not on the domain/network would be the exception.
edit: forgot to mention we have had it for a year so far.
Yeah, there are the occasional false positives, but from what I've gathered, ESET is pretty quick to respond to these issues. Our company's main application was affected before we started using NOD32. The application's forums suggest that it was resolved by an update within a few hours. NOD32 has an easy way to upload false positives to ESET.
I've use UltraVNC for remote access to some servers that can't run Terminal Services. Works fine along side NOD32, for what its worth.
And like I said, ESET updates multiple times a day. Its not uncommon to see 2 updates come through in the 8.5 hour workday, and then see at least one more on my home PC that evening.
Contact their sales via the website. They will set you up with a 30 day trial (central admin and clients.) They won't sell directly to you, but if you need a reseller, I got a good deal with a company in New Jersey (STI Products.)
To clarify, my complaint was not really a complaint as such. ESET had the adobe acrobat false positive fixed within like 3 hours. The definition update restored the quarantined file. So all in all I just had a few users who lost acrobat for approx 3 hours. I would take it over symantec or mcafee, the previous two I have administered, any day.
I've had a bit of interest so I'm copy/pasting the PM I sent to GPIA7R
We've been using forefront for about a year now. Now, I'll preface this with the fact that my IT manager is a Microsoft whore, but I do like what forefront brings to the table.
If you're a microsoft shop, forefront is really easy to manage. It's all controlled through Active directory and group policy, and the client and updates are delivered through software update services, so it's presented to the user like a normal windows update. Control is pretty granular, our regular users have no control over the software at all. It resides as a tray icon and the user can't go into it at all, if they try to click, a balloon comes up telling them it's managed by a system administrator. But, for those of us in IT and on our servers, control is unlocked so we can do on demand scans when we want.
The software does real time monitoring, as well as daily scans(we have ours set up for 12:15pm). IT also does anti-malware scans(and replaces windows defender completely actually) as well. The scan automatically cleans up any malware/spyware it finds, and if it can't fix it it's noted in the reports.
As for reporting, there's a web based reporting service with many reports, you can see all the computers history, or look at the days for what percentage of computers were scanned, and it'll start to show alerts if a machine hasn't been scanned in a few days. It will also show when a computer was infected.
I'm 100% sure that there are better overall solutions out there, but since we are a microsoft shop and use all of their products already, forefront integrates very well and has done an adequate job for us.
Mr_Rose83 Blue Ridge Protects the HolyRegistered Userregular
edited April 2009
Gotta say, NOD32 here as well (40-50 clients depending on if you count virtual machines); love the multiple daily updates, minimal resource usage and spectacular detection rate. We had one false positive last year but like the previously mentioned Acrobat issue, that got fixed in time for the next update and no data was lost.
Might have to look into this forefront stuff though; if the resource use/detection are good I would love to be able to administer the virus scanner from AD.
We use Symantec Endpoint Protection 11 and it is a bit of a mess. I admin the dedicated AV/print server.
*snip*
That said, we are looking at moving to kaspersky. Anyone have info on that one? http://www.kaspersky.com/
Im glad to help with SEP q's if you have them; Ive been hacking away at it for a year now.
Good luck man!
I would recommend against Kaspersky. The client side app is a total system hog, and you can't even specify when to run a scan, so it will just start. These leads to many of the programmers here, including myself, to turn it off.
I'm not as sure about the server side. It doesn't take to much time or upkeep, but you really don't want any programs on your computers that your users don't want and that makes them less productive.
Cronus on
"Read twice, post once. It's almost like 'measure twice, cut once' only with reading." - MetaverseNomad
Might have to look into this forefront stuff though; if the resource use/detection are good I would love to be able to administer the virus scanner from AD.
I'm not thrilled about daily updates going out over WSUS. Make sure you are comfortable with WSUS before you rely on that for daily updating (I don't mind it for non-daily updates.) WSUS is free, so you could be using it now (and should if you are a primarily Windows shop.)
Posts
Cons-
- System hog even with only anti spyware and virus running (no firewall/or net protection installed/running). While actively scanning it does slow down the PCs; but most AV does during active scans, right?
- Server randomly decides to stop updates. This has been fixed in the past by service packing the software (not an easy thing) or long support calls that dig into crazy deep levels to fix.
- Our users do not have admin priviledges, and the SEP client is up to date-> shit still gets through alot.
- One early service pack would not migrate-> their solution was to re-roll out the software everywhere. "Start over" is not a cool solution.
Pros-
- Once you get used to it theres a lot of customization in the security of the client and such.
- highly customizable reports, we have two daily ones that have all the important info. New Major threats give you an email alert. Etc... Reporting seems pretty good.
- Once its up and stable; i have not had to do too much to keep it going.
- Tech support has been pretty good. Waits are a bitch; but they are solid in thier support.
That said, we are looking at moving to kaspersky. Anyone have info on that one?
http://www.kaspersky.com/
Im glad to help with SEP q's if you have them; Ive been hacking away at it for a year now.
Good luck man!
We switched from using McAfee less than 6 months ago. VirusScan and ePO were not cutting the mustard so to speak. Some clients would not keep up to date, it was clunky to manage, and it was just falling behind as far as intelligent scanning goes.
So far we've run into one problem with NOD32. It was blocking the motion detection capabilities in our Axis network cameras. Creating a config with an IP exception for the cameras was incredibly easy, and I was able to push it out to the video capture server and my admin station to resolve the issue.
I have not had a reason to contact their technical support.
They also have a 64-bit version that I run on my home computer without any problems.
NintendoID: Nailbunny 3DS: 3909-8796-4685
I don't know. I'll tell you in 2 years when we come upon our renewal. :P
(edit) Actually, yes. The licensing is just a key that you can plug into the config. I don't know that you even need to license the clients if they are pointing to the central server. You license the central server for the number of clients you have. For laptops, I then push out the licensing info so they can grab updates over the internet from ESET when working remote.
NintendoID: Nailbunny 3DS: 3909-8796-4685
And yes, the license is centrally managed. There is no need to push anything when you update it as long as you're managing all your clients. Clients at remote sites not on the domain/network would be the exception.
edit: forgot to mention we have had it for a year so far.
NintendoID: Nailbunny 3DS: 3909-8796-4685
And like I said, ESET updates multiple times a day. Its not uncommon to see 2 updates come through in the 8.5 hour workday, and then see at least one more on my home PC that evening.
Contact their sales via the website. They will set you up with a 30 day trial (central admin and clients.) They won't sell directly to you, but if you need a reseller, I got a good deal with a company in New Jersey (STI Products.)
NintendoID: Nailbunny 3DS: 3909-8796-4685
sent you a PM
We've been using forefront for about a year now. Now, I'll preface this with the fact that my IT manager is a Microsoft whore, but I do like what forefront brings to the table.
If you're a microsoft shop, forefront is really easy to manage. It's all controlled through Active directory and group policy, and the client and updates are delivered through software update services, so it's presented to the user like a normal windows update. Control is pretty granular, our regular users have no control over the software at all. It resides as a tray icon and the user can't go into it at all, if they try to click, a balloon comes up telling them it's managed by a system administrator. But, for those of us in IT and on our servers, control is unlocked so we can do on demand scans when we want.
The software does real time monitoring, as well as daily scans(we have ours set up for 12:15pm). IT also does anti-malware scans(and replaces windows defender completely actually) as well. The scan automatically cleans up any malware/spyware it finds, and if it can't fix it it's noted in the reports.
As for reporting, there's a web based reporting service with many reports, you can see all the computers history, or look at the days for what percentage of computers were scanned, and it'll start to show alerts if a machine hasn't been scanned in a few days. It will also show when a computer was infected.
I'm 100% sure that there are better overall solutions out there, but since we are a microsoft shop and use all of their products already, forefront integrates very well and has done an adequate job for us.
Might have to look into this forefront stuff though; if the resource use/detection are good I would love to be able to administer the virus scanner from AD.
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
I would recommend against Kaspersky. The client side app is a total system hog, and you can't even specify when to run a scan, so it will just start. These leads to many of the programmers here, including myself, to turn it off.
I'm not as sure about the server side. It doesn't take to much time or upkeep, but you really don't want any programs on your computers that your users don't want and that makes them less productive.
"Read twice, post once. It's almost like 'measure twice, cut once' only with reading." - MetaverseNomad
I'm not thrilled about daily updates going out over WSUS. Make sure you are comfortable with WSUS before you rely on that for daily updating (I don't mind it for non-daily updates.) WSUS is free, so you could be using it now (and should if you are a primarily Windows shop.)
NintendoID: Nailbunny 3DS: 3909-8796-4685