As far as not being helpful, glad I could help!
Either way it is what I recommend I leave it up to any AD admin who is worth their salt to investigate, understand, implement, and administer their own environment. I will not hamper my recommendations with personal feeling or biased thoughts. To date the TM Product has work nicely. Saved me a great deal of time and has some rather useful features that are shared by many other products, please investigate the wide and varying field of AV products available, I'm sure a wise and yet myopic individual will have no problems cutting through the endless whitepapers and formulate strategic initiative that will not only fulfill the needs of current issue. But continue to be a solution well into the future. Now, can I have my two doll hairs! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Sent: Thursday, October 06, 2005 9:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment Sorry, but "beta" does not get put on my network, regardless of manufacturer or reason. Not that my policies should stop you from doing as you please. Quite honestly I'm not a big fan of most of Symantec's final release software let alone their beta stuff. And for the record I do use Symantec's Mail Security on my Exchange boxes right now, so I'm not just throwing stones. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blair, James Sent: Thursday, October 06, 2005 3:17 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment Tim, Derek is correct here. Symantec actually have a Rapid Release definition package which is released hourly as Beta, download page here: http://securityresponse.symantec.com/avcenter/beta.download.html In our environment we utilise the Symantec FTP site to download virus definitions on a daily basis and in should there be a "situation" we are easily able to flick over to the Rapid Release definition package. We do not utilise Live Update at all which you are correct in saying is usually released on a Wednesday. http://service1.symantec.com/SUPPORT/ent-security.nsf/529c2f9adcf33a1088 256e22005026f1/ed529c731d8f795180256eb00052a64a?OpenDocument&prod=Symant ec%20AntiVirus%20Corporate%20Edition&ver=9.0&src=ent&pcode=sav_ce&dtype= corp&svy=&prev=&miniver=savce_9.0 James -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek Harris Sent: Thursday, 6 October 2005 9:00 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment Actually, Symantec releases an update at least once a day, but you have to ftp it (you can script/schedule it). -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Vander Kooi Sent: Wednesday, October 05, 2005 4:12 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment I agree that most all AV vendors are alike, as are most of their products. I have used every vendor you have mentioned here, and more, and with the exception of CA they were all perfectly fine. The one differentiating factor I have found is in the proactive approach that NOD takes compared to most other vendors. Where as Symantec comes out with 1 weekly update on every Wednesday unless there is a major outbreak to deal with, Nod comes out with at least one, and sometimes 3 or more updates per day that deal with minor threats that they find on a real time basis. That and I have had occasion to contact NOD's support team due to their picking up an app we run to do system monitoring here. They tagged it as Spyware (which was good as it could be used that way) and after I informed them of the issue they had a new definition set that corrected the problem released within 60 minutes. Try getting that kind of response out of Symantec or Norton. I've never gotten it. It takes me almost that long just to find Symantec's support phone number on their website. To me it's those little things that make the difference more than the up front cost. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Wednesday, October 05, 2005 12:28 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment I came <<this close>> to ripping out Trend in my office due to the BSOD, false positives and the infamous Friday incident. They are on probation right now. The ones bantered around in our A/V wars discussions: Symantec [not yellow box but corp] Sophos CA I have a fellow SBSer in AU who LOVES Nod32. Pick one... they are in reality ALL reactionary. Real geeks don't use A/V anyway. [you should have seen the thread on whether to stick a/v on a web server on the focus on ms listserve... if you set up a server for a select job, lock it down.... only serve up static pages.. why 'does' it need to be covered by A/V was the topic] Tim Vander Kooi wrote: >I've only been on the list a short time, but I must have missed the >mandatory Trend Micro brainwashing. :-) So far from what I have noticed >there seems to be a set answer to all AV questions. >Question: I'm curious about the capabilities of NOD32. >Answers (en mass): You should use Trend Micro. >Question: Is anyone using Symantec? >Answer (again en mass): You should buy Trend Micro. > >Not that there is anything wrong with Trend Micro's product, it's great >in my opinion, but these responses don't seem to be very helpful with >regard to the questions being asked. > >My apologies to the list "gods" if TM is the list sponsor. :-) Tim > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Glen Miller >Sent: Wednesday, October 05, 2005 11:55 AM >To: 'ActiveDir@mail.activedir.org' >Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment > >Look into a product called Office Scan, by a company called Trend Micro. >I have been using this product happily since 1998. It saved me from >the "I love you" bug and a few rather nasty ones since. > >"I want my two dollars!" > > >And Joe! Petitioning Webster's to include Joe-isms as an actual word. > > > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Ahmed Al Awah >Sent: Tuesday, October 04, 2005 12:35 PM >To: 'ActiveDir@mail.activedir.org' >Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment > >Since we're on topic..is anyone using Symantec AntiVirus 10 corp >edition for A/V protection in a domain environment? > >-----Original Message----- >From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] >[mailto:[EMAIL PROTECTED] >Sent: October 4, 2005 11:07 AM >To: ActiveDir@mail.activedir.org >Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment > > >My 1 cent. > >I should go back to lurking...but... when choosing your a/v solution >there's something to check on... some of the a/v vendors have >historically needed admin rights to update or have had vulnerabilities >themselves. > >Might be something to investigate and consider when chosing an a/v >...especially on a DC. > >In my own historical issues with Trend, the OfficeProtect dat file >upgrade to XP sp2 wasn't properly 'vetted" and flatlined my >workstations > >and last I heard cost Trend $8 mil in lost sales. They've also had a >security vulnerability patched somewhat recently. > >Epo's had their issues as well.... > >http://xforce.iss.net/xforce/xfdb/21839 > >ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy >Orchestrator could allow an attacker to obtain MSDE SA password: >http://xforce.iss.net/xforce/xfdb/12787 > >ISS X-Force Database: epolicy-execute-commands(14166): ePolicy >Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166 > > > >Al Garrett wrote: > > > >>My 2 cents... >>EpO has worked outstanding for us. >>Does inventory reports, finds "rogues", demonstrates to pointy-haired >>bosses how many infections are avoided and how dangerous it is "out >>there." >>Combined with CommTouch Anti-Spam solution. >> >> -----Original Message----- >> *From:* [EMAIL PROTECTED] >> >> >[mailto:[EMAIL PROTECTED] > > >> *Sent:* Tuesday, October 04, 2005 8:36 AM >> *To:* ActiveDir@mail.activedir.org >> *Subject:* RE: [ActiveDir] Anti-virus protection in domain >>enviroment >> >> Just to add a little to what Phil says: >> >> When I last used ePO I found that possibly the most useful feature >> was the reporting aspect. This allows you (amongst others) to >> assess which viruses were found in the environment and therefore >> what action if any needs to be taken to prevent further infection. >> >> Most organisations don't have any idea how many infections they >> suffer from or how regularly the infections occur. A tool such as >> ePO can help in this area quite significantly. [it's also a handy >> management tool which helps justify the ongoing AV costs :) ] >> >> neil >> >> >> *___________________________* >> *Neil Ruston* >> Global Technology Infrastructure >> Nomura International plc >> >> >> >> >> >----------------------------------------------------------------------- >- > > >> *From:* [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] *On Behalf Of *Phil >> >> >Renouf > > >> *Sent:* 04 October 2005 16:10 >> *To:* ActiveDir@mail.activedir.org >> *Subject:* Re: [ActiveDir] Anti-virus protection in domain >>enviroment >> >> Take a look at this article, it should give you the information >> you need to configure Antivirus on your DC's: >> >> http://support.microsoft.com/default.aspx/kb/822158 >> >> I don't have any experience running NOD32 on anything :) >> >> As for clients, most environments I have been in use a product >> similar to McAfee's EPO to centrally manage all the AV agents on >> the desktop to make sure they are configured to the corporate >> standard and that they have up to date scan engines and DAT files. >> >> Phil >> >> >> On 10/4/05, *Boris Demirov* <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> wrote: >> >> Hello everybody, >> I got some questions about the anti-virus protection of a >> domain controller >> and the domain environment: >> >> In my opinion the best AV program for the moment is NOD32 - I >> am using it >> successfully on many workstations, but I am not quite sure how >> it will act on >> a DC. What kind of protection do you use on your DCs and have >> somebody got a >> closer look on the NOD32 installed on a DC? >> And something else to ask: what kind of AV protect your >> workstations in >> domain, do you use a single copy of a normal AV or some >> enterprise edition? >> >> All advises on the topic of antivirus protection in domain >> controller and the >> stations in the domain are welcome. >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> <http://www.activedir.org/ListFAQ.aspx> >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> >> >> PLEASE READ: The information contained in this email is >> confidential and >> intended for the named recipient(s) only. If you are not an >> >> >intended > > >> recipient of this email please notify the sender immediately and >> delete your >> copy from your system. You must not copy, distribute or take any >> further >> action in reliance on it. Email is not a secure method of >> communication and >> Nomura International plc ('NIplc') will not, to the extent >> permitted by law, >> accept responsibility or liability for (a) the accuracy or >> completeness of, >> or (b) the presence of any virus, worm or similar malicious or >> disabling >> code in, this message or any attachment(s) to it. If verification >> of this >> email is sought then please request a hard copy. Unless otherwise >> stated >> this email: (1) is not, and should not be treated or relied upon >> >> >as, > > >> investment research; (2) contains views or opinions that are >> solely those of >> the author and do not necessarily represent those of NIplc; (3) is >> intended >> for informational purposes only and is not a recommendation, >> solicitation or >> offer to buy or sell securities or related financial instruments. >> NIplc >> does not provide investment services to private customers. >> Authorised and >> regulated by the Financial Services Authority. Registered in >> >> >England > > >> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St >> Martin's-le-Grand, >> London, EC1A 4NP. A member of the Nomura group of companies. >> >> >> > > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
