Why would the GPO team be scratching their heads? If you know the applications in use, it is fairly easy to create an application whitelist. It's also very easy to update when something is missed - the full path to the executable that is blocked is written to the event log and can be updated fairly quickly. We have over 200 entries in our whitelist here already - and there's only me that manages the Group Policy Objects.
I've never tried running Windows Defender with SEP. The point I am driving at is that antivirus is a primarily reactive technology, so it won't protect you from unknown executables that users bring in on memory sticks. It also won't protect you from executables you don't want on your network but that aren't viruses (there are more of these than you'd think). Whitelisting is probably the only way to keep yourself from this problem, and disabling the AutoPlay function is vital to keep the Conficker and its ilk away. There are many other things you could do to implement whitelisting, but if it's a Windows domain then I've always found the GPO route to be the quickest and easiest to put in place. On 25 May 2010 15:08, helpdesk UK <uk.helpd...@gmail.com> wrote: > > Thank you for your input. > > For this network they have used various technologies as well but I did not > cover al of them in here. > > Emails & web are filtered centrally by the education grid network. > WSUS is being used as well. > > > The GPO team are already scratching there heads as the school has more than > 140 apps. :( > > Unfortunately the school does not have lic for the enterprise product or > they could use app locker. > > How about Windows Defender which runs in the background will that interfere > with the AV or will that get auto disable as soon as you install the SEP. > > > I have never tried to deploy two AV solutions on the same desktop but did > think it would not work. > > cheers > > Peter > > On 25 May 2010 11:18, James Rankin <kz2...@googlemail.com> wrote: > >> You would do well to implement an application whitelisting GPO and also >> use a GPO to disable AutoPlay. This should mitigate a lot of the threat from >> USB keys. GPOs can also be used to block out access to CD and tape drives, >> should they be present. >> >> SEP is my least favourite AV product. I use Vipre and it is easier, >> lighter, and cheaper. SEP gave me a major headache with logoff delays and a >> very non-intuitive console. YMMV. >> >> Rather than doubling up your AV you'd be better off with a >> defense-in-depth strategy. Multiple AV products tend to conflict with each >> other (and the MSRT really isn't an AV product anyway). We use an IronPort >> for email filtering, Vipre for AV, application whitelists to protect from >> unknown hostile code, mandatory profiles to limit user's ability to mess >> with their desktops, WebSense to protect from hacked websites, WSUS and AD >> for patch management, and GPOs to manage most of the user environment and >> filesystem. What gets past one layer, gets caught by another. >> >> >> On 25 May 2010 11:09, helpdesk UK <uk.helpd...@gmail.com> wrote: >> >>> I have been tasked with deploying Windows 7 professional at a site. >>> >>> I am still trying to learn the new features available in Windows 7 so >>> please bear with my ignorance. :( >>> >>> I am trying to formulate the list of applications which need to be part >>> of the build & when I reached the *Anti virus* section I decided to post >>> here for every ones input. >>> >>> The choice of AV is *Symantec End Point Protection*. >>> >>> Query: >>> ===== >>> >>> 1. Has anyone had any known issues with this product ? i.e. ( using it / >>> deployment problems ) >>> 2. Can I / Should I deploy any other product from Microsoft >>> including this AV product. ( second line of defence ) >>> >>> For example: >>> >>> Malicious Software Removal Tool >>> >>> http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en >>> >>> If I install the MSRT does it actually scan periodically automatically or >>> does it require a central configuration Console ? >>> >>> Or any other utilities which can help. >>> >>> >>> The reason I am being so paranoid about this as it is a school >>> environment and kids have USB sticks brought from home which are generally >>> infected. We cannot stop them either as they take course work home many a >>> times. We are looking at other 3rd party products which will only manage USB >>> sticks but from the desktop security and defense point of view wanted to >>> know know your experience. >>> >>> >>> cheers >>> >>> Peter >>> >>> >>> >>> >>> >>> >>> >> >> >> -- >> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into >> the machine wrong figures, will the right answers come out?' I am not able >> rightly to apprehend the kind of confusion of ideas that could provoke such >> a question." >> >> >> >> >> >> > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
