RE: AV Opinions
It seems like their best people are part of the setup team. We had a deployment engineer that answered a bunch of questions and helped improve the success of the removing McAfee. Rather than SCCM, which has had its own deployment challenges, we opted for a startup script. From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Saturday, October 09, 2010 5:08 PM To: NT System Admin Issues Subject: RE: AV Opinions Installation for me was pretty straightforward. I had no problem installing the Enterprise Console on the VM I created for it. I created a SCCM package for deployment on Friday, should be testing it Monday if nothing crazy interferes. Running the command-line installer for the client worked fine and so far I've had 100% success with the Symantec removal. I did run into a problem with installing a separate Update Server, but that was my own fault for not reading the directions - if you don't install A before you install B - it won't work correctly and you'll get an error. Documentation isn't the best I've ever read, but their KB is good and there are a lot of knowledgeable folks on their Support Forum. There are two different Install documents. There is a quick-start guide and there is a much more in-depth manual for installation. The quick-start guide is lacking a lot of important detail for an enterprise roll-out. I have 6 hours of consulting time that was included with the purchase, I'll probably use that for a health-check and review of my environment since I couldn't get a slot before 10/21 and I've committed to management to have the deployment completed by 10/31. Jim _ From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Sat 10/9/2010 3:31 PM To: NT System Admin Issues Subject: RE: AV Opinions So the Sophos guys came in cheaper, but the Console Installer is actually now the buggiest app I use. I experienced several issues during installation that werent documented. Not looking good For those of you that use it, how was installation? It had all sorts of issues simply enumerating usernames and the browser had bugs, sigh What makes a software company release an app with a list of Known Problems so long? How is that acceptable? Thinking about not wanting more headaches than I have so I am going to demo Avira, but it was more money. jlc From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Friday, October 08, 2010 5:57 AM To: NT System Admin Issues Subject: RE: AV Opinions Yup, And FF is prohibitively expensive in small environments, but it is my favorite. Most reliable I have ever used, _never_ had an FP or a dead machine or a bad dat. Its detection rates arent quite as good as the top guys but you compromise I guess. Right now, I am keen on Sophos for the multiplatform agent. Their console appears ok, it appears their agent is an exe so the method they use to install the agent by GPO is a startup scrip, not coolL Avira has a Postfix compatible MTA product and a Squid compatible (by ICAP) product which is cool. I like how they dont distinguish clients (file servers vs. desktops in licensing terms). I have yet to see their console though. Thanks for everything guys, jlc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 4:05 AM To: NT System Admin Issues Subject: Re: AV Opinions Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... ASB On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a _ From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions Thats interesting, because we absolutely hated McAfee and its enterprise console, and couldnt wait to get rid of it. Weve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies
RE: AV Opinions
So the Sophos guys came in cheaper, but the Console Installer is actually now the buggiest app I use. I experienced several issues during installation that weren't documented. Not looking good... For those of you that use it, how was installation? It had all sorts of issues simply enumerating usernames and the browser had bugs, sigh... What makes a software company release an app with a list of Known Problems so long? How is that acceptable? Thinking about not wanting more headaches than I have so I am going to demo Avira, but it was more money. jlc From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Friday, October 08, 2010 5:57 AM To: NT System Admin Issues Subject: RE: AV Opinions Yup, And FF is prohibitively expensive in small environments, but it is my favorite. Most reliable I have ever used, _never_ had an FP or a dead machine or a bad dat. Its detection rates aren't quite as good as the top guys but you compromise I guess. Right now, I am keen on Sophos for the multiplatform agent. Their console appears ok, it appears their agent is an exe so the method they use to install the agent by GPO is a startup scrip, not cool:( Avira has a Postfix compatible MTA product and a Squid compatible (by ICAP) product which is cool. I like how they don't distinguish clients (file servers vs. desktops in licensing terms). I have yet to see their console though. Thanks for everything guys, jlc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 4:05 AM To: NT System Admin Issues Subject: Re: AV Opinions Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... ASB On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.commailto:ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. :) From: Ray [mailto:rz...@qwest.netmailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.commailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.netmailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.commailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.commailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install
RE: AV Opinions
Installation for me was pretty straightforward. I had no problem installing the Enterprise Console on the VM I created for it. I created a SCCM package for deployment on Friday, should be testing it Monday if nothing crazy interferes. Running the command-line installer for the client worked fine and so far I've had 100% success with the Symantec removal. I did run into a problem with installing a separate Update Server, but that was my own fault for not reading the directions - if you don't install A before you install B - it won't work correctly and you'll get an error. Documentation isn't the best I've ever read, but their KB is good and there are a lot of knowledgeable folks on their Support Forum. There are two different Install documents. There is a quick-start guide and there is a much more in-depth manual for installation. The quick-start guide is lacking a lot of important detail for an enterprise roll-out. I have 6 hours of consulting time that was included with the purchase, I'll probably use that for a health-check and review of my environment since I couldn't get a slot before 10/21 and I've committed to management to have the deployment completed by 10/31. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Sat 10/9/2010 3:31 PM To: NT System Admin Issues Subject: RE: AV Opinions So the Sophos guys came in cheaper, but the Console Installer is actually now the buggiest app I use. I experienced several issues during installation that weren't documented. Not looking good... For those of you that use it, how was installation? It had all sorts of issues simply enumerating usernames and the browser had bugs, sigh... What makes a software company release an app with a list of Known Problems so long? How is that acceptable? Thinking about not wanting more headaches than I have so I am going to demo Avira, but it was more money. jlc From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Friday, October 08, 2010 5:57 AM To: NT System Admin Issues Subject: RE: AV Opinions Yup, And FF is prohibitively expensive in small environments, but it is my favorite. Most reliable I have ever used, _never_ had an FP or a dead machine or a bad dat. Its detection rates aren't quite as good as the top guys but you compromise I guess. Right now, I am keen on Sophos for the multiplatform agent. Their console appears ok, it appears their agent is an exe so the method they use to install the agent by GPO is a startup scrip, not coolL Avira has a Postfix compatible MTA product and a Squid compatible (by ICAP) product which is cool. I like how they don't distinguish clients (file servers vs. desktops in licensing terms). I have yet to see their console though. Thanks for everything guys, jlc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 4:05 AM To: NT System Admin Issues Subject: Re: AV Opinions Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... ASB On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out
Re: AV Opinions
Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... *ASB* * * On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com] *Sent:* Thursday, October 07, 2010 4:04 PM *To:* NT System Admin Issues *Subject:* RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J *From:* Ray [mailto:rz...@qwest.net] *Sent:* Thursday, October 07, 2010 2:39 PM *To:* NT System Admin Issues *Subject:* RE: AV Opinions We thought pretty much everything about their management sucked, including agents. *From:* Alan Davies [mailto:adav...@cls-services.com] *Sent:* Thursday, October 07, 2010 5:48 AM *To:* NT System Admin Issues *Subject:* RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a -- *From:* Ray [mailto:rz...@qwest.net] *Sent:* 07 October 2010 12:42 *To:* NT System Admin Issues *Subject:* RE: AV Opinions That’s interesting, because we absolutely hated McAfee and it’s enterprise console, and couldn’t wait to get rid of it. We’ve ended up with significantly better coverage with Sophos than we ever did with McAfee. *From:* Alan Davies [mailto:adav...@cls-services.com] *Sent:* Thursday, October 07, 2010 2:42 AM *To:* NT System Admin Issues *Subject:* RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a -- *From:* Ames Matthew B [mailto:mba...@qinetiq.com] *Sent:* 07 October 2010 08:12 *To:* NT System Admin Issues *Subject:* RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt -- *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com] *Sent:* 07 October 2010 01:23 *To:* NT System Admin Issues *Subject:* RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim
Re: AV Opinions
Don't see much Trend chatter either. - Original Message - From: Ryan Finnesey ryan.finne...@harrierinvestments.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Friday, October 8, 2010 1:12:24 AM Subject: RE: AV Opinions No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That’s interesting, because we absolutely hated McAfee and it’s enterprise console, and couldn’t wait to get rid of it. We’ve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT
RE: AV Opinions
Yup, And FF is prohibitively expensive in small environments, but it is my favorite. Most reliable I have ever used, _never_ had an FP or a dead machine or a bad dat. Its detection rates aren't quite as good as the top guys but you compromise I guess. Right now, I am keen on Sophos for the multiplatform agent. Their console appears ok, it appears their agent is an exe so the method they use to install the agent by GPO is a startup scrip, not cool:( Avira has a Postfix compatible MTA product and a Squid compatible (by ICAP) product which is cool. I like how they don't distinguish clients (file servers vs. desktops in licensing terms). I have yet to see their console though. Thanks for everything guys, jlc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, October 08, 2010 4:05 AM To: NT System Admin Issues Subject: Re: AV Opinions Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... ASB On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey ryan.finne...@harrierinvestments.commailto:ryan.finne...@harrierinvestments.com wrote: No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.commailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. :) From: Ray [mailto:rz...@qwest.netmailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.commailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.netmailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.commailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.commailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.commailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give
Re: AV Opinions
I use and recommend NOD32+Malwarebytes. http://www.eset.com/press-center/awards -- ME2 On Wed, Oct 6, 2010 at 4:09 PM, Joseph L. Casale jcas...@activenetwerx.comwrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that’s good? It’s been a while since I looked at all the other vendors, I have such little time to eval for this need, I can’t just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: AV Opinions
Whatever you go with, the belt and braces approach is always the best (also known as defense in depth). No matter what AV you choose, everything misses stuff at some point. At my last job, we had Vipre on the TS desktops, Sophos at the mail perimeter, occasional scans with MalwareBytes and the backup of a well-maintained application whitelist. On 7 October 2010 00:09, Joseph L. Casale jcas...@activenetwerx.com wrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that’s good? It’s been a while since I looked at all the other vendors, I have such little time to eval for this need, I can’t just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered
RE: AV Opinions
Avira Antivir is very good. I tend to take the view of layers so I rely a lot on having very good URL filtering in place so that hopefully the A/V doesn't need to do much, but I still rate the product very highly. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: 07 October 2010 00:09 To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies
Re: AV Opinions
Look at ESET NOD32 and Avast. Sophos is okay, too. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Oct 6, 2010 at 7:09 PM, Joseph L. Casale jcas...@activenetwerx.comwrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that’s good? It’s been a while since I looked at all the other vendors, I have such little time to eval for this need, I can’t just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
I used to Eset back when they started to have support issues, and I received many fp's with their software. They also had known issues with their config generator that weren't addressed in the next version I waited for so I probably won't give them a second chance. jlc From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, October 07, 2010 1:01 AM To: NT System Admin Issues Subject: Re: AV Opinions I use and recommend NOD32+Malwarebytes. http://www.eset.com/press-center/awards -- ME2 On Wed, Oct 6, 2010 at 4:09 PM, Joseph L. Casale jcas...@activenetwerx.commailto:jcas...@activenetwerx.com wrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it right:( Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
What's their console like, how does it integrate if at all with AD? Thanks! jlc From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, October 07, 2010 1:28 AM To: NT System Admin Issues Subject: RE: AV Opinions Avira Antivir is very good. I tend to take the view of layers so I rely a lot on having very good URL filtering in place so that hopefully the A/V doesn't need to do much, but I still rate the product very highly. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: 07 October 2010 00:09 To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it right:( Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
I know it can, but it's not something I've done. Their console is a little quirky if I'm honest, it's not something you'll look at and think my that's pretty, but it is functional and over around 500 machines it works just fine. My best suggestion is try it, but persevere don't go off a quick glance as other products look better on that basis IMO. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: 07 October 2010 12:14 To: NT System Admin Issues Subject: RE: AV Opinions What's their console like, how does it integrate if at all with AD? Thanks! jlc From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Thursday, October 07, 2010 1:28 AM To: NT System Admin Issues Subject: RE: AV Opinions Avira Antivir is very good. I tend to take the view of layers so I rely a lot on having very good URL filtering in place so that hopefully the A/V doesn't need to do much, but I still rate the product very highly. From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: 07 October 2010 00:09 To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
Conflicker seems to be a tough one. We got hit with it last year and McAfee was pretty ineffective against it. We opted for Sophos over the others primarily for their console. It seemed to be the most mature (for lack of a better term). My biggest concern was their tech support, which seems to be mediocre at best. If I was picking based on support alone, Id probably be picking Kaspersky. From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: Thursday, October 07, 2010 12:12 AM To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt _ From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim _ From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using thats good? Its been a while since I looked at all the other vendors, I have such little time to eval for this need, I cant just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. This email and any attachments to it may be confidential
RE: AV Opinions
Thats interesting, because we absolutely hated McAfee and its enterprise console, and couldnt wait to get rid of it. Weve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a _ From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt _ From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim _ From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using thats good? Its been a while since I looked at all the other vendors, I have such little time to eval for this need, I cant just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep
RE: AV Opinions
We will be moving away from McCrappy after our current agreement expires. Not necessarily because of how their product performs (but that is part of it), but because of the way they handled the 5958 DAT fiasco. They made promises to our company for compensation and then reneged on the deal. I doubt they really care now that they're in bed with Intel. -Paul From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 6:42 AM To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: AV Opinions
Wish I could say the same here, basically they gave us everything and the boat for like 3+ yrs, but that doesn't make up for the downtime of the 5958 dat fiasco either. I can't say for certain that it will get any better with Intel owning them now, but I guess that is Intel's problem to deal with now. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 8:27 AM To: NT System Admin Issues Subject: RE: AV Opinions We will be moving away from McCrappy after our current agreement expires. Not necessarily because of how their product performs (but that is part of it), but because of the way they handled the 5958 DAT fiasco. They made promises to our company for compensation and then reneged on the deal. I doubt they really care now that they're in bed with Intel. -Paul From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 6:42 AM To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those
RE: AV Opinions
I guess we should have had your sales rep. *sigh* From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, October 07, 2010 7:32 AM To: NT System Admin Issues Subject: RE: AV Opinions Wish I could say the same here, basically they gave us everything and the boat for like 3+ yrs, but that doesn't make up for the downtime of the 5958 dat fiasco either. I can't say for certain that it will get any better with Intel owning them now, but I guess that is Intel's problem to deal with now. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 8:27 AM To: NT System Admin Issues Subject: RE: AV Opinions We will be moving away from McCrappy after our current agreement expires. Not necessarily because of how their product performs (but that is part of it), but because of the way they handled the 5958 DAT fiasco. They made promises to our company for compensation and then reneged on the deal. I doubt they really care now that they're in bed with Intel. -Paul From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 6:42 AM To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT
RE: AV Opinions
Yeah lets just say you get what you Negotiate, not what you pay for, and with downtime like we suffered ( along with others) that was just the bargaining chip someone had to basically strong arm Mcafee accordingly. Whether it turns out to be a good move or not, only time will tell J Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 8:36 AM To: NT System Admin Issues Subject: RE: AV Opinions I guess we should have had your sales rep. *sigh* From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, October 07, 2010 7:32 AM To: NT System Admin Issues Subject: RE: AV Opinions Wish I could say the same here, basically they gave us everything and the boat for like 3+ yrs, but that doesn't make up for the downtime of the 5958 dat fiasco either. I can't say for certain that it will get any better with Intel owning them now, but I guess that is Intel's problem to deal with now. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 8:27 AM To: NT System Admin Issues Subject: RE: AV Opinions We will be moving away from McCrappy after our current agreement expires. Not necessarily because of how their product performs (but that is part of it), but because of the way they handled the 5958 DAT fiasco. They made promises to our company for compensation and then reneged on the deal. I doubt they really care now that they're in bed with Intel. -Paul From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 6:42 AM To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically
RE: AV Opinions
Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body
RE: AV Opinions
Well Sophos just found a copy of it in a RECYCLER directory which was a couple of levels off the root (so not the active recycler directory). From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:39 To: NT System Admin Issues Subject: RE: AV Opinions Conflicker seems to be a tough one. We got hit with it last year and McAfee was pretty ineffective against it. We opted for Sophos over the others primarily for their console. It seemed to be the most mature (for lack of a better term). My biggest concern was their tech support, which seems to be mediocre at best. If I was picking based on support alone, I'd probably be picking Kaspersky. From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: Thursday, October 07, 2010 12:12 AM To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el
RE: AV Opinions
It will find it easily, as, I hope, would any AV! It cannot stop an infected computer continuously attempting to re-infect you though. It will sort of succeed, for a millisecond, until the AV intercepts the payload. You will therefore continue to get notified that it was detected and cleaned. You need to patch Windows to protect against Conficker. a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 14:33 To: NT System Admin Issues Subject: RE: AV Opinions Well Sophos just found a copy of it in a RECYCLER directory which was a couple of levels off the root (so not the active recycler directory). From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:39 To: NT System Admin Issues Subject: RE: AV Opinions Conflicker seems to be a tough one. We got hit with it last year and McAfee was pretty ineffective against it. We opted for Sophos over the others primarily for their console. It seemed to be the most mature (for lack of a better term). My biggest concern was their tech support, which seems to be mediocre at best. If I was picking based on support alone, I'd probably be picking Kaspersky. From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: Thursday, October 07, 2010 12:12 AM To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information
RE: AV Opinions
Sadly, after finally mastering McAfee's ePO console after 10,000 hours of working with it I do like the granularity it offers, the fact I can sync it with AD and various OU levels (I have McAfee groups that roughly align with my OU structure), my login is LDAP pass-through, etc. I have it so it auto-deploys AV to workstations and some servers but not all (by design) etc. I managed to avoid the 5958 DAT fiasco, and I've had Vipre eat more legit .EXE's than any other AV. How can you tell if you're getting better coverage from one product vs. another? Unless you run both in parallel in the same environment (50% have one, 50% have the other) I don't know how you could really know. As I've said before I run 3 different AV products in 3 different environments and I couldn't tell you with any certainly one is giving better coverage than another. Perhaps after the change you are getting more notifications of infected machines? The might do it. Out of the box McAfee ePO isn't set up to let you know when machines are infected, it wasn't until I horsed around with it that I started getting alerts. Heck McAfee's product even helped troubleshoot a SNORT detection because I just had the agent log all port traffic for a time. This isn't really a McAfee endorsement as much as it is just general commentary :-P David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 5:27 AM To: NT System Admin Issues Subject: RE: AV Opinions We will be moving away from McCrappy after our current agreement expires. Not necessarily because of how their product performs (but that is part of it), but because of the way they handled the 5958 DAT fiasco. They made promises to our company for compensation and then reneged on the deal. I doubt they really care now that they're in bed with Intel. -Paul From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 6:42 AM To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We
RE: AV Opinions
We have used virtually all of them. We currently have Vipre installed everywhere. Does a pretty good job, but there is always something that makes its way through. Usually a new variant of Antivirus 2010, but its easily cleaned with MalwareBytes. The only real issues we have are systems that require Admin rights, (not by our choice, and we have fought hard on this) but they learn and we eventually get our way. Eset great product, horrible support, console was very convoluted to learn. AVG, not a bad product but to many lockups and crashing systems for us to be comfortable with it. Symancrap..nough said. McCrapee, never again will you ever see me get close to it. I will usually give Vipre away to a client to get them off Syman or McCrap so we don't have to deal with it. Greg Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 11:21 AM To: NT System Admin Issues Subject: RE: AV Opinions It will find it easily, as, I hope, would any AV! It cannot stop an infected computer continuously attempting to re-infect you though. It will sort of succeed, for a millisecond, until the AV intercepts the payload. You will therefore continue to get notified that it was detected and cleaned. You need to patch Windows to protect against Conficker. a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 14:33 To: NT System Admin Issues Subject: RE: AV Opinions Well Sophos just found a copy of it in a RECYCLER directory which was a couple of levels off the root (so not the active recycler directory). From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:39 To: NT System Admin Issues Subject: RE: AV Opinions Conflicker seems to be a tough one. We got hit with it last year and McAfee was pretty ineffective against it. We opted for Sophos over the others primarily for their console. It seemed to be the most mature (for lack of a better term). My biggest concern was their tech support, which seems to be mediocre at best. If I was picking based on support alone, I'd probably be picking Kaspersky. From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: Thursday, October 07, 2010 12:12 AM To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each
RE: AV Opinions
We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a _ From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions Thats interesting, because we absolutely hated McAfee and its enterprise console, and couldnt wait to get rid of it. Weve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a _ From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt _ From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim _ From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using thats good? Its been a while since I looked at all the other vendors, I have such little time to eval for this need, I cant just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
RE: AV Opinions
We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I
RE: AV Opinions
No one as commented on the Forefront products. From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:rz...@qwest.net] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a From: Ray [mailto:rz...@qwest.net] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions That's interesting, because we absolutely hated McAfee and it's enterprise console, and couldn't wait to get rid of it. We've ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:adav...@cls-services.com] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were getting infected because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a From: Ames Matthew B [mailto:mba...@qinetiq.com] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront
Re: AV Opinions
I'd look for the top performers http://www.virusbtn.com - Sean On Wed, Oct 6, 2010 at 3:09 PM, Joseph L. Casale jcas...@activenetwerx.comwrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that’s good? It’s been a while since I looked at all the other vendors, I have such little time to eval for this need, I can’t just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
Wow, never heard of trustport, they seem to be kicking but? From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, October 06, 2010 5:28 PM To: NT System Admin Issues Subject: Re: AV Opinions I'd look for the top performers http://www.virusbtn.comhttp://www.virusbtn.com/ - Sean On Wed, Oct 6, 2010 at 3:09 PM, Joseph L. Casale jcas...@activenetwerx.commailto:jcas...@activenetwerx.com wrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it right:( Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
Great, I will look at it! Thanks, jlc From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, October 06, 2010 6:23 PM To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it right:( Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
We switched to Sophos. Kaspersky was also in the running. From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, October 06, 2010 4:28 PM To: NT System Admin Issues Subject: Re: AV Opinions I'd look for the top performers http://www.virusbtn.com http://www.virusbtn.com/ - Sean On Wed, Oct 6, 2010 at 3:09 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using that's good? It's been a while since I looked at all the other vendors, I have such little time to eval for this need, I can't just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: AV Opinions
I was at a conference recently, and shared a couple of cool liquid refreshments with an in-the-know MSFT person, speaking off the record, of course. This person made the comment that Kaspersky was generally #1 for getting updated high-quality definitions out ASAP. Personally, I haven't used them yet, but next time I renew a license, I'll be taking a close look at their engine and updates and cost. From: Joseph L. Casale [jcas...@activenetwerx.com] Sent: Tuesday, April 21, 2009 3:21 PM To: NT System Admin Issues Subject: AV Opinions Anyone using Kaspersky and F-Secure? Looking at their two products now, it seems Kaspersky has a Squid module for our proxy which is kinda cool. Any opinions on the management aspects? Any current users with opinions on the quality of support? Thanks, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: AV Opinions
I'm checking out Bit Defender.they seem to have quality AV software. Robert From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, April 21, 2009 1:22 PM To: NT System Admin Issues Subject: AV Opinions Anyone using Kaspersky and F-Secure? Looking at their two products now, it seems Kaspersky has a Squid module for our proxy which is kinda cool. Any opinions on the management aspects? Any current users with opinions on the quality of support? Thanks, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: AV Opinions
That may be true, Kaspersky has a good name in the industry. But updated definitions are beginning to be old hat. When the bad guys are pushing out polymorphic malware (and they are), definitions will never catch up. You have to be looking at heuristics and even better, highly efficient behavior-based technology. Performance is also still very important, if your security app bogs down the machine it runs on, the purpose is defeated to a large degree. If you are looking at AV you should put this one on your shortlist: http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ Warm regards, Stu Sjouwerman Founder, VP Marketing. P: +1-727-562-0101 ext 218 F: +1-727-562-5199 s...@sunbelt-software.com From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Tuesday, April 21, 2009 3:37 PM To: NT System Admin Issues Subject: RE: AV Opinions I was at a conference recently, and shared a couple of cool liquid refreshments with an in-the-know MSFT person, speaking off the record, of course. This person made the comment that Kaspersky was generally #1 for getting updated high-quality definitions out ASAP. Personally, I haven't used them yet, but next time I renew a license, I'll be taking a close look at their engine and updates and cost. From: Joseph L. Casale [jcas...@activenetwerx.com] Sent: Tuesday, April 21, 2009 3:21 PM To: NT System Admin Issues Subject: AV Opinions Anyone using Kaspersky and F-Secure? Looking at their two products now, it seems Kaspersky has a Squid module for our proxy which is kinda cool. Any opinions on the management aspects? Any current users with opinions on the quality of support? Thanks, jlc .. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
