Re: Deploying windows 7 - Anti Virus
You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the *Anti virus* section I decided to post here for every ones input. The choice of AV is *Symantec End Point Protection*. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Deploying windows 7 - Anti Virus
Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter On 25 May 2010 11:18, James Rankin kz2...@googlemail.com wrote: You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the *Anti virus* section I decided to post here for every ones input. The choice of AV is *Symantec End Point Protection*. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Deploying windows 7 - Anti Virus
Why would the GPO team be scratching their heads? If you know the applications in use, it is fairly easy to create an application whitelist. It's also very easy to update when something is missed - the full path to the executable that is blocked is written to the event log and can be updated fairly quickly. We have over 200 entries in our whitelist here already - and there's only me that manages the Group Policy Objects. I've never tried running Windows Defender with SEP. The point I am driving at is that antivirus is a primarily reactive technology, so it won't protect you from unknown executables that users bring in on memory sticks. It also won't protect you from executables you don't want on your network but that aren't viruses (there are more of these than you'd think). Whitelisting is probably the only way to keep yourself from this problem, and disabling the AutoPlay function is vital to keep the Conficker and its ilk away. There are many other things you could do to implement whitelisting, but if it's a Windows domain then I've always found the GPO route to be the quickest and easiest to put in place. On 25 May 2010 15:08, helpdesk UK uk.helpd...@gmail.com wrote: Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter On 25 May 2010 11:18, James Rankin kz2...@googlemail.com wrote: You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the *Anti virus* section I decided to post here for every ones input. The choice of AV is *Symantec End Point Protection*. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: Deploying windows 7 - Anti Virus
Thank you James for the reassurance. As for the GPO team I dont know why I did not bother asking the details cheers Peter On 25 May 2010 15:19, James Rankin kz2...@googlemail.com wrote: Why would the GPO team be scratching their heads? If you know the applications in use, it is fairly easy to create an application whitelist. It's also very easy to update when something is missed - the full path to the executable that is blocked is written to the event log and can be updated fairly quickly. We have over 200 entries in our whitelist here already - and there's only me that manages the Group Policy Objects. I've never tried running Windows Defender with SEP. The point I am driving at is that antivirus is a primarily reactive technology, so it won't protect you from unknown executables that users bring in on memory sticks. It also won't protect you from executables you don't want on your network but that aren't viruses (there are more of these than you'd think). Whitelisting is probably the only way to keep yourself from this problem, and disabling the AutoPlay function is vital to keep the Conficker and its ilk away. There are many other things you could do to implement whitelisting, but if it's a Windows domain then I've always found the GPO route to be the quickest and easiest to put in place. On 25 May 2010 15:08, helpdesk UK uk.helpd...@gmail.com wrote: Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter On 25 May 2010 11:18, James Rankin kz2...@googlemail.com wrote: You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the *Anti virus* section I decided to post here for every ones input. The choice of AV is *Symantec End Point Protection*. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong
Re: Deploying windows 7 - Anti Virus
Windows Defender does not tend to conflict with other AV or antimalware products. Some 3rd party products will, however, offer to disable Windows Defender for you when they install. It beats having Defender tell you all about the changes they are making. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 25, 2010 at 10:08 AM, helpdesk UK uk.helpd...@gmail.com wrote: Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter On 25 May 2010 11:18, James Rankin kz2...@googlemail.com wrote: You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the *Anti virus* section I decided to post here for every ones input. The choice of AV is *Symantec End Point Protection*. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Deploying windows 7 - Anti Virus
Yes I have just done my first SEP install on a Wndows 7 pc as a test and it has disabled WD. I do get your point. :) cheers Peter On 25 May 2010 15:52, Andrew S. Baker asbz...@gmail.com wrote: Windows Defender does not tend to conflict with other AV or antimalware products. Some 3rd party products will, however, offer to disable Windows Defender for you when they install. It beats having Defender tell you all about the changes they are making. -ASB: http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker On Tue, May 25, 2010 at 10:08 AM, helpdesk UK uk.helpd...@gmail.comwrote: Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter On 25 May 2010 11:18, James Rankin kz2...@googlemail.com wrote: You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the *Anti virus* section I decided to post here for every ones input. The choice of AV is *Symantec End Point Protection*. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Deploying windows 7 - Anti Virus
Neither Windows 7 Enterprise nor AppLocker are required for application white listing. Software Restrictions Policies (the predecessor to AppLocker) isn't as flexible but is present in all business editions of Windows = XP. On 5/25/2010 9:08 AM, helpdesk UK wrote: Unfortunately the school does not have lic for the enterprise product or they could use app locker. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Deploying windows 7 - Anti Virus
This type of whitelisting is really only useful in smaller environments, where you can have people dedicated to handling this situation. If that describes a situation, then well and good. Otherwise you need something else. Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, 25 May 2010 10:20 PM To: NT System Admin Issues Subject: Re: Deploying windows 7 - Anti Virus Why would the GPO team be scratching their heads? If you know the applications in use, it is fairly easy to create an application whitelist. It's also very easy to update when something is missed - the full path to the executable that is blocked is written to the event log and can be updated fairly quickly. We have over 200 entries in our whitelist here already - and there's only me that manages the Group Policy Objects. I've never tried running Windows Defender with SEP. The point I am driving at is that antivirus is a primarily reactive technology, so it won't protect you from unknown executables that users bring in on memory sticks. It also won't protect you from executables you don't want on your network but that aren't viruses (there are more of these than you'd think). Whitelisting is probably the only way to keep yourself from this problem, and disabling the AutoPlay function is vital to keep the Conficker and its ilk away. There are many other things you could do to implement whitelisting, but if it's a Windows domain then I've always found the GPO route to be the quickest and easiest to put in place. On 25 May 2010 15:08, helpdesk UK uk.helpd...@gmail.commailto:uk.helpd...@gmail.com wrote: Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Deploying windows 7 - Anti Virus
Useful information that I have referenced when installing SEP on an image build: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110510364248 Matt Burian | IT Consultant Burian Information Technology, LLC. m...@burianit.com | Main: 937 660-8196 | Cell: 937 681-3600 Computer and Network Solutions Visit on the Web at www.burianit.com On Tue, May 25, 2010 at 6:09 AM, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the Anti virus section I decided to post here for every ones input. The choice of AV is Symantec End Point Protection. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Deploying windows 7 - Anti Virus
Whitelisting via simple GPO without AppLocker is only of limited effectiveness, unfortunately. You can, for instance, get around it by starting a rogue app from the command prompt or by renaming it to match a whitelisted app. I definitely agree with the suggestion to turn off AutoPlay. -Malcolm From: helpdesk UK [mailto:uk.helpd...@gmail.com] Sent: Tuesday, May 25, 2010 09:45 To: NT System Admin Issues Subject: Re: Deploying windows 7 - Anti Virus Thank you James for the reassurance. As for the GPO team I dont know why I did not bother asking the details cheers Peter On 25 May 2010 15:19, James Rankin kz2...@googlemail.com wrote: Why would the GPO team be scratching their heads? If you know the applications in use, it is fairly easy to create an application whitelist. It's also very easy to update when something is missed - the full path to the executable that is blocked is written to the event log and can be updated fairly quickly. We have over 200 entries in our whitelist here already - and there's only me that manages the Group Policy Objects. I've never tried running Windows Defender with SEP. The point I am driving at is that antivirus is a primarily reactive technology, so it won't protect you from unknown executables that users bring in on memory sticks. It also won't protect you from executables you don't want on your network but that aren't viruses (there are more of these than you'd think). Whitelisting is probably the only way to keep yourself from this problem, and disabling the AutoPlay function is vital to keep the Conficker and its ilk away. There are many other things you could do to implement whitelisting, but if it's a Windows domain then I've always found the GPO route to be the quickest and easiest to put in place. On 25 May 2010 15:08, helpdesk UK uk.helpd...@gmail.com wrote: Thank you for your input. For this network they have used various technologies as well but I did not cover al of them in here. Emails web are filtered centrally by the education grid network. WSUS is being used as well. The GPO team are already scratching there heads as the school has more than 140 apps. :( Unfortunately the school does not have lic for the enterprise product or they could use app locker. How about Windows Defender which runs in the background will that interfere with the AV or will that get auto disable as soon as you install the SEP. I have never tried to deploy two AV solutions on the same desktop but did think it would not work. cheers Peter On 25 May 2010 11:18, James Rankin kz2...@googlemail.com wrote: You would do well to implement an application whitelisting GPO and also use a GPO to disable AutoPlay. This should mitigate a lot of the threat from USB keys. GPOs can also be used to block out access to CD and tape drives, should they be present. SEP is my least favourite AV product. I use Vipre and it is easier, lighter, and cheaper. SEP gave me a major headache with logoff delays and a very non-intuitive console. YMMV. Rather than doubling up your AV you'd be better off with a defense-in-depth strategy. Multiple AV products tend to conflict with each other (and the MSRT really isn't an AV product anyway). We use an IronPort for email filtering, Vipre for AV, application whitelists to protect from unknown hostile code, mandatory profiles to limit user's ability to mess with their desktops, WebSense to protect from hacked websites, WSUS and AD for patch management, and GPOs to manage most of the user environment and filesystem. What gets past one layer, gets caught by another. On 25 May 2010 11:09, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the Anti virus section I decided to post here for every ones input. The choice of AV is Symantec End Point Protection. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54- 9ab3-75b8eb148356 http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54 -9ab3-75b8eb148356displaylang=en displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course
Re: Deploying windows 7 - Anti Virus
That is why you white list folder paths (ie c:\windows\system32 and C:\Program Files) instead of individual executables. White listing based on file hash would work too. BTW both the Run dialog and cmd.exe respect both SRP and AppLocker. On XP and 2003 you can get around software restrictions with runas. On Vista and newer runas respects SRP. On 5/25/2010 12:56 PM, Malcolm Reitz wrote: Whitelisting via simple GPO without AppLocker is only of limited effectiveness, unfortunately. You can, for instance, get around it by starting a rogue app from the command prompt or by renaming it to match a whitelisted app. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Deploying windows 7 - Anti Virus
Has anyone had any known issues with this product? [SEP] You just opened the floodgates :) Lol. MSRT just scans as part of the Windows Update process. It scans when the updates are applied, it's a one process. I skip most of them because it really bogs down the machine. Sam From: helpdesk UK [mailto:uk.helpd...@gmail.com] Sent: Tuesday, May 25, 2010 5:09 AM To: NT System Admin Issues Subject: Deploying windows 7 - Anti Virus I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the Anti virus section I decided to post here for every ones input. The choice of AV is Symantec End Point Protection. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4 f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Deploying windows 7 - Anti Virus
Since it's a school environment, I forgot to mention something else. I have done some work for a high school in which we Faronics DeepFreeze deployed on all student machines. When in a frozen state the computers essentially can not be harmed from a software perspective. Upon a reboot, everything on the hard drive is reverted back to a known good state. It worked very well and eliminated most issues with viruses on student machines. Since students stored all data on a network location, saving to the local machine was never required. I believe the product also supports AD/Group Policy integration, though I have not personally used it since my experience was in a Novell environment. http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeCorporate.aspx Microsoft has a similar product available free of charge called SteadyState, but unfortunately it appears that it does not/will not support Windows 7... http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx Matt Matt Burian | IT Consultant Burian Information Technology, LLC. m...@burianit.com | Main: 937 660-8196 | Cell: 937 681-3600 Computer and Network Solutions Visit on the Web at www.burianit.com On Tue, May 25, 2010 at 6:09 AM, helpdesk UK uk.helpd...@gmail.com wrote: I have been tasked with deploying Windows 7 professional at a site. I am still trying to learn the new features available in Windows 7 so please bear with my ignorance. :( I am trying to formulate the list of applications which need to be part of the build when I reached the Anti virus section I decided to post here for every ones input. The choice of AV is Symantec End Point Protection. Query: = 1. Has anyone had any known issues with this product ? i.e. ( using it / deployment problems ) 2. Can I / Should I deploy any other product from Microsoft including this AV product. ( second line of defence ) For example: Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356displaylang=en If I install the MSRT does it actually scan periodically automatically or does it require a central configuration Console ? Or any other utilities which can help. The reason I am being so paranoid about this as it is a school environment and kids have USB sticks brought from home which are generally infected. We cannot stop them either as they take course work home many a times. We are looking at other 3rd party products which will only manage USB sticks but from the desktop security and defense point of view wanted to know know your experience. cheers Peter ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~