I’d say you have your bases covered pretty well, if you are looking to go to FEP and already have app whitelisting in place. I’d like to look into the app whitelisting in the future as well. Are your users admins on their boxes?
Mark Kent (MCP) Sr. Desktop Systems Engineer Computing & Technology Services - SUNY Buffalo State From: [email protected] [mailto:[email protected]] On Behalf Of Murray, Mike Sent: Thursday, August 08, 2013 10:27 AM To: [email protected] Subject: RE: [mssms] RE: Host intrusion We’re trying to avoid purchasing a product. We already have McAfee, moving to Endpoint Protection (hopefully). Never mind. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Tuomo Leppänen Sent: Thursday, August 08, 2013 6:25 AM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] RE: Host intrusion One word: F-Secure. Their current AV solution has device blocking (USB and other) built-in, also comes with 3rd party application patching solution. http://www.f-secure.com/en/web/business_global/products/business-suite/overview On 8.8.2013 15:40, Thomas Gonzalez wrote: Same, we aren't using hips, but we are implementing hdlp Sent from my Windows Phone ________________________________ From: Kent, Mark<mailto:[email protected]> Sent: 8/8/2013 7:37 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Host intrusion I guess with locked down machines and patched OS’s/apps, it’s not as huge a concern for us. Perhaps if we had more time and staff, maybe it would be something we could investigate. We almost used HIPS but at the time I had heard grumblings about the time and effort to set it up properly. Mark Kent (MCP) Sr. Desktop Systems Engineer Computing & Technology Services - SUNY Buffalo State From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Murray, Mike Sent: Wednesday, August 07, 2013 7:34 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Host intrusion So, is host intrusion not a concern for anyone? Just curious what your thoughts are… From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Murray, Mike Sent: Wednesday, August 07, 2013 10:07 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] Host intrusion Posted this in the FEP group, not much response, so going for a wider audience. :) Curious about those of you who have moved to EP after using another product. We’re running the McAfee suite, which includes AV & HIPS. If we get rid of McAfee (the goal), we lose host intrusion prevention. Is anyone using another product, or is this even a concern for you? Best Regards, Mike Murray Desktop Management Coordinator - IT Support Services California State University, Chico 530.898.4357 [email protected]<mailto:[email protected]>
