Years ago I stopped using Symantec and MacAfee because both were resource hogs, missed stuff, and put all kind of shims into the OS making it a rebuild every time I had to upgrade them. Both were pains. I was happier with ESET but cost got too high for management and they wanted to go back to either Symantec or MacAfee. Glad my new job does not require I have to deal with this stuff anymore.
Jon -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gantry Zettler Sent: Thursday, September 14, 2017 1:34 PM To: [email protected] Subject: Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with? Yep they all suck and they will all disappoint you. I use Symantec Cloud because it's cheap and stays out of the way, catches the random thing but nothing to write home about. Sophos' Intercept anti-Ransomware tech seems interesting, have a client using it but haven't gone in depth. On Thu, Sep 14, 2017 at 11:43 AM, James Rankin <[email protected]> wrote: Just playing devil's advocate here - are you required by regulation to actually use AV? Because I think it's had its day. App management and other tech are arguably so much better, and have much less of a resource footprint. -----Original Message----- From: [email protected] [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of Michael Leone Sent: 14 September 2017 17:32 To: [email protected] Subject: [NTSysADM] Dropping Kaspersky Av, who to replace it with? We use Kaspersky for our AV needs, and to be honest, it's worked out well for us. It's certainly caught things that McAfee, our previous AV solution, didn't. However, they have this slight problem with being a covert arm of the Russian government, apparently .. So we need to drop them, as the federal agencies are doing. There are lots of reviews, such as av-test.org, that we are looking at. But tell me, who do you have? And - more importantly - if you had your say in the matter, would you keep them? We're an sort of enterprise level organization, maybe 1K users, bunch of laptops issued to remote users. So far, all Win 7 for workstations, but obviously that will change in the future. Servers are all Win 2008/2012 R2 (so far). So we need something with a centralized console, to push out rules, updates, etc. We use Proofpoint as an email gateway, so it does mail scanning. We have Checkpoint firewalls for managing that sort of traffic. Thoughts? I know I've heard good things about ESET and Sophos, among others. Just soliciting some real world opinions, along with our own research.
