We are just going to continue using Trend, just with realtime monitoring disabled. It will just do a scan once a week. But we could use any AV for that (personally I would not have chosen Trend).
The heavy work is going to be done by AppSense Application Manager. Its "greylisting" technique means we get the power of a whitelist without the inflexibility. We've studied the two running together for months now and Trend is doing absolutely nothing, the AM component picks everything off first. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -----Original Message----- From: Harry Singh <[email protected]> Date: Sun, 9 Oct 2011 14:32:16 To: NT System Admin Issues<[email protected]> Reply-To: "NT System Admin Issues" <[email protected]>Subject: Re: AV and malware protection? What's the name of the "sleeping" AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, <[email protected]> wrote: > Reactive AV is being phased out of our XenApp systems next week. We are going > to maintain a "sleeping" AV component and do a deep scan once a week. > Realtime monitoring is being turned off and we will rely entirely on the > application management suite. We are not doing this blithely - currently app > management stops about thirty or forty pieces of malware executing per week, > and our AV catches precisely zero. In this environment, AV is just a waste of > resources. > > Sent from my POS BlackBerry wireless device, which may wipe itself at any > moment > > -----Original Message----- > From: Alex Eckelberry <[email protected]> > Date: Sun, 9 Oct 2011 17:55:58 > To: NT System Admin Issues<[email protected]> > Reply-To: "NT System Admin Issues" > <[email protected]>Subject: RE: AV and malware protection? > > Hmmm.... Take a look at the Wildlist, which is the list of currently > verified viruses. There's still a lot of nasty stuff out there. > > http://www.wildlist.org/WildList/201108.txt > > We see plenty of viruses out there, and relying on a product like > Malwarebytes as your only line of defense is a serious mistake, IMHO. It's > an excellent product (remember we partner with them and are very close to > them, so this is not a slight in the least on their technology) but you > really, really need an AV product as a complement. > > Alex > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Sunday, October 09, 2011 1:27 PM > To: NT System Admin Issue > Subject: Re: AV and malware protection? > > On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry <[email protected]> > wrote: >> It's worth noting that MalwareBytes is not an antivirus product. >> It is, however, an excellent protecter/cleaner against modern Trojans >> and rogue antivirus products. > > And the difference between these two things is...? > > Viruses are largely obsolete anyway. Between ubiquitous network > connectivity and autorun, nobody needs to bother. Today's injection vectors > are exploitable vulnerabilities in networked software and social engineering. > An attacker crafting malware to piggy-back on benign executables exchanged > via sneakernet is like worrying about how to attach a team of horses to your > car. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > DISCLAIMER The information contained in this electronic mail may be > confidential or legally privileged. It is for the intended recipient(s) only. > Should you receive this message in error, please notify the sender by > replying to this mail. Please do not read, copy, forward or store this > message unless you are an intended recipient of it - unauthorized use of > contents is strictly prohibited. Unless expressly stated, opinions in this > message are those of the individual sender and not of GFI. While all care has > been taken, GFI is not responsible for the integrity or the contents of this > electronic mail and any attachments included within. (GFI2011) > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
