We thought pretty much everything about their management sucked, including agents.
From: Alan Davies [mailto:[email protected]] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a _____ From: Ray [mailto:[email protected]] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions Thats interesting, because we absolutely hated McAfee and its enterprise console, and couldnt wait to get rid of it. Weve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:[email protected]] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were "getting infected" because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a _____ From: Ames Matthew B [mailto:[email protected]] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt _____ From: Jim Holmgren [mailto:[email protected]] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim _____ From: Joseph L. Casale [mailto:[email protected]] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using thats good? Its been a while since I looked at all the other vendors, I have such little time to eval for this need, I cant just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: 85 Buckingham Gate, London SW1E 6PD <http://www.QinetiQ.com> http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
