Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations...
*ASB* * * On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey < [email protected]> wrote: > No one as commented on the Forefront products. > > > > > > *From:* Maglinger, Paul [mailto:[email protected]] > *Sent:* Thursday, October 07, 2010 4:04 PM > > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > > > We thought their management sucked too. Their SALES management, that is. > J > > > > *From:* Ray [mailto:[email protected]] > *Sent:* Thursday, October 07, 2010 2:39 PM > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > > > We thought pretty much everything about their management sucked, including > agents. > > > > *From:* Alan Davies [mailto:[email protected]] > *Sent:* Thursday, October 07, 2010 5:48 AM > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > > > Hmmm ... my comments were more around the ability to manage/control agents > than how nice the console was to use. Also, on the additional functionality > side, their local FW and software NAC components were very immature feature > wise. Support varied - UK support a million times better than the out of > hours US support! > > > > > > > > a > > > ------------------------------ > > *From:* Ray [mailto:[email protected]] > *Sent:* 07 October 2010 12:42 > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > That’s interesting, because we absolutely hated McAfee and it’s enterprise > console, and couldn’t wait to get rid of it. We’ve ended up with > significantly better coverage with Sophos than we ever did with McAfee. > > > > *From:* Alan Davies [mailto:[email protected]] > *Sent:* Thursday, October 07, 2010 2:42 AM > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > > > Sophos seem to be excellent detection wise. As for not detecting Conficker > below, that'll have been another issue as there is no AV product out there > that can't detect it. If I had to guess, perhaps one host was infected and > locked out AD, but all the Sophos alerts were from machines missing MS08-067 > that were "getting infected" because the OS could not protect against it, > but immediately cleaned by Sophos. Certainly behaviour I've seen before. > You must patch Windows, AV can do everything on its own. > > > > One negative comment about Sophos - they are still, in my opinion, very low > down the pecking order in Enterprise Management. They have a long, long way > to catch up on McAfee and the like for agent management, alerting, mandatory > policies, etc. You can work around these things and it's a great AV > product, but if you're a large, sensitive environment, it may frustrate you > a little. Going from 7 to 9 didn't improve these grumbles much ... > > > > > > > > a > > > ------------------------------ > > *From:* Ames Matthew B [mailto:[email protected]] > *Sent:* 07 October 2010 08:12 > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > We run Sophos here, and it seems to do a reasonable job. Corporate IS got > caught last year with their pants down after a departmental server without > any AV on it (or seriously out of date - guess someone got a good telling > off for that) managed to get Conficker. Given we don't have a direct net > connection to our deskstops or services network, they had not bothered to > install the hotfixes to prevent this > > > > For what ever reason Sophos did not detected it, and quite a few machines > got infected, and a couple of thousand user accounts got locked out. Took > them a few days to get things under control - I wrote a little ldap tool to > monitor the number of locked out user accounts :-) > > > > Sophos is a bit of a memory hog (not sure how it compares to other > versions), taking around 150MB (savservice.exe alone is taking 108MB on my > machine currently). We are currently using 7.6.20 > > > > tht, > > Matt > > > ------------------------------ > > *From:* Jim Holmgren [mailto:[email protected]] > *Sent:* 07 October 2010 01:23 > *To:* NT System Admin Issues > *Subject:* RE: AV Opinions > > Give Sophos a long look. I firmly believe they are the best of breed that > nobody seems to talk about. They don't market to the non-corporate crowd, > so that probably has something to do with it. I asked this list and a few > other resources when I was evaluating solutions. I did not hear from a > single person using Sophos that did not like it. > > > > We are replacing Symantec with Sophos right now and it is going very well > so far. > > > > Sophos will sync with AD (if you want) to automatically protect computers > when you add them. It will remove Symantec cleanly (so far on about 25 > test/pilot users it has been perfect) when pushing it out. It includes > device control (want to block USB storage devices...2-3 clicks and you are > done), a NAC component, and a firewall. > > > > It also includes clients for Mac/Linux and with each corporate license, you > get a free at-home license. NFI - just a very satisfied customer so far. > > > > Jim > > > > > > > ------------------------------ > > *From:* Joseph L. Casale [mailto:[email protected]] > *Sent:* Wed 10/6/2010 7:09 PM > *To:* NT System Admin Issues > *Subject:* AV Opinions > > At one of the shops that I look after, I have been asked to change the AV > to something new and current. > > Vipre and Forefront excluded (I know enough about those already), what else > are you guys using that’s good? > > > > It’s been a while since I looked at all the other vendors, I have such > little time to eval for this need, I can’t just download all vendors > packages and trial each one for 30 days, I need to look at one and hopefully > get it rightL > > > > Thanks for any opinions, > > jlc > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
