It seems like their best people are part of the setup team. We had a deployment engineer that answered a bunch of questions and helped improve the success of the removing McAfee.
Rather than SCCM, which has had its own deployment challenges, we opted for a startup script. From: Jim Holmgren [mailto:[email protected]] Sent: Saturday, October 09, 2010 5:08 PM To: NT System Admin Issues Subject: RE: AV Opinions Installation for me was pretty straightforward. I had no problem installing the Enterprise Console on the VM I created for it. I created a SCCM package for deployment on Friday, should be testing it Monday if nothing crazy interferes. Running the command-line installer for the client worked fine and so far I've had 100% success with the Symantec removal. I did run into a problem with installing a separate Update Server, but that was my own fault for not reading the directions - if you don't install A before you install B - it won't work correctly and you'll get an error. Documentation isn't the best I've ever read, but their KB is good and there are a lot of knowledgeable folks on their Support Forum. There are two different "Install" documents. There is a quick-start guide and there is a much more in-depth manual for installation. The quick-start guide is lacking a lot of important detail for an enterprise roll-out. I have 6 hours of consulting time that was included with the purchase, I'll probably use that for a health-check and review of my environment since I couldn't get a slot before 10/21 and I've committed to management to have the deployment completed by 10/31. Jim _____ From: Joseph L. Casale [mailto:[email protected]] Sent: Sat 10/9/2010 3:31 PM To: NT System Admin Issues Subject: RE: AV Opinions So the Sophos guys came in cheaper, but the Console Installer is actually now the buggiest app I use. I experienced several issues during installation that werent documented. Not looking good For those of you that use it, how was installation? It had all sorts of issues simply enumerating usernames and the browser had bugs, sigh What makes a software company release an app with a list of Known Problems so long? How is that acceptable? Thinking about not wanting more headaches than I have so I am going to demo Avira, but it was more money. jlc From: Joseph L. Casale [mailto:[email protected]] Sent: Friday, October 08, 2010 5:57 AM To: NT System Admin Issues Subject: RE: AV Opinions Yup, And FF is prohibitively expensive in small environments, but it is my favorite. Most reliable I have ever used, _never_ had an FP or a dead machine or a bad dat. Its detection rates arent quite as good as the top guys but you compromise I guess. Right now, I am keen on Sophos for the multiplatform agent. Their console appears ok, it appears their agent is an exe so the method they use to install the agent by GPO is a startup scrip, not coolL Avira has a Postfix compatible MTA product and a Squid compatible (by ICAP) product which is cool. I like how they dont distinguish clients (file servers vs. desktops in licensing terms). I have yet to see their console though. Thanks for everything guys, jlc From: Andrew S. Baker [mailto:[email protected]] Sent: Friday, October 08, 2010 4:05 AM To: NT System Admin Issues Subject: Re: AV Opinions Or Vipre, because Joseph has already indicated that he's familiar with them. He's looking for other recommendations... ASB On Fri, Oct 8, 2010 at 1:12 AM, Ryan Finnesey <[email protected]> wrote: No one as commented on the Forefront products. From: Maglinger, Paul [mailto:[email protected]] Sent: Thursday, October 07, 2010 4:04 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought their management sucked too. Their SALES management, that is. J From: Ray [mailto:[email protected]] Sent: Thursday, October 07, 2010 2:39 PM To: NT System Admin Issues Subject: RE: AV Opinions We thought pretty much everything about their management sucked, including agents. From: Alan Davies [mailto:[email protected]] Sent: Thursday, October 07, 2010 5:48 AM To: NT System Admin Issues Subject: RE: AV Opinions Hmmm ... my comments were more around the ability to manage/control agents than how nice the console was to use. Also, on the additional functionality side, their local FW and software NAC components were very immature feature wise. Support varied - UK support a million times better than the out of hours US support! a _____ From: Ray [mailto:[email protected]] Sent: 07 October 2010 12:42 To: NT System Admin Issues Subject: RE: AV Opinions Thats interesting, because we absolutely hated McAfee and its enterprise console, and couldnt wait to get rid of it. Weve ended up with significantly better coverage with Sophos than we ever did with McAfee. From: Alan Davies [mailto:[email protected]] Sent: Thursday, October 07, 2010 2:42 AM To: NT System Admin Issues Subject: RE: AV Opinions Sophos seem to be excellent detection wise. As for not detecting Conficker below, that'll have been another issue as there is no AV product out there that can't detect it. If I had to guess, perhaps one host was infected and locked out AD, but all the Sophos alerts were from machines missing MS08-067 that were "getting infected" because the OS could not protect against it, but immediately cleaned by Sophos. Certainly behaviour I've seen before. You must patch Windows, AV can do everything on its own. One negative comment about Sophos - they are still, in my opinion, very low down the pecking order in Enterprise Management. They have a long, long way to catch up on McAfee and the like for agent management, alerting, mandatory policies, etc. You can work around these things and it's a great AV product, but if you're a large, sensitive environment, it may frustrate you a little. Going from 7 to 9 didn't improve these grumbles much ... a _____ From: Ames Matthew B [mailto:[email protected]] Sent: 07 October 2010 08:12 To: NT System Admin Issues Subject: RE: AV Opinions We run Sophos here, and it seems to do a reasonable job. Corporate IS got caught last year with their pants down after a departmental server without any AV on it (or seriously out of date - guess someone got a good telling off for that) managed to get Conficker. Given we don't have a direct net connection to our deskstops or services network, they had not bothered to install the hotfixes to prevent this For what ever reason Sophos did not detected it, and quite a few machines got infected, and a couple of thousand user accounts got locked out. Took them a few days to get things under control - I wrote a little ldap tool to monitor the number of locked out user accounts :-) Sophos is a bit of a memory hog (not sure how it compares to other versions), taking around 150MB (savservice.exe alone is taking 108MB on my machine currently). We are currently using 7.6.20 tht, Matt _____ From: Jim Holmgren [mailto:[email protected]] Sent: 07 October 2010 01:23 To: NT System Admin Issues Subject: RE: AV Opinions Give Sophos a long look. I firmly believe they are the best of breed that nobody seems to talk about. They don't market to the non-corporate crowd, so that probably has something to do with it. I asked this list and a few other resources when I was evaluating solutions. I did not hear from a single person using Sophos that did not like it. We are replacing Symantec with Sophos right now and it is going very well so far. Sophos will sync with AD (if you want) to automatically protect computers when you add them. It will remove Symantec cleanly (so far on about 25 test/pilot users it has been perfect) when pushing it out. It includes device control (want to block USB storage devices...2-3 clicks and you are done), a NAC component, and a firewall. It also includes clients for Mac/Linux and with each corporate license, you get a free at-home license. NFI - just a very satisfied customer so far. Jim _____ From: Joseph L. Casale [mailto:[email protected]] Sent: Wed 10/6/2010 7:09 PM To: NT System Admin Issues Subject: AV Opinions At one of the shops that I look after, I have been asked to change the AV to something new and current. Vipre and Forefront excluded (I know enough about those already), what else are you guys using thats good? Its been a while since I looked at all the other vendors, I have such little time to eval for this need, I cant just download all vendors packages and trial each one for 30 days, I need to look at one and hopefully get it rightL Thanks for any opinions, jlc ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
