PaulDotCom mailing list archives
Corporate AV suggestions
From: mike at snowcrash.ca (Mike Patterson)
Date: Tue, 11 May 2010 12:12:00 -0400
Really (to the NetBIOS thing)? We've been with Symantec for ages, I don't recall that as a requirement with at least SAV 10. We're now at SEP, it... well, it works. Unlike somebody else's report, I don't find that it catches everything I expect it to - they don't roll signatures out to SEP as quickly as they do the consumer product. (To reduce false positives in large environments.) That said, it generally works well, and with modern machines they don't seem to suck down the host as much as previous versions have. I even run it in a VM and it's not really noticeable, except when it's nagging me about my own Nessus scans. :) Manageability is one of the biggest reasons we went with it - the tools are good for our environment. We have about several thousand (maybe 7k?) deployed clients, a non-trivial number of which are unmanaged machines, and generally that side is trouble-free. All that said, if you're a corporate customer, submitting samples of malware that the product you've paid non-trivial sums of money for has flat-out missed is more difficult than it needs to be. Short version: I finally gave up after a couple hours chasing people around and waiting a few days on responses. More aggravating was SEP happily let the malware jump from the system I was doing forensics on to my USB key - score, saved me the trouble of copying it myself - but deleted my forensics tools right off the same key. Thanks. No, really. We've had some trouble with our management console, but I'm not involved directly in that and so I'm not sure what the issue is, exactly - but it did take one of our Windows guys the better part of a week to sort out. Teething issues, I suppose, and you'll get that with anything. I've not yet given up on AV and even if I had, our auditors insist. "We get malware infections all the time despite AV" is apparently not an acceptable response to "What if you get malware AV would have caught?" It does catch a lot though - I'm just not sure if the cost of false negatives + management issues + intangibles < cost of reimaging client machines more often. Mike On 10-05-11 10:28 AM, James Costello wrote:
I've used both Trend and Symantec. Symantec requires (or at least they did 2 years ago) a NetBIOS name for the update server that any of the clients can resolve. Trend has been Ok, we've had a few update related issues that have required rebooting client systems to get working again. I have found the Trend reports a bit more informative than Symantec. I'd love to hear others experience On Tue, May 11, 2010 at 8:32 AM, xgermx <xgermx at gmail.com> wrote:So, it's license renewal time for our A/V and I'm open for suggestions/recommendations/horror stories. (I'll be covering roughly 500 Windows based machines). _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Corporate AV suggestions, (continued)
- Corporate AV suggestions xgermx (May 11)
- Corporate AV suggestions leslie l (May 11)
- Corporate AV suggestions Matthew Perry (May 11)
- Corporate AV suggestions Francois Lachance (May 11)
- Corporate AV suggestions Aaron Moss (May 11)
- Corporate AV suggestions Raffi Jamgotchian (May 12)
- Corporate AV suggestions Butturini, Russell (May 11)
- Corporate AV suggestions Mike Patterson (May 11)
- Corporate AV suggestions genesiswave at gmail.com (May 11)
- Message not available
- Message not available
- Corporate AV suggestions Tyler Robinson (May 11)
- Corporate AV suggestions Daniel (May 11)
- Corporate AV suggestions Craig Freyman (May 11)
- Corporate AV suggestions Alex Herrick (May 11)
- Corporate AV suggestions Rob Fuller (May 11)