Corporate AV suggestions

[mike at snowcrash.ca (Mike Patterson)]

Really (to the NetBIOS thing)?  We've been with Symantec for ages, I
don't recall that as a requirement with at least SAV 10.  We're now at
SEP, it... well, it works.

Unlike somebody else's report, I don't find that it catches everything I
expect it to - they don't roll signatures out to SEP as quickly as they
do the consumer product.  (To reduce false positives in large
environments.)  That said, it generally works well, and with modern
machines they don't seem to suck down the host as much as previous
versions have.  I even run it in a VM and it's not really noticeable,
except when it's nagging me about my own Nessus scans.  :)

Manageability is one of the biggest reasons we went with it - the tools
are good for our environment.  We have about several thousand (maybe
7k?) deployed clients, a non-trivial number of which are unmanaged
machines, and generally that side is trouble-free.

All that said, if you're a corporate customer, submitting samples of
malware that the product you've paid non-trivial sums of money for has
flat-out missed is more difficult than it needs to be.  Short version: I
finally gave up after a couple hours chasing people around and waiting a
few days on responses.  More aggravating was SEP happily let the malware
jump from the system I was doing forensics on to my USB key - score,
saved me the trouble of copying it myself - but deleted my forensics
tools right off the same key.  Thanks.  No, really.  We've had some
trouble with our management console, but I'm not involved directly in
that and so I'm not sure what the issue is, exactly - but it did take
one of our Windows guys the better part of a week to sort out.  Teething
issues, I suppose, and you'll get that with anything.

I've not yet given up on AV and even if I had, our auditors insist.  "We
get malware infections all the time despite AV" is apparently not an
acceptable response to "What if you get malware AV would have caught?"
It does catch a lot though - I'm just not sure if the cost of false
negatives + management issues + intangibles < cost of reimaging client
machines more often.

Mike

On 10-05-11 10:28 AM, James Costello wrote:
> I've used both Trend and Symantec.  Symantec requires (or at least they did
> 2 years ago) a NetBIOS name for the update server that any of the clients
> can resolve.  Trend has been Ok, we've had a few update related issues that
> have required rebooting client systems to get working again.  I have found
> the Trend reports a bit more informative than Symantec.
> I'd love to hear others experience
>
> On Tue, May 11, 2010 at 8:32 AM, xgermx <xgermx at gmail.com> wrote:
>
> > So, it's license renewal time for our A/V and I'm open for
> > suggestions/recommendations/horror stories. (I'll be covering roughly
> > 500 Windows based machines).
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com