Re: Microsoft antivirus

["Santabarbara, Angelo" <asantabarbara () SIENA EDU>]

We are also going down this same route.  We have been testing FEP with
about 200 lab machines and all of our Microsoft servers.  Overall, it seems
to do a better job than McAfee and with SCCM we do have visibility and
control over what it is doing.  SCCM is not the easiest deployment, but we
already had it running as we've been using FIM since November.  Upon
install we've actually found many infections that were not detected by
McAfee.  Based on this, the cost savings, and the smaller resource
footprint, we will be switching all of our machines to FEP this summer.

Angelo D. Santabarbara
Director of Networks & Systems
Siena College
518-782-6996
ASantabarbara () siena edu

***Siena ITS staff will NEVER ask for your password or other confidential
information via email.***

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you received this e-mail and are not the
intended recipient, please inform the sender by e-mail reply and destroy
all copies of the original message.


On Mon, Mar 11, 2013 at 3:54 PM, Tim Doty <tdoty () mst edu> wrote:

> On 03/11/2013 02:24 PM, Ed Zawacki wrote:
>
> > I just wanted to say that I appreciate all of the comments I've received
> > on this topic to both me directly and to the list.
> >
> > One interesting observation is that of the people who responded, it
> > seems that nearly everyone that switched to MS FEP seems happy with it.
> > A few weeks ago, I was looking at Gartner's magic quadrant for endpoint
> > protection as well as a report they did on FEP a year or so ago and they
> > seemed to be underwhelmed. Odd.
>
> Here's another University of Missouri response. Although all campuses are
> on FEP (I believe) there are five member institutions so situations vary.
>
> I can say that how well you will like it depends on how it is deployed and
> managed. For example, I don't have any access to the SCCM so there is no
> visibility or reporting. And, those that do have access to it here don't
> take advantage of it.
>
> From an effectiveness stand point it hasn't seemed particularly effective.
> It has happy to allow an old virus (financial data stealer) to continue
> operating (the system had been infected before the change to FEP) and in
> general web-based infections seem to occur without a hitch. Maybe it stops
> some of them, but as I have no visibility into the SCCM I can't tell.
>
> However, it isn't like the previous product (McAfee) was doing any better
> from an effectiveness standpoint and we didn't have visibility into its
> activity/alerting either. For me, the major difference has been submitting
> samples and in that respect Microsoft seems better now than it was a year
> ago, though it does vary significantly. Time from submission to update has
> ranged from very fast (may have been less than a day, I don't remember for
> sure) to well over a week.
>
> Tim Doty
> System Security Analyst
> Missouri S&T