Re: Microsoft antivirus

[Jeff Kell <jeff-kell () UTC EDU>]

On 3/11/2013 7:06 PM, Jason Gates wrote:
> I've used FEP with SCCM and enjoy the management and reporting
> abilities of FEP but i'm concerned about the quality of malware
> protection. Through reading, testing and real world experiences with
> the antivirus product i've found that its malware protection is left
> wanting. In test cases FEP did not remove/detect all the malware,
> leaving malware parts still installed and functioning.

Sure, it misses stuff.  But they all do.  We've gone from Symantec to
McAfee to Forefront and there really isn't that much of a delta in terms
of protection.  With current zero-day "click here to infect your
computer" drive-bys, nobody is going to keep you clean, but it should
look like they're making an effort. 

In the "big picture" of things, Forefront was much less
"high-maintenance" and "obnoxiously fat footprint" that the
predecessors.  Having updates integrated (more or less) into windows
updates is a plus.  I still have nighmares about EPO :)

I've considered application white-listing, but not sure how many monkey
wrenches that throws into the works.  And how much of that is Active
Directory dependent.

There's no magic bullet.  For no more return that you should expect from
an A/V these days, FF was priced right on campus agreement.  We even
drank the FOPE Kool-Aid for our Exchange filtering...

Jeff