PaulDotCom mailing list archives

Corporate AV suggestions

From: digitallachance at gmail.com (Francois Lachance)
Date: Tue, 11 May 2010 20:33:35 -0600

Yes, we have put AV on the Macs of our creative team.  The rest of the
enterprise is running Windows, and of course they too have AV.  The
developers have the same complaint, but they are on Windows.  Bottom line,
no matter what AV you put on, it will impact performance (some AV are worst
than other, of course).

AV is a necessary evil, because we don't have anything that is clearly
better yet (unless you want to implement application whitelisting, but that
has its own set of problems I hear).



On Tue, May 11, 2010 at 6:54 PM, Matthew Perry <mlperry at gmail.com> wrote:

Is anyone running AV on macs in their enterprise?  I am at a software shop
and the developers claim that McAfee is really slowing down their compile
times.

On Tue, May 11, 2010 at 4:17 PM, leslie l <enlight2k at hotmail.com> wrote:



I have been happy with LANDesk AV which uses the Kaspersky engine.

Date: Tue, 11 May 2010 14:14:48 -0500
From: xgermx at gmail.com

To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] Corporate AV suggestions

Thanks for all of the replies. If anyone else has info, feel free to

share.


On Tue, May 11, 2010 at 1:45 PM, Pommerening, Jeremy
<jpommerening at symbion.com> wrote:

I was having an issue with Sophos not catching Fake-AV too until I

turned on HIPS.  I'm catching most of it now with HIPS.  Environment is
approx 1000 nodes.  I will agree that the online database is slim but I'm
much happier than when we used Symantec EP.  As a bonus Sophos includes a
lot of functionality at no extra cost with Data Control (DLP) and Device
Control.






Jeremy Pommerening
MGR, Information Security
Symbion, Inc.
615-234-8912 Direct
615-429-6883 BB

GIAC - GCFA,GPEN, GAWN & GCFW,
GIAC Advisory Board Member
MCSE Win2K, MCSE NT4,
CompTia SERVER+, HP APS



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:

pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Little

Sent: Tuesday, May 11, 2010 12:15 PM
To: pauldotcom at mail.pauldotcom.com
Subject: Re: [Pauldotcom] Corporate AV suggestions

I'm on the fence regarding our Sophos EP distribution. I have a

feeling

that it is a little less resource intensive on the clients than the
Symantec 10 system we replaced, but not by a whole lot. Logging and
reporting isn't that strong, especially if you are looking at

offloading

events to a SIM or centralized log collector. Their online database of
threats is very slim on information, especially when compared with
Symantec's offering at http://www.sarc.com . It also doesn't deal

very

well with fast morphing threats like the rash of fake security

products

that have blown up in the last year. Almost all of the incidents I
respond to are fake AV crap. The management console is still fairly
nice, beyond being weak with reporting. One strong point is deployment

it was very easy to deploy out using SMS.

Hope that helps...

ZT

On 5/11/2010 9:42 AM, Pommerening, Jeremy wrote:

I've been very pleased with Sophos Endpoint protection both from a

pricing perspective and support perspective.


Jeremy Pommerening
MGR, Information Security
Symbion, Inc.
615-234-8912 Direct
615-429-6883 BB

GIAC - GCFA,GPEN, GAWN & GCFW,
GIAC Advisory Board Member
MCSE Win2K, MCSE NT4,
CompTia SERVER+, HP APS


-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:

pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of xgermx

Sent: Tuesday, May 11, 2010 8:33 AM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Corporate AV suggestions

So, it's license renewal time for our A/V and I'm open for
suggestions/recommendations/horror stories. (I'll be covering roughly
500 Windows based machines).
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Disclaimer: The email and files transmitted with it are confidential

and are intended solely for the use of the individual or entity to whom they
are addressed.  If you are not the original recipient or the person
responsible for the delivering the email to the intended recipient, be
advised that you have received this email in error, and that any use,
dissemination, forwarding, printing or copying of this email is strictly
prohibited.  If you received this email in error, please delete it from your
system without copying it, and notify the sender by reply email so that our
address record can be corrected.  Thank you. Symbion, Inc.



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


Disclaimer: The email and files transmitted with it are confidential

and are intended solely for the use of the individual or entity to whom they
are addressed.  If you are not the original recipient or the person
responsible for the delivering the email to the intended recipient, be
advised that you have received this email in error, and that any use,
dissemination, forwarding, printing or copying of this email is strictly
prohibited.  If you received this email in error, please delete it from your
system without copying it, and notify the sender by reply email so that our
address record can be corrected.  Thank you. Symbion, Inc.



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
Matthew Perry

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100511/354f5b10/attachment.htm

Current thread:

Corporate AV suggestions xgermx (May 11)
- Corporate AV suggestions Pommerening, Jeremy (May 11)
  - Corporate AV suggestions Josh Little (May 11)
    - Corporate AV suggestions Pommerening, Jeremy (May 11)
    - Corporate AV suggestions xgermx (May 11)
    - Corporate AV suggestions leslie l (May 11)
    - Corporate AV suggestions Matthew Perry (May 11)
    - Corporate AV suggestions Francois Lachance (May 11)
    - Corporate AV suggestions Aaron Moss (May 11)
    - Corporate AV suggestions Raffi Jamgotchian (May 12)
  - Corporate AV suggestions Kim White (May 11)
- Corporate AV suggestions infogeek2u at gmail.com (May 11)
  - Corporate AV suggestions Butturini, Russell (May 11)
- Corporate AV suggestions James Costello (May 11)
  - Corporate AV suggestions Mike Patterson (May 11)
    - Corporate AV suggestions genesiswave at gmail.com (May 11)
- Corporate AV suggestions Aaron (May 11)
  - Message not available
    - Message not available
    - Corporate AV suggestions Tyler Robinson (May 11)

(Thread continues...)