What corporate AV do you use?

brad-

I am now at a point where my company needs to purchase an antivirus program to cover a little over 100 XP/Server2003 machines. Dont ask me why they dont already have one...not a fun conversation.

I've downloaded the trial version of Symantec Endpoint 11, and it seems straight forward from an implementation standpoint. I've used its management console and installed a client. I also know that Norton is traditionally a resource hog and buggy.

I have no frame of reference to make this decision on what brand to use other than a second hand story that was big on ESET.

We need a corporate AV that I can manage from 1 PC, and push out updates. I want it to be mostly transparent to the users - ie not a resource hog or give them popups. Need to run it on a W3k3x64 server with XP clients...and W7 in the near future.

With that said...im interested in what products you guys have had good/bad experiences with.

crrussell3

I am in the middle of rolling out an upgrade from Symantec Corp 10.5 to SEPM 11.0.5 and am not experiencing any difficulties. From what little time I have had on the 10.5 Management Console, the SEPM v11 is far superior.

From my testing so far in the small group I have rolled out to, they have not noticed it running in the background or performing full system scans, compared to older versions which like you said are resource intensive.

I also will say that Forefront is a great product too. My previous job used it, and had no issues. The admins there were quite relieved at finally ditching Symantec.

Of course both products fully support 32/64 bit systems upto and including W7/2008. Itanium is iffy for Symantec though. I don't believe the new client will work on there if I am not mistaken.

dynamik

I've gone with ESET in the past. Kaspersky is another favorite of mine.

Chivalry1

I work for a large financial institution and we use CheckPoint. And let me be the first to tell you....CHECKPOINT SUCKS!!! If you remember the old ZoneAlarm firewall...essentially CheckPoint AV is ZoneAlarm coupled with cheap AV bolt on. We have spent millions to realize this product was not a smart investment.

At my previous corporation I implemented Sophos AV. You will barely know that the AV is running.. (of course until it recognizes a virus detected...then it goes into action.) Management console is very easy to understand. True cross platform support from OpenBSD to Windows 2008 R2. Cisco Ironport uses Sophos as there AV engine.

Trend Micro would be my second choice. Although the administration console can be a bit tough to configure.

jojopramos

In the main office, We are using Trend Micro Worry Free Business Advance.... and in our branches, it is NOD32... (I am beginning to love NOD 32, it is very effective for us and easy to manage.) For your requirement, I can recommend NOD32, as it is easy to manage and so as it's deployment. You can just easily search for node's without the NOD antivirus, and deploy (client - Windows XP). For the Trend Micro, we already deploy Windows 7 to our main office and trendmicro works best... also, I uninstall our Trendmicro officescan 6 business suite and install the new Trend Micro Worry Free Business Advance, well, the new one automatically uninstall the old antivirus and install the new one in all of our clients. My observation with this, the scanning is now lighter that before. I will still check for NOD32 enterprise on Windows 7, since I just install NOD32 on one of Windows 7 machine. It works perfect so I will assume that NOD 32 will be ok in the enterprise deployment.

Still, I love NOD 32 more than trend micro lol......

Kaminsky

Chivalry1 wrote: »

If you remember the old ZoneAlarm firewall...essentially CheckPoint AV is ZoneAlarm coupled with cheap AV bolt on.

ZoneAlarm isn't bad but when it goes wrong, it goes wrong in a big way. Coupling that with AV, I wouldn't want to be around when that goes wrong.

+1 Symantic Endpoint across our whole corp here.

littlehoops

we use f-secure where i work. It seems very good the admin console is easy to use. i recommend It!

hoops

NightShade03

-1 for Symantec. We used it for about 1500 machines and servers in our network and what...a...nightmare! Like the normal complaints, resource hog, slows down laptops in a real bad way too. My other big issue with it is that we had some legacy software and with SEP there is a IPS/AV/Anti-SPY all in once and it would detect the legacy app as a virus. There were alot of false positives in the reporting console as far as the IPS piece in concerned.

We now currently use AVG. While it works, and is pretty good I must say there are quiet a few things it doesn't catch....The flip side though is that the install and management of it is pretty efficient.

I've also used Sophos a bit and would recommend that too.

NinjaBoy

Panda Enterprise AV on Clients & Server, the Sophos WS1000 for web filtering (including virus & malware/spyware) and the Sophos ES1000 for SMTP (e-mail) filtering.

However I'm considering making the move to MS ForeFront when our Panda licenses expire...

-Ken

RTmarc

Another vote for ESET NOD32. We swapped over to it from BitDefender at my previous position and the day it went into production is the day we stopped having any issues related to AV.

GAngel

+1 for symantec

We're on trend now and it's no where near as good.

Tin_Man

At my old place we used Mcafee. Gawd I hated that POS

However at my new job we use NOTHING!!! well whatever the user's have on the laptops... How scary is that?! Thankfully I have put the risk of that to the IT Manager and we are going with Symantec in the coming week(s)

brad-

RTmarc wrote: »

Another vote for ESET NOD32. We swapped over to it from BitDefender at my previous position and the day it went into production is the day we stopped having any issues related to AV.

Ive done the trial for SEP. I'm getting the trial for ESET NOD32 now to see how it goes.

HeroPsycho

I'd recommend Forefront, but it's unfortunately more costly than others. NOD32 would probably be my second choice.

rsutton

Currently using Trend Micro Worry Free. Not to happy with the detection rate, or lack there of. The other companies I support use NOD32, which works very well. Symantex & Mcaffee have always been resource hogs, prolly only work well on very new/fast systems.

Grynder

Running Avast in a 30 client SBS2008 environment. No complaints except that the management console takes some getting used to. In another company they are running Symantec which generates a lot of complaints from the users because Symantec takes up a lot of resources. Plus it misses a lot of viruses. Yesterday I had to remove 2 'Internet Security 2010' infections.

someeh

NinjaBoy wrote: »

Panda Enterprise AV on Clients & Server, the Sophos WS1000 for web filtering (including virus & malware/spyware) and the Sophos ES1000 for SMTP (e-mail) filtering.

However I'm considering making the move to MS ForeFront when our Panda licenses expire...

-Ken

Ninja,

How is your experience with Panda? My company uses Eset.

arwes

We recently moved from Symantec 10.1 to SEP 11. For the most part, it was uneventful moving the machines over. But I have found that if it has a problem, it fails spectacularly. Our HR head's laptop had something screw up with the Network Threat Protection when I pushed it out to her. I had to get their uninstaller to get rid of SEP, then after it was uninstalled I also had to disable the driver for NTP in Device Manager and then run the uninstaller thing again. Huge pain in the butt.

I'd almost talked the boss into going to TrendMicro Officescan when he realized he'd cut a check for SEP a few months prior. I liked NOD32 but it didn't seem to handle our remote offices quite that well. Vipre had problems with it as well.

Hyper-Me

Panda.

Its junk, I highly recommend against it....consdering it cant even detect the Sasser virus, nor the "Internet security 2008/2009/2010" junk.

We are hopefully moving to Forefront soon.

/usr

Thus far, I have been quite pleased with Kaspersky. We use it on clients and servers without issue.

cbigbrick

McAfee ePolicy Orchestrator 4.0 with:

VirusScan Enterprise 8.5i
Anti-Spyware 8.5i
Rogue System Detection 2.0

And soon Device Control 2.0

VSE can be a resource hog!!!!!!!!!!!!!!! On Demand Scans on file servers take forever!

qcomer

cbigbrick wrote: »

McAfee ePolicy Orchestrator 4.0 with:

VirusScan Enterprise 8.5i
Anti-Spyware 8.5i
Rogue System Detection 2.0

And soon Device Control 2.0

VSE can be a resource hog!!!!!!!!!!!!!!! On Demand Scans on file servers take forever!

We use VSE and ePolicy also, but dont think the others.

We buy into a pool since (all of the districts in our County do) since our county office of education is our ISP.

Kind of sucks, hopefully we can switch to sophos soon. VSE has wayy too big of a footprint on older machines.

phoeneous

rsutton wrote: »

Currently using Trend Micro Worry Free. Not to happy with the detection rate, or lack there of. The other companies I support use NOD32, which works very well. Symantex & Mcaffee have always been resource hogs, prolly only work well on very new/fast systems.

Agreed.

Trend Micro phailz miserably in the detection department. Best Ive ever worked with is McAfee EPO.

crrussell3

Hyper-Me wrote: »

Panda.

Its junk, I highly recommend against it....consdering it cant even detect the Sasser virus, nor the "Internet security 2008/2009/2010" junk.

We are hopefully moving to Forefront soon.

My contract job used Forefront, which I liked, but unfortunately, it didn't detect the Personal Antivirus, etc, etc junk. Way too many infections of that to count while running Forefront.

joecontreras

We use AVG. As mentioned above there are some things that may slip through from time to time but nothing major or more so than anything else we have tested.

My problems with Symantec and McAfee products is that when they malfunction all hell seems to break loose. I always keep Norton's Removal Tool and McAfee's Removal tool on my thumb drive to remove these when this happens.

Hyper-Me

crrussell3 wrote: »

My contract job used Forefront, which I liked, but unfortunately, it didn't detect the Personal Antivirus, etc, etc junk. Way too many infections of that to count while running Forefront.

The newest forefront (sterling) is supposed to be based off the same "stuff" as MSE, which does catch the personal antivirus BS.

So im being hopeful lol

itdaddy

We use symantec 11.5 and yeah the console is a hog. It NEEDS a 2GB ram spec. I like avast. I think avast would be a good solution.

What really sucks is that there is no one AV/AS that catches them all.

We have used symantec for years but only on 100 machines. it seems to work well, but people can tell their systems are bogging down.

I have hear good things about Panda. They have improved the bloatware.

But I think Avast is very light weight and effective..I use it for home and also run Avira which I love and I never catch anything but a cold and I surved some risky sights if you know what I mean

dynamik

itdaddy wrote: »

What really sucks is that there is no one AV/AS that catches them all.

This is why a defense-in-depth approach is recommended. Use a different product to filter your internet traffic, email, workstations, etc. If you use the same product everywhere, it will likely fail in the same place every time. The downside of using multiple vendors is that more expertise is required. Swapping out a product you know like the back of your hand only to replace it with something you don't know how to properly configure is probably a worse situation.

arwes

itdaddy wrote: »

We use symantec 11.5 and yeah the console is a hog. It NEEDS a 2GB ram spec. I like avast. I think avast would be a good solution.

What really sucks is that there is no one AV/AS that catches them all.

We have used symantec for years but only on 100 machines. it seems to work well, but people can tell their systems are bogging down.

I have hear good things about Panda. They have improved the bloatware.

But I think Avast is very light weight and effective..I use it for home and also run Avira which I love and I never catch anything but a cold and I surved some risky sights if you know what I mean

What's funny is that according to our users (also Symantec 11.5), some of them are fine and then there's others who have definitely noticed a slowdown. I run a scheduled scan on all the systems at noon (lunch time for most). It takes on average 45 minutes to complete. This one user is having scans end around 4:30 PM..she swears that she isn't hitting pause on the scan. Incidentally, she's also the one with the highest rate of virus/spyware attacks.

itdaddy

dynamik

dude very good points you have there. I like your idea..well that is what I do at home

arwes

hahhahahah that makes me laugh...user issues can be so funny
when you can track them they sware they dont do that hahaha
ahahah; but us IT people know. Yeah we have websense and
well it tracks alot and you show them where they surfed and they say
"I nver surfed there!" ahhahhha Even though I dont like a lot of these tools that bulk links/sites together as one. You know say they surfed
a site and there were tons of sublinks like on ebay or amazon. well
everylink on the page is caught by websense as an individual site surfed
so when admin looks at management screen they see 1,000 hits in like 10 minutes yeah right! I hate that about websense!
but on another note that someone mentioned using AVG free at work?
or was it AVG purchased I have used AVG many years and it use to be good but not anymore Avast/nod32/avira/ that german av/as starts with K and panda are all very good...I also like superantispyware and that Malware something program that has gotten rid of some bad bugs like Antivirus Live if you have every had that one. that one sucks!

back to symantec new GUI console it takes 2 GB of ram to run the freaking console; when it use to be a cool MMC snap in light weight now it is a full fledge GUI piece of crap! all fluff and no puff!

tiersten

itdaddy wrote: »

What really sucks is that there is no one AV/AS that catches them all.

The trick isn't just catching them all but also not having false positives. AV packages can get good detection numbers if they set the threshold so low that anything including legitmate files will trigger it.

You don't want important system files being quarantined or "cleaned" because your AV package mistakenly thinks it is infected. You also don't want users to get used to constant warnings and get into the habit of ignoring or overriding the AV package.

I'll be marketing Tiersten Antivirus Pro 2010 Ultimate Super Extreme Limited Pokemon Edition. It will have 100% detection guarantee. I'll achieve this by just claiming every file is potential malware...

Oh and work uses McAfee + ePo crap. I use NOD32 at home.