[unisog] Your opinion on your AntiVirus product?

Goverts IV, Paul pgoverts at sjfc.edu
Mon Nov 28 16:57:01 GMT 2005

We are currently using Symantec Antivirus Corporate Edition 10.1.  We
have been generally happy with it, however we did have some troubles
with it this past spring while trying to upgrade one of our management
servers to 10 from 9.  In general, it can do some basic spyware
prevention/removal, although sometimes we still need to run an extra
tool such as ad-aware or ms antispyware to remove some of the nastier
ones, but the detection and removal has been steadily improving from
what I have seen.  One challenge we encountered with version 10 that
didn't exist in 9 was that 10 uses PKE to encrypt the traffic, which is
something to be careful of if you are migrating clients between
management servers and server groups since they may not "remember" the
proper key when moving, and the same care needs to be taken care of when
using the management console, otherwise the console may not be able to
communicate with the servers properly.  (Following the Symantec
documentation exactly is key when migrating to 10)  


In addition, version 10.0 had a startup scan that was only able to be
disabled via a user-profile based registry hack, but 10.1 has an option
in the management console to turn off startup scans.  The startup scans
really made some of our older systems slow down when people logged in.
It has a decent installer that lets us push the new versions of the
client at desktop systems in our domain, but the only drawback is if the
push upgrade requires a restart (as is usually the case) it will make us
force a manual restart of systems.  If you have any questions please let
me know and I'd be happy to answer them.  


Paul Goverts IV
Computer Services
St. John Fisher College
Rochester, NY 14618

"Ask yourself - Where are you going?  Who is going with you?"  -- "Col."
Gordon Shay


From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Bartlett, Matt
Sent: Monday, November 28, 2005 9:58 AM
To: unisog at lists.sans.org
Subject: [unisog] Your opinion on your AntiVirus product?


I am on the hunt for opinions of corporate anti-virus products used at
other universities.  What do you use?  Are you satisfied with it?  What
do you find are it's strengths and weaknesses?  Has it presented you
with any unique challenges, or does it have features that provided you
with an unexpected dividend?  Do you have any problems with your mobile
users who may not connect to your network frequently enough?


We are looking to replace our current Trend Micro product suite, which
is why I'm soliciting your opinions.


Here is my opinion on Trend.

The client agent is too resource intensive, using 5 processes totaling
approx. 25MB of system memory when idle.  It has been unable to detect
several variants of IRCBot viruses.  It does have a nice variety of
tools for tasks like deployment and imaging.  The real killer for us has
been the dissatisfaction with the support provided by Trend.


I'd value anyone's input.



Matt Bartlett

St. Louis College of Pharmacy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20051128/40689913/attachment-0001.htm

More information about the unisog mailing list