1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sophos AV Migration

Discussion in 'Computer Security' started by Theprof, Apr 15, 2010.

  1. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I am in the process of deploying Sophos Endpoint Security and Control, just finished setting up repositories on remote offices for update replication and couldn't be more happier with it! We used to use McAfee EPO but it did a horrible job at virus and rogue malware detection! No matter how much tweaking I've done it just doesn't work well... Also I find it bogs down the system to a halt, makes the workstations unusable.

    With Sophos the detection is much better, I had to tweak HIPS a little for on access scanning which worked really well in the end... Just a recommendation, if you do use Sophos, for the on access scanning, leave just "On read" option checked.... If you keep it on write it can slow down your system quite a bit.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  2. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Do some tests with it, I had to deploy Sophos to a company last year, against my better judgement. Overall it was hideous at letting things through, stuff that the likes of Nod32, Defender, Mcafee and Forefront all picked up (I tested 4 full AV products and out of the lot Sophos came out far worse for detection and cleaning).

    I liked the console but the end product itself left a lot to be desired.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    not sure what others think, but in the service sector it seems the av used depends on what is tied in with the monitoring agent.

    on the subject of av, forefront is supposed to be very effective - is that what you found Si?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Hi Boycie, yes I actually really liked Forefront, I am looking forward to the next release (Forefront End Point security) which ties in with SCCM much more. That's not out for a bit yet tho.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  5. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    We've actually did quite a few tests with Sophos and McAfee... and McAfee was alot worse at detection... There's also a budget involved and for us NOD32 was more expensive....
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Really? Was that was just for the AV client for NOD32.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    The whole solution, the enterprise console and AV client was more expensive than Sophos and MacAfee versions of Enterrprise Console and AV client. Also the exchange module was more expensive as well.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  8. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    WE've just done the same changed from NOD32 to Sophos. Cost difference between them was quite a lot even with the educational discounts.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Must be different pricing where you are, I’ve been migrating all customer networks to NOD32 for the past few years and NOD32 has always been more competitive than McAfee, Symantec and Sophos.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Looks like I`ll need to have another look at the pricing now....

    Sophos will eat more RAM though. :tongue
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196

    It might, but not as much as McAfee.... :biggrin
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  12. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    It's all lies, damned lies and statistics with AV products. They're all as effective (or ineffective) as each other in various ways when it comes to detection. For this reason, personally, I'd never use anything other than McAfee. Every other product's managed solution is absolutely hideous to work with, whereas EPO is a breeze (though I still hate the move away from the EPO Console to the Web UI).

    Everywhere I've gone has either already had EPO in place, or I've migrated to it in quick order. I've seen some botched installs in my time (not the least of which was my current place, which only had about twenty clients out of 300-odd reporting in correctly for one reason or another) but it's simple to fix most problems. It also never falls over at random (like anything to do with Sophos or Trend).

    Client misconfiguration is the reason for every single instance I've had of McAfee killing CPU, apart from one instance a couple of years ago when they released a poorly configured dat which was 500 times the size it should have been. Even then I didn't get bitten by it because I always check the latest dat into the eval branch of my master rep, and have no distributed rep pull tasks until the next day. That means I'm one day out of date with dat files across my infrastructure, but also means I catch any problems with the dats (they do occur, very infrequently, as described above) before they get rolled out and cause problems.

    If I didn't run EPO on my home domain I probably wouldn't bother with an AV scanner. I've been using computers for 15 years and never had a single virus at home.

    As for Prof's comment about RAM, McAfee 8.7 runs at least 50% lighter RAM-wise than 8.5 used to. Last time I compared, 8.5 was about 15% higher RAM usage than Sophos' desktop client (admittedly this was two years ago). Don't believe the hype about McAfee - take all the 'home-user' targeted ****e off of it and it runs lean, mean and is very unobtrusive. One thing it is pants at is malware detection - but you shouldn't use a desktop client for that anyway, they're ALL crap at it. You should be using a gateway based product for that.
     
    Last edited: Apr 16, 2010
    Certifications: A few
    WIP: None - f*** 'em
  13. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    I Like forefront...
    but its in need of a bit of an overhaul, should be getting that this year :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  14. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    It's interesting because we've had really bad experience with McAfee over the last 2 years... We've tried all kinds of configurations, tweaks, we called support, etc... and it did not help. We've used sophos for a month and already it performs much better... But I guess time will tell if the same will happen with Sophos.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  15. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Hey Prof - I could do a consult for ya if you like...
     
    Certifications: A few
    WIP: None - f*** 'em
  16. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Thanks for the offer Zeb, as always much appreciated, I should of mentioned it before... but we already signed a 1 year contract with Sophos and did not renew McAfee...
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  17. Finkenstein

    Finkenstein Kilobyte Poster

    378
    3
    59
    We just switched from Trend Micro Officescan over to Sophos, and I quite like it. It has been VERY effective in catching things that Trend did not, and it is FAR less buggy, not to mention the memory footprint is less than Trend.

    There have been a few issues, but very minor considering the migration we went through.

    Have you deployed the NAC component yet? That is next on my list, but is a very low priority right now. At least I have the application blocking doing its thing. :)
     
    Certifications: MCP, Network+, CCENT, ITIL v3
    WIP: 640-822
  18. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    We were actually looking into that but not a priority either... I am actually trying to get the command line scanner for our spam filter working. No luck at the moment. I really don't want to install the AV on the exchange server, last time we had serious slow downs.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  19. simonp83

    simonp83 Kilobyte Poster

    254
    4
    32
    We went from Mcafee to Sophos at one of our sites, definitely love Sophos so much more.
     
    Certifications: A+, MCP, MCDST, MCTS, MCITP
    WIP: 70-291
  20. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    LOL - proof of exactly what I said earlier - it's all about personal experience!
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...