Sophos AV Migration

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I am in the process of deploying Sophos Endpoint Security and Control, just finished setting up repositories on remote offices for update replication and couldn't be more happier with it! We used to use McAfee EPO but it did a horrible job at virus and rogue malware detection! No matter how much tweaking I've done it just doesn't work well... Also I find it bogs down the system to a halt, makes the workstations unusable.

With Sophos the detection is much better, I had to tweak HIPS a little for on access scanning which worked really well in the end... Just a recommendation, if you do use Sophos, for the on access scanning, leave just "On read" option checked.... If you keep it on write it can slow down your system quite a bit.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Do some tests with it, I had to deploy Sophos to a company last year, against my better judgement. Overall it was hideous at letting things through, stuff that the likes of Nod32, Defender, Mcafee and Forefront all picked up (I tested 4 full AV products and out of the lot Sophos came out far worse for detection and cleaning).

I liked the console but the end product itself left a lot to be desired.

 

not sure what others think, but in the service sector it seems the av used depends on what is tied in with the monitoring agent.

on the subject of av, forefront is supposed to be very effective - is that what you found Si?

 

Hi Boycie, yes I actually really liked Forefront, I am looking forward to the next release (Forefront End Point security) which ties in with SCCM much more. That's not out for a bit yet tho.

 

We've actually did quite a few tests with Sophos and McAfee... and McAfee was alot worse at detection... There's also a budget involved and for us NOD32 was more expensive....

 

The whole solution, the enterprise console and AV client was more expensive than Sophos and MacAfee versions of Enterrprise Console and AV client. Also the exchange module was more expensive as well.

 

It might, but not as much as McAfee....

 

It's all lies, damned lies and statistics with AV products. They're all as effective (or ineffective) as each other in various ways when it comes to detection. For this reason, personally, I'd never use anything other than McAfee. Every other product's managed solution is absolutely hideous to work with, whereas EPO is a breeze (though I still hate the move away from the EPO Console to the Web UI).

Everywhere I've gone has either already had EPO in place, or I've migrated to it in quick order. I've seen some botched installs in my time (not the least of which was my current place, which only had about twenty clients out of 300-odd reporting in correctly for one reason or another) but it's simple to fix most problems. It also never falls over at random (like anything to do with Sophos or Trend).

Client misconfiguration is the reason for every single instance I've had of McAfee killing CPU, apart from one instance a couple of years ago when they released a poorly configured dat which was 500 times the size it should have been. Even then I didn't get bitten by it because I always check the latest dat into the eval branch of my master rep, and have no distributed rep pull tasks until the next day. That means I'm one day out of date with dat files across my infrastructure, but also means I catch any problems with the dats (they do occur, very infrequently, as described above) before they get rolled out and cause problems.

If I didn't run EPO on my home domain I probably wouldn't bother with an AV scanner. I've been using computers for 15 years and never had a single virus at home.

As for Prof's comment about RAM, McAfee 8.7 runs at least 50% lighter RAM-wise than 8.5 used to. Last time I compared, 8.5 was about 15% higher RAM usage than Sophos' desktop client (admittedly this was two years ago). Don't believe the hype about McAfee - take all the 'home-user' targeted ****e off of it and it runs lean, mean and is very unobtrusive. One thing it is pants at is malware detection - but you shouldn't use a desktop client for that anyway, they're ALL crap at it. You should be using a gateway based product for that.

 

I Like forefront...
but its in need of a bit of an overhaul, should be getting that this year

 

It's interesting because we've had really bad experience with McAfee over the last 2 years... We've tried all kinds of configurations, tweaks, we called support, etc... and it did not help. We've used sophos for a month and already it performs much better... But I guess time will tell if the same will happen with Sophos.

 

Hey Prof - I could do a consult for ya if you like...

 

Thanks for the offer Zeb, as always much appreciated, I should of mentioned it before... but we already signed a 1 year contract with Sophos and did not renew McAfee...

 

We just switched from Trend Micro Officescan over to Sophos, and I quite like it. It has been VERY effective in catching things that Trend did not, and it is FAR less buggy, not to mention the memory footprint is less than Trend.

There have been a few issues, but very minor considering the migration we went through.

Have you deployed the NAC component yet? That is next on my list, but is a very low priority right now. At least I have the application blocking doing its thing.

 

We were actually looking into that but not a priority either... I am actually trying to get the command line scanner for our spam filter working. No luck at the moment. I really don't want to install the AV on the exchange server, last time we had serious slow downs.

 

We went from Mcafee to Sophos at one of our sites, definitely love Sophos so much more.

 

LOL - proof of exactly what I said earlier - it's all about personal experience!