SEP Replacement

Discussion in 'Business & Enterprise Computing' started by Rea:Per, Jul 30, 2018.

  1. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    24,765
    not scanning inside zip files seems to be a fairly common default config for most things.
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,714
    Location:
    Canberra
    literally 6-7 instances a year.

    Webroot is no better/worse than anyone else.
     
  3. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,207
    Location:
    Brisbane
    And judging by past experience with head office, non default settings aren't usually configured
     
  4. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,351
    Location:
    Canberra
    so what, its a zip file, its not like it's executable.

    Indeed it is,
    [​IMG]

    To unpack the zip file the contents much first be extracted to a temp location before being executed, this is taken care of by 'on write'


    I'm not seeing how the end user would be any better off having the AV engine waste cycles on disarmed payloads.

    hell, zip bombs are on the up and up again ;)
     
  5. Skitza

    Skitza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,753
    Location:
    In your street
    Have migrated out to Sophos Central. AD sync/Exchange integration and all cloud based. Liking it so far.
     
  6. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    24,765
    How does this work?
    My usage of it is not domain joined, but if it were could I push the AV installer out to computers on the domain?
     
  7. ruffdayz

    ruffdayz Member

    Joined:
    May 27, 2017
    Messages:
    1,045
    Speak to Symantec /Your Symantec Account Rep... Don't be suprised if they actually come to the party (they hate losing business). I had a similar situation ages ago where some licenses expired before others and they honoured the entire thing as a renewal.

    In the past I've found them excellent to deal with in regards to licenses and can push that pricing back onto the wholesaler/reseller to honour.
     
  8. Dilbery

    Dilbery Member

    Joined:
    Nov 19, 2005
    Messages:
    1,153
    Location:
    Sydney, NSW
    This^^

    Avoid Sophos, they'll try and rope you in. [​IMG]
     
  9. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,537
    Still waiting for a citation.

    We trialed EOP with ATP, and it was woeful.
     
  10. person

    person Member

    Joined:
    Mar 7, 2003
    Messages:
    336
    Location:
    Brisbane
    Sorry to dig this up - Any recommendations for a cloud managed antivirus that works well on high latency internet connections? - i.e. doesn't 'pause' the machine while it's scanning?

    I manage around 80 machines, spread around the world, almost half are on poor quality or high latency internet (>300 - 1200ms)... All running Windows 10 Pro but not all domain joined.

    We currently run Avira Pro Antivirus (managed through EXO5 cloud), and PolicyPak LPM for either partial or full whitelisting (depending if users have local admin rights or not), so antivirus is not the first line of defence.
    I'd keep things the way they are but Avira has been having update issues for the last month, constantly nagging users to reboot to update....

    The reason for Avira is for years it has had the lowest 'perceived impact' on our machines, which run very CPU intensive, antiquated and messy Engineering/GIS software packages which are very sensitive to any slowdown. I tried Webroot in the past but during it's "cloud scanning" the machines would occasionally lock up while waiting for scan results due to the internet latency / packet loss - and performance impact overall was reportedly high... adding all our software to the whitelist seemed to have little effect...

    I have a low budget so can't afford the likes of Sophos or Cylance etc (Avira is about AU$35/machine/year) and I'm considering just using built in Windows Defender, but would feel more comfortable with something third party as reporting is a headache... I'm currently looking at Vipre and Barkly but i'm worried they will have similar issues with poor internet connections...
     
  11. Greg-Mega

    Greg-Mega Member

    Joined:
    Jul 13, 2005
    Messages:
    75
    Location:
    Launceston, TAS
    Sophos isn't that much more expensive, at 80 licenses you're looking at about $10 more per machine over 12 months, it's about $5 cheaper per machine over 36 months with competitive upgrade. If you do need help with your licensing shoot me a PM (I'm a Sophos Silver Partner).

    Just depends if you want InterceptX etc. (which there was a promo for but it ended today IIRC)

    Anyway, this feels a liitle too much liek work to me and I don't come to OCAU for that but the offer is there.
     
    Last edited: Sep 28, 2018
  12. The Watcher

    The Watcher Member

    Joined:
    Sep 18, 2001
    Messages:
    635
    Location:
    Melbourne, Victoria
    I'd highly recommend looking at Cylance
     
  13. Ding.Chavez

    Ding.Chavez Member

    Joined:
    Jul 27, 2001
    Messages:
    422
    Location:
    Sydney
    Cisco AMP
     
  14. OP
    OP
    Rea:Per

    Rea:Per Member

    Joined:
    Mar 27, 2011
    Messages:
    264
    Location:
    Sunshine Coast
    12 months on and thought i'd update.

    ruffdayz was correct and I was able to renew despite being outside the normal renewal window.
    We did this as it was the quickest way to get back running and protected again as I did not have the spare time to research & make the switch to a competitor.

    this time around I have a little more time to give it the attention it needs. so i will be looking at Webroot and Sophos i think
     
    ruffdayz likes this.
  15. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,718
    Location:
    3350
    Looking at Sophos Intercept X Advanced with EDR as our SEP replacement here.
     
  16. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,714
    Location:
    Canberra
    I would do some testing surrounding impact to hypervisors/server performance prior to committing if i were you.

    Sophos caused no end of issues on Hyper-V for us as an MSP. VMware was a little more resilient, but we didn't have any big workloads on it either (compared to hyper-v). This was coming from Webroot.
     
  17. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,207
    Location:
    Brisbane
    We used to run Sophos and had no issues with our guests, our hyper-v server was server core and we didn't bother with AV on the host
     
  18. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    37,907
    Location:
    Brisbane
    Let us know your thoughts. We're running the older Sophos endpoint here, and getting pushed hard by their marketing people to upgrade "because AI". I can't get a single technical detail out of them, so I'm keen to know what the real world benefits are.
     
  19. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,714
    Location:
    Canberra
    It's hitman pro plus an anti-ransomware specific tool.
     
  20. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    37,907
    Location:
    Brisbane
    I guess I'm asking how reliable/useful is the anti-ransomware shiz. They say it detects cryptolocker in action and shuts it down. I'd love to (a) see that in action, (b) see how it reacts to lots of little random files being written to a disk (say, oh I dunno, like a VFX facility generating thousands of images per second of random noise?).
     

Share This Page

Advertisement: