Discussion in 'Business & Enterprise Computing' started by Rea:Per, Jul 30, 2018.
not scanning inside zip files seems to be a fairly common default config for most things.
literally 6-7 instances a year.
Webroot is no better/worse than anyone else.
And judging by past experience with head office, non default settings aren't usually configured
so what, its a zip file, its not like it's executable.
Indeed it is,
To unpack the zip file the contents much first be extracted to a temp location before being executed, this is taken care of by 'on write'
I'm not seeing how the end user would be any better off having the AV engine waste cycles on disarmed payloads.
hell, zip bombs are on the up and up again
Have migrated out to Sophos Central. AD sync/Exchange integration and all cloud based. Liking it so far.
How does this work?
My usage of it is not domain joined, but if it were could I push the AV installer out to computers on the domain?
Speak to Symantec /Your Symantec Account Rep... Don't be suprised if they actually come to the party (they hate losing business). I had a similar situation ages ago where some licenses expired before others and they honoured the entire thing as a renewal.
In the past I've found them excellent to deal with in regards to licenses and can push that pricing back onto the wholesaler/reseller to honour.
Avoid Sophos, they'll try and rope you in.
Still waiting for a citation.
We trialed EOP with ATP, and it was woeful.
Sorry to dig this up - Any recommendations for a cloud managed antivirus that works well on high latency internet connections? - i.e. doesn't 'pause' the machine while it's scanning?
I manage around 80 machines, spread around the world, almost half are on poor quality or high latency internet (>300 - 1200ms)... All running Windows 10 Pro but not all domain joined.
We currently run Avira Pro Antivirus (managed through EXO5 cloud), and PolicyPak LPM for either partial or full whitelisting (depending if users have local admin rights or not), so antivirus is not the first line of defence.
I'd keep things the way they are but Avira has been having update issues for the last month, constantly nagging users to reboot to update....
The reason for Avira is for years it has had the lowest 'perceived impact' on our machines, which run very CPU intensive, antiquated and messy Engineering/GIS software packages which are very sensitive to any slowdown. I tried Webroot in the past but during it's "cloud scanning" the machines would occasionally lock up while waiting for scan results due to the internet latency / packet loss - and performance impact overall was reportedly high... adding all our software to the whitelist seemed to have little effect...
I have a low budget so can't afford the likes of Sophos or Cylance etc (Avira is about AU$35/machine/year) and I'm considering just using built in Windows Defender, but would feel more comfortable with something third party as reporting is a headache... I'm currently looking at Vipre and Barkly but i'm worried they will have similar issues with poor internet connections...
Sophos isn't that much more expensive, at 80 licenses you're looking at about $10 more per machine over 12 months, it's about $5 cheaper per machine over 36 months with competitive upgrade. If you do need help with your licensing shoot me a PM (I'm a Sophos Silver Partner).
Just depends if you want InterceptX etc. (which there was a promo for but it ended today IIRC)
Anyway, this feels a liitle too much liek work to me and I don't come to OCAU for that but the offer is there.
I'd highly recommend looking at Cylance
12 months on and thought i'd update.
ruffdayz was correct and I was able to renew despite being outside the normal renewal window.
We did this as it was the quickest way to get back running and protected again as I did not have the spare time to research & make the switch to a competitor.
this time around I have a little more time to give it the attention it needs. so i will be looking at Webroot and Sophos i think
Looking at Sophos Intercept X Advanced with EDR as our SEP replacement here.
I would do some testing surrounding impact to hypervisors/server performance prior to committing if i were you.
Sophos caused no end of issues on Hyper-V for us as an MSP. VMware was a little more resilient, but we didn't have any big workloads on it either (compared to hyper-v). This was coming from Webroot.
We used to run Sophos and had no issues with our guests, our hyper-v server was server core and we didn't bother with AV on the host
Let us know your thoughts. We're running the older Sophos endpoint here, and getting pushed hard by their marketing people to upgrade "because AI". I can't get a single technical detail out of them, so I'm keen to know what the real world benefits are.
It's hitman pro plus an anti-ransomware specific tool.
I guess I'm asking how reliable/useful is the anti-ransomware shiz. They say it detects cryptolocker in action and shuts it down. I'd love to (a) see that in action, (b) see how it reacts to lots of little random files being written to a disk (say, oh I dunno, like a VFX facility generating thousands of images per second of random noise?).