Sophos here, and I've been satisfied with it using Enterprise Console. Have to upgrade to new version after semester ends. Going to start using it for Linux clients as well.

Thanks Jared. Will you be enabling the on-access scanning too?

Did you use composer and build a package from the /Applications/ClamXav.app folder? What do you do to get the ClamAV engine installed? Run installer with the package inside ClamXav.app/Contents/Resources/clamavEngineInstaller104.pkg?

I tried doing this but I think some things didn't work right. I could never run ClamXav.app and manually have it update the signatures (run freshclam) successfully. It always told me I still needed to update the signatures again.

Hi- I do have Sentry running. I ran Composer in filesystem monitoring mode as it installs items on first launch. Aside from defining the proxy in the freshclam.conf file, updates have worked fine.

Well, I figured out why my ClamXav wasn't updating definitions. Our secure configuration includes a sudo setting to require a TTY. freshclam runs in the background via sudo without a tty. It was also preventing Sentry from starting.

Update: There's some "out of band" issues that have come up and we're sticking with blasted McAfee.

AAARRRRG.

I may have said "It's not a matter of if, but a matter of when I say 'I told you so.'"

[/rant]

@jarednichols For what it's worth, this sounds like the age old argument, where the pro-heterogenous Wintel team can't be bothered with the issues related to real-world-homogenous environments.

We provide documentation on what may happen any why your recommended solution can prevent unnecessary risk, downtime, and increased ROI...companies tend to listen when a light is shined on those things. So we become part of the solution, and the Wintel folks can decide if they want to be part of the problem.

It's a battle I'm not going to pick right now. It's less effort for me to just let McAfee fall on their faces. When it becomes untenable (and it will) then I'll worry about it.

@jarednichols I hear ya...we're waiting to get started testing SEP12, that should be loads of fun. SEP12 console policies for Mac computers will be under my control, I made sure of that. LOL

We have been using SEP 12 for quite a while now without issue. We have about 450 Macs and nearly 2,000 pc clients. Older versions of Symantec AV caused significant issues with our Adobe InDesign/ InCopy workflow (we are a publisher), but those issues were resolved in SEP 12.

@donmontalvo - a word of warning, watch the Symantec scans on your JSS - it eats up CPU cycles enough that remote and imaging more often than not will time out if coming from a remote location. Lately we've been experiencing timeout from local admin boxes. It's a nightmare. Killing the navx process (how it appears on OS X) will fix this immediately.

Feel free to hit me up with any questions. I've had to teach the Symantec engineers a few things about how their product actually works on the Mac.

@acdesigntech If you're having CPU issues and are having to kill the navx process, I would tweak your console settings for a less intrusive, more conservative set of policies, exclusions, etc.

If you don't have access to SEP12 console, might want to position yourselves so when these issues come up the bullseye is painted squarely on the group that does control the settings.

We've been working closely with Symantec engineers for years, unfortunately some of the more capable ones (like Todd Woodward) moved on to other areas within Symantec. But there are still engineers who "get it" and can help snuff these issues.

@donmontalvo - I'm doing just that right now! I took a look at the scanning schedule (which my team does not control and it is known that we don't), and to my surprise saw a niceness setting of 20, not -20...

We are also using McAfee, but "resource heavy" is an understatement. It is interfering with our 802.11 WLAN Network, it interferes with software installation, it makes for a simple login to take 10 minutes in some situations, and so on. We have all 4 components of "McAfee Security" enabled, but the policies are not restrictive at all.

Is anybody using McAfee and has at least bearable results?

@acdesigntech Ya, that's the problem, as long as you don't have control of the console, you can't disable the stuff that causes problems. :(

@ cvgs- yeah, I'm using Mcafee, and not having any of the problem you're describing. We use 802.1x for both wired and wireless, no problems there, no problems with software installs, either.
At idle, it's eating maybe 3-4% of available CPU. When the system's seeing a lot of disk activity, that can go up to 15-20%.
I deploy the agent and the application from Casper, and include them in my system image for new builds.

We are using McAfee as well. We turned off the firewall (have the native OS X fw running) and application protection (all about risk management). It was Application Protection that was killing us. This had to be done in local preferences so a couple defaults commands took care of it. Having them running was hosing software installs and usability. We recently received a hotfix for McAfee Security itself as well as one for ePO. It makes the install a 5 step nightmare, but in our testing it seems to work. Haven't deployed fully yet.

@nkalister good to hear that it can work... i am still trying to figure out when exactly the slowdowns happen. Opening iMovie, for example, results in the McAfee menu item briefly showing an exclamation mark while the whole system pauses for 10 seconds, but only once after each login. strange stuff...

I've used both Kaspersky and Sophos on Macs

ClamAVx

@ cvgs most likely your issues revolve around your scans. You should look at setting your scans for write only. That resolved some of our issues with McAfee when we were using them. Other issues came up that just made switching to Sophos a better option.

I'm using ClamXav here - have MCX handling the preferences, and so far it's worked very well.

SEP is an option, but I avoid Symantec like the plague. Too many bad experiences.

@jhbush1973 our settings have been most relaxed to the point of doing nothing - the system still was slow as molasses sometimes. However, it looks like the upgrade to 1.2.0 fixed the slowness for us.

one thing CVGS- we bought the license for mcafee's antivirus only- no firewall, no application protection. We tested the version with the firewall and app protection, and I saw many of the same issues you're seeing.

Another (belated) vote for Sophos. The management console is nothing to write home about, and getting the update procedure down is finicky, but once it works, it works well.

Currently SEP 12, not managed by any Symantec server. We are managing via the Casper Suite. I've been told to switch to TrendMicro and it will be managed with Tivoli.