We are a mixed environment 80% Windows 7 clients and 20% Mac, Servers are mostly Windows 2008 R2 running on Hyper-V cluster. With that in mind here's our state of play.
We have been using Sophos on all machines with an internal update server and this was working very nicely for us. Being a school we get very good education rates on MS stuff and with SCCM2012 that includes System Centre Endpoint Protection. So we have just moved from Sophos to MS SCEP for all Windows machines and I was testing deployment of ClamXAV when MS announced that SCEP was available for Mac and with SCCM2012 SP1 there would be support for local hosting of updates for SCEP for Mac. So I have packaged, tested and deployed SCEP to all our Macs and have to say that so far it is all going swimmingly. For the moment they are getting updates through our proxy but once SP1 is out we will host updates locally.
Regards
Lincoln
We use Sophos for windows server and clients and Macs.
It functions a lilttle better on windows but if you have SSD on your laptops, there's nothing to worry about.
Pretty good protection too.
Does anyone have any more recent thoughts on this post? We have encountered some performance issues with Sophos Cloud, and are considering switching. We also need a solution that will support Linux servers. Does anyone have a solution that they are super happy with? Would also like something that plays nicely with FileVault.
@ajohnson whatever you do, I'd stay away from Trend Micro. Their PC software is fine, but their Mac software is terrrrrrible.
We've been pretty happy with Sophos (Enterprise Console) for our Macs. It's gotten a little tricky to deploy, but @rtrouton is always on the case.
Our preference is still Sophos as the enterprise console works well with Active Directory to automatically configure all the client side settings. Most of our clients are already using McAfee on their Windows computers so we end up having to deploy that quite often. Neither are pkgs and so require a command to get them installed.
Does anyone have an opinion on eset vs Sophos? We've been a happy sophos customer for about five years, but the eset console is tempting.
I've been supporting Macs for a long time, and this is question comes up with regularity on a variety of different forums over the years.
Time and time again, I generally see more nods of acceptance towards Sophos.
I've never used it, but fewer people seem complain about using Sophos v.s. 'the others'
Alexis,
We are content with Symantec. They just rewrote the app before X.9 and it works well. We are in their beta program and get to test beta OS X with their beta client. They have been very responsive and helpful with our beta feedback
They have released the X.9 and X.10 client the same day Apple released.
The two downsides that I see is that the client .pkg is created on the server so you have to update your Symantec management server before you can create the client .pkg. Also the virus defs are in the client .pkg so the defs are out of date in you build the day after you update your server. As you don't update the server or the installer that often. We had a small issue with the X.9 client auto updating (and we scripted a solution) but the X.10 client has been rock solid.
C
Just finished a POC with the Sophos AV & Enterprise Console and was very happy with it (for my use - and usual disclaimers). Their sales people connected me with technical people whenever I had questions during the free trial and were very helpful. I found that between JamfNation, @rtrouton @tkimpton and Sophos' own KB and communities that there were vast and rich resources to navigate me through most of the unknowns.
I, too, wanted to try ESET before making my final decision but the help resources weren't as plentiful and, frankly, their sales people seemed uninterested in a small installation such as ours, and were rather "disengaged". After they sent me some very outdated Mac materials, I gave up on them.
An independent review of various Mac AV client's effectiveness placed Sophos at the top in all categories but one (ESET was first in that category and second in all the others).
I easily integrated the alert logs with our InfoSec's Splunk tool so they are happy.
I can dig around for the link to the review (it was from late 2014) if you wish. If JN had some sort of double-blind email system for registered and verified members, I'd send you a redacted copy of my detailed POC that I submitted to management. Or, if you have a disposable email address, post it here and I'll email you all of the info. I'm funny about public disclosure of personal info. I spelled out my name on JN-IRC the other day and immediately broke out in hives. :-)
We use Sophos with the Enterprise Console running on a 'Doze Server 2008 R2 VM. We have an update manager (VM) for US/UK and one for APAC (VM). Can't say we have had any complaints from users, unlike SEP 12 which we moved away from. We do keep our users machines in warranty though, so there aren't many if any clunkers kicking around.
Thanks for all the responses! I'm wondering if anyone has used Sophos Enterprise in the past and has any familiarity with their cloud offering? We are using Sophos Cloud, and I'm not finding it to be as seamless as it sounds like the on prem offering is.
Sorry, we're using on premise as my company is very wary of anything outside of our own data center. Otherwise, I would have just dropboxed the aforementioned docs to you. :) I have seen some threads around here of people moving in that direction (Sophos Cloud) and I'm sure someone will chime in. This community is awesome despite my own penchant for obscure humor and/or emotional responses.
Looks like this thread has com back to life.
For those of you using ClamXav, would you be able to share how you enabled scheduled scans and/or Sentry, if applicable?
Thanks.
@chriscollins Can you please expand on 'terrrrrrible'?
Buggy? Unstable? Resource-intensive? Intrusive? OS/software compatibility issues? Hard to install/manage/update? Any insight would be helpful.
I'm running ClamXav (i.e.; clamav + the GUI wrapper), but my IT dept recently purchased the Trend Micro Enterprise Suite - so there is a push to install (or at least consider installing) Trend Micro Security (Mac) 2.x on our ~300 Mac workstations. I have it on (2) IT test Macs running 10.10.2 Yosemite now.
Where to go, what to choose?
- At my former employment, we used McAfee, and it's something I'll never do again. 25% of our CPU cycles needlessly wasted doesn't make me happy.
- At my new employment, when I started a couple years ago, they used Trend for both Windows and Macs. It was terrible.. on Windows. The number of re-images due to infection was excessively high, and techs had started installing WSE on PCs as a result. Eventually the powers that be were convinced that Trend had to go and we've currently with SCEP on Windows. Frankly cheaper, but not much better than Trend. But this is about Macs, so.. No one had installed Trend on a Mac in ages and it wasn't even a package in Casper, so that should tell you how popular it was.
- Norton AV... hahahahahahahahahahahahahahahaha..... hahahahaha. We use PGP here, so I've had plenty of dealings with Symantec. I don't think they'll be getting any more of our money or time, if I can help it.
- Many many moons ago, I tried Intego. It was ok, but their business practices over the last few years has been reckless ('proof of concepts released into the wild to sell AV'). So they're out.
- Once it was available, I moved to ClamXav and I've been quite happy with it for my own use.
Now at my new employment, we're again at a crossroads where none of my predecessors have bothered with modern AV and it's become my job to choose and deploy something. Naturally I'm inclined to go with ClamX, EXCEPT they are no longer a freeware company. They've gone to pay-for (which is totally understandable!). If I'm going to end up paying licenses, then I want to make sure I'm getting something good. The general consensus here on JAMFNation seems to be that Sophos is the way to go, however, I have no interest in taking on the management of a yet another enterprise solution that requires a server-based console and management, strictly so some exec can check a box that says 'AV compliant on Macs'.
So here I am, which way to go?
- ClamX is lightweight and I can configure it to act sanely. I've used it for a long time and I'd like to support the little guy. I know it won't spend tons of time sucking CPU cycles needlessly. But it has no centralized enterprise level solution (do I care?). It's also a little ugly (do I care?). They will be reasonable with an EDU-based-bulk licensing scheme.
- Sophos is Enterprise level software. But I need a centralized server to run/control it from (I don't want to have to manage that too). It's considerably more heavyweight in terms of CPU cycle usage, from what I have read. I don't know what the EDU-based-bulk licensing would cost yet, but suspect it will be more than ClamXav. In the long run, will this be a better choice when someone asks what we're using?
Jacques,
Symantec rebuilt SEP for the Mac for X.9. I am not saying that it's perfect, but it is many times better than it was.
Also another plus for SEP is that since X.8 Symantec has delivered a working version on the day that Apple release a new OS... i.e. X.8, X.9 and X.10.
They also have a beta program that let's us test ahead of the OS release.
C
PS. Nobody has been able to convince me, that the built in AV is not enough. Last time I checked Apple is doing a reasonably good job.
I've heard good things in general about Sophos on the Mac. As good as any AV product can get at least (they basically of all suck by nature)
But I would agree with @yellow If I could convince the org I work for to ditch McAfee I would in a heartbeat. Unfortunately, due to some "ins" and some buddy buddy stuff that is going on between McAfee reps and our InfoSec team, it seems it would take an act like their product erasing data across the entire company to even get them to admit its just so bad. I'm not even talking about just the Mac. Its bad on Windows too.
I can't say any specifics but we have McAfee on some servers and it has a habit of really running up the CPU. Bad bad bad.
My lovely Macs use Sophos and it's lovely. McAfee is staying as far away from my Macs as possible.
Sophos here as well.
It just works effortlessly in the background and is seemless for integration with the management console, our Windows/Mac are all running it and it's rare it to cause any problems with user base of 400 desktops, oldest being 2010 iMac,
Majority of users don't even know if it's there
Sophos here as well with no real complaints, at least on the client side.
There are a few things I wish it would do for automatically, like putting systems into groups based on some criteria, like naming patterns. As far as I know it can't do that. When a machine is imaged, the client is installed and it phones home it goes into a default container. You have to manually move it into the preferred group.
You can make it go into groups based on AD as well, but only when you trigger an import, again...based on what I recall. Perhaps that's changed.
We use Webroot Secure Anywhere
SEP 12.1.6 Enterprise here. It's crap, don't buy it. It's always happy to scan your email for PC trojans, though.
ClamAV or Sophos or even better... nothing. Bosses don't like to hear the "we dont use antivirus" talk though.
