+6For audit purposes and the fact that our current AV software is buggy right now, I am considering free anti-virus software that does not have a business/enterprise prohibitive license.
Any suggestions?
Are there any free A/V agents that enterprises are using?
I was considering ClamXAV but I see there is a charge for that now.
+16Does the Apple built in AV meet your needs? Or maybe a better way to phrase the question, who do you trust more than Apple to protect Mac OS X? : )
C
+18Whatever Apple builds into the OS is not going to satisfy many audit requirements. It's not about trust, it's about monitoring alerts, reporting, building into process workflows, etc. There's no "console" to use to get a global view of all of your clients. You also won't get the sort of full-volume scanning (including malware that affects other platforms) you get with dedicated software.
If your company has controls and audits for AV, it's very unlikely that OS X itself is enough.
+10" it's about monitoring alerts, reporting, building into process workflows, etc. There's no "console" to use to get a global view of all of your clients."
ClamXAV wasn't going to hit those points, either.
+16For sure Alex... however... all that data the vendor apps provide doesn't matter and an old way of thinking....
My point is that, most places don't have the resources to prove that their AV of choice is really monitoring,reporting and protecting correctly..... They are trusting what the vendor tells them and what the Apps report.
And I am going to trust that Apple knows more about protecting the OS than anybody...
That said I don't get to decide what AV my company uses for all the reasons you listed..... : )
C
+11There is no Mac OS Antivirus that is free that has a centralized managed console, which would be required in any audit. - IMHO
+16Philip,
I think there is a way to verify that the built Apple defs, if that is what they are called are current with a AE and I think you can also send a bash script every check in with Casper to make sure that it's "on" or not disable.
It would be nice to know if anybody is doing this now?
I know it's not "audit or centralized managed console" but I bet in some orgs that is close enough....
C
+18Are you talking about XProtect def's?
You can check that with this:
defaults read "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" VersionOr, you can create an AppleScript app that shows this info:
Code for the above below:
set a to do shell script "defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta Version"
tell application "Finder" to set b to get modification date of (POSIX file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as alias)
set c to do shell script "defaults read /private/var/db/gkopaque.bundle/Contents/version.plist CFBundleShortVersionString"
tell application "Finder" to set d to get modification date of (POSIX file "/private/var/db/gkopaque.bundle/Contents/version.plist" as alias)
set e to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion"
set f to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductBuildVersion"
display dialog "XProtect.meta.plist" & return & "- version " & a & return & "- created " & b & return & return & "Gatekeeper Configuration Data" & return & "- version " & c & return & "- created " & d & return & return & "OS X" & return & "- version " & e & " build " & fEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.