Antivirus compatible with Windows ATP

k3vmo
Contributor II

The enterprise environment that I'm in is moving to Windows Defender - and they've chosen Bitdefender due to its integration with Windows ATP -Advanced Threat Protection

My personal experience in various environments is that BitDefender is a CPU hog. That's totally unacceptable in my environment

Bitdefender also failed to detect the WindTail Malware - More Discussion on arsTechnica

I was hoping for Kaspersky - however, it doesn't integrate

Does anyone know of a solution that will integrate with Windows ATP?

7 REPLIES 7

k3vmo
Contributor II

Anyone?

analog_kid
Contributor

See the featured partners section: Microsoft ATP

I have no experience with any of these (we're a McAfee shop) but we're starting a project to look at switching to Windows ATP and what would be involved, including evaluating third-party Mac AV clients that integrate with it.

--Ben

Stevie
Contributor

We use Bitdefender which integrates into Windows ATP. We are currently migrating from McAfee to Windows defender and Bitdefender for Mac's. We have had a few problems with the migration for developers, as you MUST make sure that you whitelist the full folder path names. This is the most annoying thing with Bitdefender as it doesn't support wildcards so you need to put the full folder path and with 350 users this is a problem to manage. So if you are are oneDrive user and want to exclude this from on-access scanning be prepared to add x number of folder paths for you users into the bypass policy. We now export from Jamf into a spreadsheet and generate all the whitelisted folders once a month all for 4 folders (1,400 entries).

However during our testing Bitdefender caught more viruses than everything else we looked at and Windows ATP alerted within 2 minutes of downloading FileZilla. It was so quick as flagging this as a problem that we didn't have enough time to run the installer.

Steve

k3vmo
Contributor II

Thanks, @Stevie !! So in your case - it seems like it's too quick to respond? Or was this an instance that FileZilla isn't signed..? I . hadn't looked.
Everything I read stated that it didn't detect a downloaded known malware from the Objective See archive, nor when I even decompressed it... it was only macOS - GateKeeper?- that blocked it from installing the system extension - likely because the certificate date was invalid.

Any thoughts there? Agree that it might be too aggressive until you tune it?

emily
Valued Contributor III
Valued Contributor III

Ziften integrates with Defender/ATP for Mac and Linux. We aren't using it currently but we've looked at it. When we did a demo with them they actually, like, new macOS stuff, which was impressive enough. Might be worth looking at if you want to give your security folks that "single pane of glass" they seem to love.

gachowski
Valued Contributor II

@emily

Thank you, that is a great find!!!

C

HeightsCollege
New Contributor II

Microsoft Defender ATP: macOS preview + Threat and Vulnerability Management

https://www.youtube.com/watch?v=w2Y90xcnQ58&feature=youtu.be