Posted on 01-18-2019 11:32 AM
The enterprise environment that I'm in is moving to Windows Defender - and they've chosen Bitdefender due to its integration with Windows ATP -Advanced Threat Protection
My personal experience in various environments is that BitDefender is a CPU hog. That's totally unacceptable in my environment
Bitdefender also failed to detect the WindTail Malware - More Discussion on arsTechnica
I was hoping for Kaspersky - however, it doesn't integrate
Does anyone know of a solution that will integrate with Windows ATP?
Posted on 01-22-2019 07:47 PM
Posted on 01-23-2019 03:04 PM
See the featured partners section: Microsoft ATP
I have no experience with any of these (we're a McAfee shop) but we're starting a project to look at switching to Windows ATP and what would be involved, including evaluating third-party Mac AV clients that integrate with it.
Posted on 01-24-2019 12:00 AM
We use Bitdefender which integrates into Windows ATP. We are currently migrating from McAfee to Windows defender and Bitdefender for Mac's. We have had a few problems with the migration for developers, as you MUST make sure that you whitelist the full folder path names. This is the most annoying thing with Bitdefender as it doesn't support wildcards so you need to put the full folder path and with 350 users this is a problem to manage. So if you are are oneDrive user and want to exclude this from on-access scanning be prepared to add x number of folder paths for you users into the bypass policy. We now export from Jamf into a spreadsheet and generate all the whitelisted folders once a month all for 4 folders (1,400 entries).
However during our testing Bitdefender caught more viruses than everything else we looked at and Windows ATP alerted within 2 minutes of downloading FileZilla. It was so quick as flagging this as a problem that we didn't have enough time to run the installer.
Posted on 01-24-2019 07:52 AM
Thanks, @Stevie !! So in your case - it seems like it's too quick to respond? Or was this an instance that FileZilla isn't signed..? I . hadn't looked.
Everything I read stated that it didn't detect a downloaded known malware from the Objective See archive, nor when I even decompressed it... it was only macOS - GateKeeper?- that blocked it from installing the system extension - likely because the certificate date was invalid.
Any thoughts there? Agree that it might be too aggressive until you tune it?
Posted on 01-24-2019 09:26 AM
Ziften integrates with Defender/ATP for Mac and Linux. We aren't using it currently but we've looked at it. When we did a demo with them they actually, like, new macOS stuff, which was impressive enough. Might be worth looking at if you want to give your security folks that "single pane of glass" they seem to love.
Posted on 01-24-2019 11:25 AM
Posted on 03-24-2019 03:22 AM
Microsoft Defender ATP: macOS preview + Threat and Vulnerability Management