Help

Best Managed AntiVirus

llitz123
Contributor III

Posted on ‎07-27-2020 06:10 AM

We are in the market for new antivirus for our org. We were using Symantec and it was horrible and has only gotten worse. Does anyone have experience with an easily managed and proficient option antivirus option?
Thanks for any help.

Labels:
Reply
16 REPLIES 16

jhuls
Contributor III

Posted on ‎07-27-2020 07:06 AM

Always interested in hearing people's opinions on this. Our campus was hit a few a months ago on the Windows side pretty hard with ransomware so this has our CIO asking about options that include the Mac side. Windows systems had different solutions installed(Windows Defender, McAfee, and Cortex depending on the system)...none of them stopped it. On the Mac side we had nothing added...just Apple's builtin stuff. We're now using Crowdstrike across the board but I believe it's only for a trial period. I can't speak for the ease of managing it through their portal as others manage that but I can say that they had to whitelist jamf as it was blocking remote actions.

Reply

psliequ
Contributor III

Posted on ‎07-27-2020 07:36 AM

Quality of software aside, the most important thing you should do is work closely with the security team to develop a set of rules about how the anti virus software works and what it scans. The default configuration of these products is usually not acceptable (and that is usually what is deployed.)
For example, no anti virus software needs to scan in /System which produces a huge savings in cpu if you ignore that path.
Mcafee of all companies actually has a pretty reasonable document describing what should be excluded on macOS here
To that I'd add any paths listed in /System/Library/Sandbox/rootless.conf

Reply

blackholemac
Valued Contributor III

Posted on ‎07-27-2020 11:22 AM

Jamf Protect looks good, but is right now out of a school district’s price range

Reply

snowfox
Contributor III

Posted on ‎07-27-2020 05:26 PM

We'll be going down the Jamf Protect path soon in my shop. One of the reasons is because it's specifically built for macOS only, is completely cloud based and it doesn't use legacy kernel extensions. It was built from the ground up to use the new System Extensions so it will be macOS 11.0 Big Sur compatible on day 1. I'm not sure how the other Anti-Virus programs will handle the killing off of their kexts or how long they will drag their feet before re-writing their software.

Reply

llitz123
Contributor III

Posted on ‎07-27-2020 05:47 PM

I totally missed JAMF Protect.
I will investigate pricing for our org.
Any further insight into other retail solutions would be greatly appreciated....

Reply

Quagmire
New Contributor II

Posted on ‎07-27-2020 07:16 PM

If you're a Microsoft O365Azure customer, I'd highly recommend an eval of Microsoft Defender ATP for macOS. We been testing it for about 2 months and I'm extremely impressed. We are ending our Symantec relationship and will be migrating in the next week or so...

Reply

donmontalvo
Esteemed Contributor III

Posted on ‎07-27-2020 08:06 PM

If jamf|PROTECT were stock, I'd buy it. ;)

--
https://donmontalvo.com
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎07-27-2020 08:07 PM

@Quagmire what a great handle! :) Agreed, Symantec is dead in the water as far as macOS support goes.

--
https://donmontalvo.com
Reply

llitz123
Contributor III

Posted on ‎07-28-2020 07:01 AM

@Quagmire I didnt know ATP for MacOS existed. How hard is it to provision and manage on Catliner?
Thanks for any further assistance.

0 Kudos
Reply

m_donovan
Contributor III

Posted on ‎07-28-2020 07:34 AM

We have been using Microsoft ATP for about a year now. Unfortunately, many of the features we really wanted at the start are STILL pending or "coming to preview soon". I also happen to have BitDefender for our older Macs still running 10.12 that I have been testing on others. I am happier with the feature set that BitDefender has more so than MS ATP. Microsoft keeps saying improvements are coming but that is what they said in the sales pitch as well.

0 Kudos
Reply

Chris_Hafner
Valued Contributor II

Posted on ‎07-28-2020 10:44 AM

I've had good luck with Cylance, but a recent Sentinal One demo has me interested in digging deeper next cycle. I agree that jamfProtect looks awesome, but I've only seen the presentations.

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎07-29-2020 11:23 AM

I have done a few different bake offs, and while i'm not a security expert, IMO Jamf Protect is the choice. Real security and real vision in to what is happening on your macOS endpoints.

C

0 Kudos
Reply

iJake
Valued Contributor

Posted on ‎07-29-2020 01:02 PM

What we use at Cisco:
Cisco AMP for Endpoints

Reply

mwu1876
Contributor

Posted on ‎08-19-2020 09:24 AM

We have Jamf Protect but I'm concerned that it doesn't have true AV scanning. The issue is that not many people have it deployed so it's hard to get feedback.

Reply

swapple
Contributor III

Posted on ‎08-22-2020 11:34 PM

An interesting conversation to have with the security teams is to ask them how many times has their tool protected the Macs?

0 Kudos
Reply

hardy
New Contributor

Posted on ‎08-24-2020 12:07 PM

Avast

0 Kudos
Reply