We are in the market for new antivirus for our org. We were using Symantec and it was horrible and has only gotten worse.
Does anyone have experience with an easily managed and proficient option antivirus option?
Thanks for any help.
Always interested in hearing people's opinions on this. Our campus was hit a few a months ago on the Windows side pretty hard with ransomware so this has our CIO asking about options that include the Mac side. Windows systems had different solutions installed(Windows Defender, McAfee, and Cortex depending on the system)...none of them stopped it. On the Mac side we had nothing added...just Apple's builtin stuff. We're now using Crowdstrike across the board but I believe it's only for a trial period. I can't speak for the ease of managing it through their portal as others manage that but I can say that they had to whitelist jamf as it was blocking remote actions.
Quality of software aside, the most important thing you should do is work closely with the security team to develop a set of rules about how the anti virus software works and what it scans. The default configuration of these products is usually not acceptable (and that is usually what is deployed.)
For example, no anti virus software needs to scan in /System which produces a huge savings in cpu if you ignore that path.
Mcafee of all companies actually has a pretty reasonable document describing what should be excluded on macOS here
To that I'd add any paths listed in /System/Library/Sandbox/rootless.conf
We'll be going down the Jamf Protect path soon in my shop. One of the reasons is because it's specifically built for macOS only, is completely cloud based and it doesn't use legacy kernel extensions. It was built from the ground up to use the new System Extensions so it will be macOS 11.0 Big Sur compatible on day 1. I'm not sure how the other Anti-Virus programs will handle the killing off of their kexts or how long they will drag their feet before re-writing their software.
We have been using Microsoft ATP for about a year now. Unfortunately, many of the features we really wanted at the start are STILL pending or "coming to preview soon". I also happen to have BitDefender for our older Macs still running 10.12 that I have been testing on others. I am happier with the feature set that BitDefender has more so than MS ATP. Microsoft keeps saying improvements are coming but that is what they said in the sales pitch as well.