Best Managed AntiVirus

Contributor III

We are in the market for new antivirus for our org. We were using Symantec and it was horrible and has only gotten worse. Does anyone have experience with an easily managed and proficient option antivirus option?
Thanks for any help.


Contributor III

Always interested in hearing people's opinions on this. Our campus was hit a few a months ago on the Windows side pretty hard with ransomware so this has our CIO asking about options that include the Mac side. Windows systems had different solutions installed(Windows Defender, McAfee, and Cortex depending on the system)...none of them stopped it. On the Mac side we had nothing added...just Apple's builtin stuff. We're now using Crowdstrike across the board but I believe it's only for a trial period. I can't speak for the ease of managing it through their portal as others manage that but I can say that they had to whitelist jamf as it was blocking remote actions.

Contributor III

Quality of software aside, the most important thing you should do is work closely with the security team to develop a set of rules about how the anti virus software works and what it scans. The default configuration of these products is usually not acceptable (and that is usually what is deployed.)
For example, no anti virus software needs to scan in /System which produces a huge savings in cpu if you ignore that path.
Mcafee of all companies actually has a pretty reasonable document describing what should be excluded on macOS here
To that I'd add any paths listed in /System/Library/Sandbox/rootless.conf

Valued Contributor III

Jamf Protect looks good, but is right now out of a school district’s price range

Contributor III

We'll be going down the Jamf Protect path soon in my shop. One of the reasons is because it's specifically built for macOS only, is completely cloud based and it doesn't use legacy kernel extensions. It was built from the ground up to use the new System Extensions so it will be macOS 11.0 Big Sur compatible on day 1. I'm not sure how the other Anti-Virus programs will handle the killing off of their kexts or how long they will drag their feet before re-writing their software.

Contributor III

I totally missed JAMF Protect.
I will investigate pricing for our org.
Any further insight into other retail solutions would be greatly appreciated....

New Contributor II

If you're a Microsoft O365Azure customer, I'd highly recommend an eval of Microsoft Defender ATP for macOS. We been testing it for about 2 months and I'm extremely impressed. We are ending our Symantec relationship and will be migrating in the next week or so...

Esteemed Contributor III

If jamf|PROTECT were stock, I'd buy it. ;)


Esteemed Contributor III

@Quagmire what a great handle! :) Agreed, Symantec is dead in the water as far as macOS support goes.


Contributor III

@Quagmire I didnt know ATP for MacOS existed. How hard is it to provision and manage on Catliner?
Thanks for any further assistance.

Contributor III

We have been using Microsoft ATP for about a year now. Unfortunately, many of the features we really wanted at the start are STILL pending or "coming to preview soon". I also happen to have BitDefender for our older Macs still running 10.12 that I have been testing on others. I am happier with the feature set that BitDefender has more so than MS ATP. Microsoft keeps saying improvements are coming but that is what they said in the sales pitch as well.

Valued Contributor II

I've had good luck with Cylance, but a recent Sentinal One demo has me interested in digging deeper next cycle. I agree that jamfProtect looks awesome, but I've only seen the presentations.

Valued Contributor II

I have done a few different bake offs, and while i'm not a security expert, IMO Jamf Protect is the choice. Real security and real vision in to what is happening on your macOS endpoints.


Valued Contributor

What we use at Cisco:
Cisco AMP for Endpoints


We have Jamf Protect but I'm concerned that it doesn't have true AV scanning. The issue is that not many people have it deployed so it's hard to get feedback.

Contributor III

An interesting conversation to have with the security teams is to ask them how many times has their tool protected the Macs?

New Contributor