Free Enterprise allowable anti-virus software

Hafiz
New Contributor II

For audit purposes and the fact that our current AV software is buggy right now, I am considering free anti-virus software that does not have a business/enterprise prohibitive license.

Any suggestions?
Are there any free A/V agents that enterprises are using?

I was considering ClamXAV but I see there is a charge for that now.

8 REPLIES 8

gachowski
Valued Contributor II

Does the Apple built in AV meet your needs? Or maybe a better way to phrase the question, who do you trust more than Apple to protect Mac OS X? : )

C

alexjdale
Valued Contributor III

Whatever Apple builds into the OS is not going to satisfy many audit requirements. It's not about trust, it's about monitoring alerts, reporting, building into process workflows, etc. There's no "console" to use to get a global view of all of your clients. You also won't get the sort of full-volume scanning (including malware that affects other platforms) you get with dedicated software.

If your company has controls and audits for AV, it's very unlikely that OS X itself is enough.

gregneagle
Valued Contributor

" it's about monitoring alerts, reporting, building into process workflows, etc. There's no "console" to use to get a global view of all of your clients."

ClamXAV wasn't going to hit those points, either.

gachowski
Valued Contributor II

For sure Alex... however... all that data the vendor apps provide doesn't matter and an old way of thinking....

My point is that, most places don't have the resources to prove that their AV of choice is really monitoring,reporting and protecting correctly..... They are trusting what the vendor tells them and what the Apps report.

And I am going to trust that Apple knows more about protecting the OS than anybody...

That said I don't get to decide what AV my company uses for all the reasons you listed..... : )

C

pblake
Contributor III

There is no Mac OS Antivirus that is free that has a centralized managed console, which would be required in any audit. - IMHO

gachowski
Valued Contributor II

Philip,

I think there is a way to verify that the built Apple defs, if that is what they are called are current with a AE and I think you can also send a bash script every check in with Casper to make sure that it's "on" or not disable.

It would be nice to know if anybody is doing this now?

I know it's not "audit or centralized managed console" but I bet in some orgs that is close enough....

C

scottb
Honored Contributor

Are you talking about XProtect def's?
You can check that with this:

defaults read "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" Version

Or, you can create an AppleScript app that shows this info:

12c94b87c4144c02bf149ec2de31cdbc

Code for the above below:

set a to do shell script "defaults read /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta Version"
tell application "Finder" to set b to get modification date of (POSIX file "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist" as alias)
set c to do shell script "defaults read /private/var/db/gkopaque.bundle/Contents/version.plist CFBundleShortVersionString"
tell application "Finder" to set d to get modification date of (POSIX file "/private/var/db/gkopaque.bundle/Contents/version.plist" as alias)
set e to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion"
set f to do shell script "defaults read /System/Library/CoreServices/SystemVersion.plist ProductBuildVersion"
display dialog "XProtect.meta.plist" & return & "- version " & a & return & "- created " & b & return & return & "Gatekeeper Configuration Data" & return & "- version " & c & return & "- created " & d & return & return & "OS X" & return & "- version " & e & " build " & f

gachowski
Valued Contributor II

@scottb

Very very nice : )

Thank you for posting : )

C