Malware Protection, What are you using?

Hugonaut
Valued Contributor II

Hello,

Currently we have all Cisco Networking side, Cisco Umbrella & Merakis Full Stack (Wireless, Switches & Security Appliances). We are seeking some kind of software piece that lives on the end users computer and runs in the background.

We would like the computer, once malware is detected, to lock down any necessary features to inhibit the malware from executing anything Malicious so we in Tech can get on the computer, identify, analyze and remove.

We are an all Mac Shop using Mac Minis, Mac Trash Cans (Pros), Macbook Airs 2016, Macbook Pros 2016, 2017 & 2018. Operating Systems - 10.12, 10.13 & a group of 10.14 testing the fun of Mojave & all the new "Bells & Whistles"

What software are you using to accomplish this goal? How effective has it been & have you experienced the software doing its job allowing you to prevent the Malware/Ransomware from performing its malicious duties.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month
8 REPLIES 8

cvangorp
New Contributor III

We are using Cisco AMP for Endpoints. Although the Mac endpoint connector doesn't protect on macs for ransomware at this time.

damienbarrett
Valued Contributor

We use Sophos Cloud and it does (almost) everything you describe. Occasionally, Sophos can't clean up detected malware, but this is reflected in the Sophos Cloud console and you can call the machine in to take manual action (or go visit the machine).

rhoward
Contributor

We use a combination of Cisco AMP, Cisco Umbrella, and Cisco ISE to achieve this. Usually what happens is that ISE will detect if the computer is infected and remove it from our network. This prompts a call, and we tell the user to run a full scan using AMP which deletes any malware. Once the malware is removed, the device can reconnect to the on campus network.

Captainamerica
Contributor II

Crowdstrike should be able to disconnect the network when virus is found

hedenstam
New Contributor III

Used to use McAfee, but that is not working fine in Macs, we were experiencing a lot of lags and beach balls. Now we are using Cylance, and that is working very well

Not applicable

Ransomware has become a grave issue as of late. And knowing how to protect against ransomware should be essential to you.

alv2015591
New Contributor III

I use Jamf Protect.... and it does all the things your wanting your A/V Malware products to do. Disconnects from network if a threat can't be cleaned
Removes Malware
Reports what Mac OS XProtect & Gatekeeper have found
Runs CIS bench marks against all my systems...
Plus a whole bunch of other stuff..

cradice
New Contributor III
We use Sophos Cloud and it does (almost) everything you describe. Occasionally, Sophos can't clean up detected malware, but this is reflected in the Sophos Cloud console and you can call the machine in to take manual action (or go visit the machine).

We've had a number of issues with Sophos, and they have a pretty frustrating issue with Big Sur at this time. I would highly recommend Jamf protect.