Jamf Nation Community

Sophos Cloud here.

Negligible impact on client machines, good feedback for admins, very through in detecting virus, malware and PUA.

Sophos Enterprise, replacing System Center Endpoint Protect, and McAfee before that.

SCEP was retired due to detecting too little, IIRC.

Kaspersky. Our shop is mostly Windows and our ISO picked the product for its ability to secure Windows endpoints and servers.

The decision was made without my input and before my time. (This is the first place I've worked that required antivirus on the Mac platform, so I don't have an alternative that I would have offered instead.) The ISO loves Kaspersky on the Windows side of the house, but our experiences on the Mac side have been mostly negative. I've read the docs and without access to the central server, I have yet to figure out how to add an activated copy to a Mac without him manually adding each machine to the KES management tool. A colleague who manages labs of Macs demonstrated that the KES client added minutes to the initial AD login process and convinced the ISO to exclude his Macs from the requirement to have the client. The client also has an alert sound like a lion's roar that was disruptive to the teaching process. The fact that the client kept alerting on the colleague's favorite Mac utility as "possible adware" didn't endear KES to him, either!

Cisco AMP

ESET Endpoint Antivirus. We deploy at build time, and put it in Self Service for our techs. Works perfectly, and you can pave over old versions with a new one without re-keying the software.

Using Sophos Enterprise (non-cloud).
Works alright, not sure how much it actually helps, although it has detected infected windows files access by our Macs.
Not convinced it's doing much in regards to adware.

Stay away from Symantec, imho.
We had bad experiences with it.

Just moved to Sophos Cloud from Sophos Enterprise. Very happy with the product. It is super easy to manage and seems to block anything we have thrown at it.

We use Kaspersky as we are majority Windows in the District. It is a pain to get installed; but by packaging the agent and deploying to a smart group based on if the agent is present, then running a script after the agent is copied, the KES server detects the device automatically and forces the client to install. So once set up it is hands free.

Cisco AMP here.

Wow! Thank you all for the great input! There were many votes for Sophos, which I also had in mind, but I will take a look at Cisco AMP too, haven't known it before. This is definitely something I can work with.

Thanks!