• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 549
  • Last Modified:

network virus scan suggestions?

we're looking at changing our current "virus protection solution" to a norton product, however are not sure if it will be able to function under the restrictions we'd like to set:

we want to change all users to user only permissions on their xp workstations(currently local administrators) and still be able to have them receive and update their virus definitions automatically. we do have a running win 2003 AD network server setup, however are currently not using profiles or groups. also to keep in mind is that we have 7 remote sites with about 15 PCs each and a total of ~170 workstations, so the initial install needs to be as streamlined as possible (heh yeah right).

any suggestions or pointing in the right direction would be greatly appreciated.
1 Solution
> we want to change all users to user only permissions on their xp workstations(currently local administrators)

OK, that worked for us (business). I didn't do it.

I think you need admin priv for initial install, but once that is going you can simply have the desktop request its periodic updates, pattern or program, from your own servers, without user intervention or need, or need of rebooting. It should also take less bandwidth than earlier versions, by only downloading the latest changes to virus files, not the entire system. (someone clue MS plz).

>  keep in mind is that we have 7 remote sites with about 15 PCs

we have many more. Lately, the trend is to have a 'standard build', which is a CD (or similar web_based file) which contains our base minimum configuration for the OS, its rules, and a handful of apps such as AV.
Symantec Anti-Virus Corporate Edition allows you to install the SAV Server on your server, and then centrally administer your workstations regardless of what security policies you have on them (provided you are logged into AD as an Administrator). You can remote deploy the SAV Remote Managed Client to your workstations. The central SAV server also downloads the virus definitions once and pushes them to your clients, saving network bandwidth.. You have quite a few options with this product, including having the SAV Remote Managed Client installed and running without it appearing in the system tray, so your users wont even know its there.

If you are getting really serious about AV, consider this. Approx 95% of viruses are spread through email these days. MailGuard (www.mailguard.com.au) have a solution that 'tripple checks' all inbound and outbound email, pretty much guaranteeing its clean. Their solution also includes anti-spam and content filtering capabilities. Well worth checking out. All that is required is redirecting your MX records to their 'towers' so that mail goes through their servers first, and they are quite competatively priced. You would use their service in conjunction with an on-site AV solution to ensure that all points of vulnerability are secured.
daya88Author Commented:

coorporate edition 8.1 is what we're looking at. could you clarify a few points for me please?

when we install the software on one (or even a few of our servers?) do they need to be AD integrated or just on the domain?

the install can or is done remotely to the client stations, even though the user is logged in on the station as a regular user or does the station at the install time need to be logged in as a local administrator, or does it need to be logged in at all?

follow up administration and virus dat updates can all be run remotely without needing certain permissions set on the client pc as long as a domain administrator is doing the remote administration?

is the user at any time able to run a manual scan? or the only way a client machine is scanned is through a regularly scheduled scan set up by the administratrator or a local administrator on the client?

thanks again for all the help!
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.


I use McAfee for a network with around 400 PC's and 20 servers. All the users are restricted (no run command, no registry access, cannot install software...) and It all updates with no problems. I use ePolicy Orchastrator to manage the domain and get updates automatically from the net. The clients get the update from the local server and it is simple to set up, you don't have to visit each PC. It will even manage PC's with Norton on.

In general I don't think you will have a problem with any major AV product as far as auto updates go if you lock down the users access as you are not 'installing' software just replacing a couple of files.

Try to refer to Sophos Anti Virus at www.sophos.com. Their support shall help you in getting a better solution.
Any news?

I have just implimented an upgrade across our network. I updated the client management software (frameworkservice) and the AV software (VirusScan Enterprise 7.1.0) it took 10 minutes to set up and around 4 hours for the clients to  update themselves, I just sit back and watch.

When a new DAT file comes out the server gets it and the clients update themselves. By lunch time on the day the DAT is released I have around 90% coverage, the remaing 10% are usually unused PC's.

This is all done with McAfee's ePolicy Orchastrator. It really is this good. You can set up remote repositories so that your satalite offices can update locally and still report back to you so you can track infections, updates, problems.

My sPO serverchecks for updates hourly and distributes them stright away so we're always up to date.

No, I'm not on commission, I just like the product. It's simple to use and does what it claimes to.

daya88Author Commented:
as a matter of fact i do have some news.

we went ahead and installed norton coorporate edition 8.0 on one of our servers and slowly started adding workstations. the only 2 "problems" we have run into so far are minor ones:

for one the console shows a workstation's AV status as enabled when the workstation itself shows errors that real time protection is not enabled. the station had an old norton install and it seems after following some hints on their website and running an update tool the error was resolved however the console not stating that there was a problem on the client side was confusing at first. also,
when workstations have been turned off and turn back on for the first time after the server received a virus.dat update the workstation pops up with an error stating the virus definitions are out of date. usually just clicking ok waiting for the them to receive the update themselves are enough interaction on the client side. by the time they reboot the issue is resolved.

the other issue is that as nice as the network wide installation/deployment is, one has to have a working network browsing service. ours seems to be broken and we cannot see 2 of our 7 remote sites to deploy the client to and therefore can;t install it currently.

but overall we are very pleased with this virus protection solution. the instillation and maintenance seems very easy and intuitive. the only wish we have now is for it to scan/protect for ad-ware ;)
Glad it's working out. i hope you get your 'browsing' issue sorted out soon.

It would be nice to get rid of spyware with your AV.  McAfee reports it but won't get rid of it. I'm playing around with SpyBot Search and Destroy at present to see if I can use it remotely to zap infected PC's

PAQed, with points refunded (250)

Community Support Moderator

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now