Solved

network virus scan suggestions?

Posted on 2004-04-06
10
529 Views
Last Modified: 2012-06-21
we're looking at changing our current "virus protection solution" to a norton product, however are not sure if it will be able to function under the restrictions we'd like to set:

we want to change all users to user only permissions on their xp workstations(currently local administrators) and still be able to have them receive and update their virus definitions automatically. we do have a running win 2003 AD network server setup, however are currently not using profiles or groups. also to keep in mind is that we have 7 remote sites with about 15 PCs each and a total of ~170 workstations, so the initial install needs to be as streamlined as possible (heh yeah right).

any suggestions or pointing in the right direction would be greatly appreciated.
0
Comment
Question by:daya88
10 Comments
 
LVL 24

Expert Comment

by:SunBow
ID: 10770165
> we want to change all users to user only permissions on their xp workstations(currently local administrators)

OK, that worked for us (business). I didn't do it.

I think you need admin priv for initial install, but once that is going you can simply have the desktop request its periodic updates, pattern or program, from your own servers, without user intervention or need, or need of rebooting. It should also take less bandwidth than earlier versions, by only downloading the latest changes to virus files, not the entire system. (someone clue MS plz).

>  keep in mind is that we have 7 remote sites with about 15 PCs

we have many more. Lately, the trend is to have a 'standard build', which is a CD (or similar web_based file) which contains our base minimum configuration for the OS, its rules, and a handful of apps such as AV.
0
 

Expert Comment

by:itsjaime
ID: 10775527
Symantec Anti-Virus Corporate Edition allows you to install the SAV Server on your server, and then centrally administer your workstations regardless of what security policies you have on them (provided you are logged into AD as an Administrator). You can remote deploy the SAV Remote Managed Client to your workstations. The central SAV server also downloads the virus definitions once and pushes them to your clients, saving network bandwidth.. You have quite a few options with this product, including having the SAV Remote Managed Client installed and running without it appearing in the system tray, so your users wont even know its there.

If you are getting really serious about AV, consider this. Approx 95% of viruses are spread through email these days. MailGuard (www.mailguard.com.au) have a solution that 'tripple checks' all inbound and outbound email, pretty much guaranteeing its clean. Their solution also includes anti-spam and content filtering capabilities. Well worth checking out. All that is required is redirecting your MX records to their 'towers' so that mail goes through their servers first, and they are quite competatively priced. You would use their service in conjunction with an on-site AV solution to ensure that all points of vulnerability are secured.
0
 

Author Comment

by:daya88
ID: 10782929
itsjaime,

coorporate edition 8.1 is what we're looking at. could you clarify a few points for me please?

when we install the software on one (or even a few of our servers?) do they need to be AD integrated or just on the domain?

the install can or is done remotely to the client stations, even though the user is logged in on the station as a regular user or does the station at the install time need to be logged in as a local administrator, or does it need to be logged in at all?

follow up administration and virus dat updates can all be run remotely without needing certain permissions set on the client pc as long as a domain administrator is doing the remote administration?

is the user at any time able to run a manual scan? or the only way a client machine is scanned is through a regularly scheduled scan set up by the administratrator or a local administrator on the client?

thanks again for all the help!
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 6

Expert Comment

by:acmp
ID: 10821603
FWIW

I use McAfee for a network with around 400 PC's and 20 servers. All the users are restricted (no run command, no registry access, cannot install software...) and It all updates with no problems. I use ePolicy Orchastrator to manage the domain and get updates automatically from the net. The clients get the update from the local server and it is simple to set up, you don't have to visit each PC. It will even manage PC's with Norton on.

In general I don't think you will have a problem with any major AV product as far as auto updates go if you lock down the users access as you are not 'installing' software just replacing a couple of files.

acmp<><
0
 

Expert Comment

by:hcs1833
ID: 11065692
Try to refer to Sophos Anti Virus at www.sophos.com. Their support shall help you in getting a better solution.
0
 
LVL 6

Expert Comment

by:acmp
ID: 11066222
Any news?

I have just implimented an upgrade across our network. I updated the client management software (frameworkservice) and the AV software (VirusScan Enterprise 7.1.0) it took 10 minutes to set up and around 4 hours for the clients to  update themselves, I just sit back and watch.

When a new DAT file comes out the server gets it and the clients update themselves. By lunch time on the day the DAT is released I have around 90% coverage, the remaing 10% are usually unused PC's.

This is all done with McAfee's ePolicy Orchastrator. It really is this good. You can set up remote repositories so that your satalite offices can update locally and still report back to you so you can track infections, updates, problems.

My sPO serverchecks for updates hourly and distributes them stright away so we're always up to date.

No, I'm not on commission, I just like the product. It's simple to use and does what it claimes to.

acmp<><
0
 

Author Comment

by:daya88
ID: 11067785
as a matter of fact i do have some news.

we went ahead and installed norton coorporate edition 8.0 on one of our servers and slowly started adding workstations. the only 2 "problems" we have run into so far are minor ones:

for one the console shows a workstation's AV status as enabled when the workstation itself shows errors that real time protection is not enabled. the station had an old norton install and it seems after following some hints on their website and running an update tool the error was resolved however the console not stating that there was a problem on the client side was confusing at first. also,
when workstations have been turned off and turn back on for the first time after the server received a virus.dat update the workstation pops up with an error stating the virus definitions are out of date. usually just clicking ok waiting for the them to receive the update themselves are enough interaction on the client side. by the time they reboot the issue is resolved.

the other issue is that as nice as the network wide installation/deployment is, one has to have a working network browsing service. ours seems to be broken and we cannot see 2 of our 7 remote sites to deploy the client to and therefore can;t install it currently.

but overall we are very pleased with this virus protection solution. the instillation and maintenance seems very easy and intuitive. the only wish we have now is for it to scan/protect for ad-ware ;)
0
 
LVL 6

Expert Comment

by:acmp
ID: 11067809
Glad it's working out. i hope you get your 'browsing' issue sorted out soon.

It would be nice to get rid of spyware with your AV.  McAfee reports it but won't get rid of it. I'm playing around with SpyBot Search and Destroy at present to see if I can use it remotely to zap infected PC's

acmp<><
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11808139
PAQed, with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Local Drive Access Denied 5 102
dma locker 3 query 7 333
Ransomware 9 96
My Asus router (with Trend Micro on it) says a certain web site may have malware on it 4 90
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question