Solved

network virus scan suggestions?

Posted on 2004-04-06
10
526 Views
Last Modified: 2012-06-21
we're looking at changing our current "virus protection solution" to a norton product, however are not sure if it will be able to function under the restrictions we'd like to set:

we want to change all users to user only permissions on their xp workstations(currently local administrators) and still be able to have them receive and update their virus definitions automatically. we do have a running win 2003 AD network server setup, however are currently not using profiles or groups. also to keep in mind is that we have 7 remote sites with about 15 PCs each and a total of ~170 workstations, so the initial install needs to be as streamlined as possible (heh yeah right).

any suggestions or pointing in the right direction would be greatly appreciated.
0
Comment
Question by:daya88
10 Comments
 
LVL 24

Expert Comment

by:SunBow
ID: 10770165
> we want to change all users to user only permissions on their xp workstations(currently local administrators)

OK, that worked for us (business). I didn't do it.

I think you need admin priv for initial install, but once that is going you can simply have the desktop request its periodic updates, pattern or program, from your own servers, without user intervention or need, or need of rebooting. It should also take less bandwidth than earlier versions, by only downloading the latest changes to virus files, not the entire system. (someone clue MS plz).

>  keep in mind is that we have 7 remote sites with about 15 PCs

we have many more. Lately, the trend is to have a 'standard build', which is a CD (or similar web_based file) which contains our base minimum configuration for the OS, its rules, and a handful of apps such as AV.
0
 

Expert Comment

by:itsjaime
ID: 10775527
Symantec Anti-Virus Corporate Edition allows you to install the SAV Server on your server, and then centrally administer your workstations regardless of what security policies you have on them (provided you are logged into AD as an Administrator). You can remote deploy the SAV Remote Managed Client to your workstations. The central SAV server also downloads the virus definitions once and pushes them to your clients, saving network bandwidth.. You have quite a few options with this product, including having the SAV Remote Managed Client installed and running without it appearing in the system tray, so your users wont even know its there.

If you are getting really serious about AV, consider this. Approx 95% of viruses are spread through email these days. MailGuard (www.mailguard.com.au) have a solution that 'tripple checks' all inbound and outbound email, pretty much guaranteeing its clean. Their solution also includes anti-spam and content filtering capabilities. Well worth checking out. All that is required is redirecting your MX records to their 'towers' so that mail goes through their servers first, and they are quite competatively priced. You would use their service in conjunction with an on-site AV solution to ensure that all points of vulnerability are secured.
0
 

Author Comment

by:daya88
ID: 10782929
itsjaime,

coorporate edition 8.1 is what we're looking at. could you clarify a few points for me please?

when we install the software on one (or even a few of our servers?) do they need to be AD integrated or just on the domain?

the install can or is done remotely to the client stations, even though the user is logged in on the station as a regular user or does the station at the install time need to be logged in as a local administrator, or does it need to be logged in at all?

follow up administration and virus dat updates can all be run remotely without needing certain permissions set on the client pc as long as a domain administrator is doing the remote administration?

is the user at any time able to run a manual scan? or the only way a client machine is scanned is through a regularly scheduled scan set up by the administratrator or a local administrator on the client?

thanks again for all the help!
0
 
LVL 6

Expert Comment

by:acmp
ID: 10821603
FWIW

I use McAfee for a network with around 400 PC's and 20 servers. All the users are restricted (no run command, no registry access, cannot install software...) and It all updates with no problems. I use ePolicy Orchastrator to manage the domain and get updates automatically from the net. The clients get the update from the local server and it is simple to set up, you don't have to visit each PC. It will even manage PC's with Norton on.

In general I don't think you will have a problem with any major AV product as far as auto updates go if you lock down the users access as you are not 'installing' software just replacing a couple of files.

acmp<><
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Expert Comment

by:hcs1833
ID: 11065692
Try to refer to Sophos Anti Virus at www.sophos.com. Their support shall help you in getting a better solution.
0
 
LVL 6

Expert Comment

by:acmp
ID: 11066222
Any news?

I have just implimented an upgrade across our network. I updated the client management software (frameworkservice) and the AV software (VirusScan Enterprise 7.1.0) it took 10 minutes to set up and around 4 hours for the clients to  update themselves, I just sit back and watch.

When a new DAT file comes out the server gets it and the clients update themselves. By lunch time on the day the DAT is released I have around 90% coverage, the remaing 10% are usually unused PC's.

This is all done with McAfee's ePolicy Orchastrator. It really is this good. You can set up remote repositories so that your satalite offices can update locally and still report back to you so you can track infections, updates, problems.

My sPO serverchecks for updates hourly and distributes them stright away so we're always up to date.

No, I'm not on commission, I just like the product. It's simple to use and does what it claimes to.

acmp<><
0
 

Author Comment

by:daya88
ID: 11067785
as a matter of fact i do have some news.

we went ahead and installed norton coorporate edition 8.0 on one of our servers and slowly started adding workstations. the only 2 "problems" we have run into so far are minor ones:

for one the console shows a workstation's AV status as enabled when the workstation itself shows errors that real time protection is not enabled. the station had an old norton install and it seems after following some hints on their website and running an update tool the error was resolved however the console not stating that there was a problem on the client side was confusing at first. also,
when workstations have been turned off and turn back on for the first time after the server received a virus.dat update the workstation pops up with an error stating the virus definitions are out of date. usually just clicking ok waiting for the them to receive the update themselves are enough interaction on the client side. by the time they reboot the issue is resolved.

the other issue is that as nice as the network wide installation/deployment is, one has to have a working network browsing service. ours seems to be broken and we cannot see 2 of our 7 remote sites to deploy the client to and therefore can;t install it currently.

but overall we are very pleased with this virus protection solution. the instillation and maintenance seems very easy and intuitive. the only wish we have now is for it to scan/protect for ad-ware ;)
0
 
LVL 6

Expert Comment

by:acmp
ID: 11067809
Glad it's working out. i hope you get your 'browsing' issue sorted out soon.

It would be nice to get rid of spyware with your AV.  McAfee reports it but won't get rid of it. I'm playing around with SpyBot Search and Destroy at present to see if I can use it remotely to zap infected PC's

acmp<><
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11808139
PAQed, with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 7 keeps blocking Antivirus 11 69
Checkpoint Endpoint Managment 3 65
anti virus for Blackberry 6 56
"k" and "i" wont work in a dell lap top 5 17
OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now