Solved

network virus scan suggestions?

Posted on 2004-04-06
10
525 Views
Last Modified: 2012-06-21
we're looking at changing our current "virus protection solution" to a norton product, however are not sure if it will be able to function under the restrictions we'd like to set:

we want to change all users to user only permissions on their xp workstations(currently local administrators) and still be able to have them receive and update their virus definitions automatically. we do have a running win 2003 AD network server setup, however are currently not using profiles or groups. also to keep in mind is that we have 7 remote sites with about 15 PCs each and a total of ~170 workstations, so the initial install needs to be as streamlined as possible (heh yeah right).

any suggestions or pointing in the right direction would be greatly appreciated.
0
Comment
Question by:daya88
10 Comments
 
LVL 24

Expert Comment

by:SunBow
ID: 10770165
> we want to change all users to user only permissions on their xp workstations(currently local administrators)

OK, that worked for us (business). I didn't do it.

I think you need admin priv for initial install, but once that is going you can simply have the desktop request its periodic updates, pattern or program, from your own servers, without user intervention or need, or need of rebooting. It should also take less bandwidth than earlier versions, by only downloading the latest changes to virus files, not the entire system. (someone clue MS plz).

>  keep in mind is that we have 7 remote sites with about 15 PCs

we have many more. Lately, the trend is to have a 'standard build', which is a CD (or similar web_based file) which contains our base minimum configuration for the OS, its rules, and a handful of apps such as AV.
0
 

Expert Comment

by:itsjaime
ID: 10775527
Symantec Anti-Virus Corporate Edition allows you to install the SAV Server on your server, and then centrally administer your workstations regardless of what security policies you have on them (provided you are logged into AD as an Administrator). You can remote deploy the SAV Remote Managed Client to your workstations. The central SAV server also downloads the virus definitions once and pushes them to your clients, saving network bandwidth.. You have quite a few options with this product, including having the SAV Remote Managed Client installed and running without it appearing in the system tray, so your users wont even know its there.

If you are getting really serious about AV, consider this. Approx 95% of viruses are spread through email these days. MailGuard (www.mailguard.com.au) have a solution that 'tripple checks' all inbound and outbound email, pretty much guaranteeing its clean. Their solution also includes anti-spam and content filtering capabilities. Well worth checking out. All that is required is redirecting your MX records to their 'towers' so that mail goes through their servers first, and they are quite competatively priced. You would use their service in conjunction with an on-site AV solution to ensure that all points of vulnerability are secured.
0
 

Author Comment

by:daya88
ID: 10782929
itsjaime,

coorporate edition 8.1 is what we're looking at. could you clarify a few points for me please?

when we install the software on one (or even a few of our servers?) do they need to be AD integrated or just on the domain?

the install can or is done remotely to the client stations, even though the user is logged in on the station as a regular user or does the station at the install time need to be logged in as a local administrator, or does it need to be logged in at all?

follow up administration and virus dat updates can all be run remotely without needing certain permissions set on the client pc as long as a domain administrator is doing the remote administration?

is the user at any time able to run a manual scan? or the only way a client machine is scanned is through a regularly scheduled scan set up by the administratrator or a local administrator on the client?

thanks again for all the help!
0
 
LVL 6

Expert Comment

by:acmp
ID: 10821603
FWIW

I use McAfee for a network with around 400 PC's and 20 servers. All the users are restricted (no run command, no registry access, cannot install software...) and It all updates with no problems. I use ePolicy Orchastrator to manage the domain and get updates automatically from the net. The clients get the update from the local server and it is simple to set up, you don't have to visit each PC. It will even manage PC's with Norton on.

In general I don't think you will have a problem with any major AV product as far as auto updates go if you lock down the users access as you are not 'installing' software just replacing a couple of files.

acmp<><
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Expert Comment

by:hcs1833
ID: 11065692
Try to refer to Sophos Anti Virus at www.sophos.com. Their support shall help you in getting a better solution.
0
 
LVL 6

Expert Comment

by:acmp
ID: 11066222
Any news?

I have just implimented an upgrade across our network. I updated the client management software (frameworkservice) and the AV software (VirusScan Enterprise 7.1.0) it took 10 minutes to set up and around 4 hours for the clients to  update themselves, I just sit back and watch.

When a new DAT file comes out the server gets it and the clients update themselves. By lunch time on the day the DAT is released I have around 90% coverage, the remaing 10% are usually unused PC's.

This is all done with McAfee's ePolicy Orchastrator. It really is this good. You can set up remote repositories so that your satalite offices can update locally and still report back to you so you can track infections, updates, problems.

My sPO serverchecks for updates hourly and distributes them stright away so we're always up to date.

No, I'm not on commission, I just like the product. It's simple to use and does what it claimes to.

acmp<><
0
 

Author Comment

by:daya88
ID: 11067785
as a matter of fact i do have some news.

we went ahead and installed norton coorporate edition 8.0 on one of our servers and slowly started adding workstations. the only 2 "problems" we have run into so far are minor ones:

for one the console shows a workstation's AV status as enabled when the workstation itself shows errors that real time protection is not enabled. the station had an old norton install and it seems after following some hints on their website and running an update tool the error was resolved however the console not stating that there was a problem on the client side was confusing at first. also,
when workstations have been turned off and turn back on for the first time after the server received a virus.dat update the workstation pops up with an error stating the virus definitions are out of date. usually just clicking ok waiting for the them to receive the update themselves are enough interaction on the client side. by the time they reboot the issue is resolved.

the other issue is that as nice as the network wide installation/deployment is, one has to have a working network browsing service. ours seems to be broken and we cannot see 2 of our 7 remote sites to deploy the client to and therefore can;t install it currently.

but overall we are very pleased with this virus protection solution. the instillation and maintenance seems very easy and intuitive. the only wish we have now is for it to scan/protect for ad-ware ;)
0
 
LVL 6

Expert Comment

by:acmp
ID: 11067809
Glad it's working out. i hope you get your 'browsing' issue sorted out soon.

It would be nice to get rid of spyware with your AV.  McAfee reports it but won't get rid of it. I'm playing around with SpyBot Search and Destroy at present to see if I can use it remotely to zap infected PC's

acmp<><
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11808139
PAQed, with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now