Trend Micro Kinda Sucks

I have been using Trend Micro Worry Free Business Security since I got sick of Norton Corporate years ago. I started with WFBS 3.5 and was NOT impressed. It was like a screen door on a submarine. Didn't keep much out. This held true up until version 9 came out maybe a year ago. For the first time it seems like it actually caught something. Too bad my hopes were soon dashed. Two of my customers caught the Crypto and it just ate their network alive but was is Trend, running, fully updated thinking life was good while their network was being destroyed. Trend even came out with a specific patch aimed directly at the Crypto and since then two more of my customers caught it.

   Even their standalone (Trend Maximum Security) kinda sucks. I use it on my computer. I get emails that are obviously infected. Zip attachments with exe files inside. I will extract the exe to a folder and scan it with Trend. Trend says no problem. I then upload it to Virus Total and 40 of 50 virus programs says it is a virus but not Trend. Four days later Trend updates and "Hey! You have a virus!.

   Thanks Trend. I don't know if anyone has told you but finding out 4 or five days after  the fact is NOT acceptable! It has been going on for year! Trend catches nothing until it is too late! Corporate ot standalone it is a train wreck!

   So no the questions.... has anyone else had these problems with Trend and is there something better out there? (it can't get much worse). I am primarily interested in client/server....
LVL 15
LockDown32OwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ben HartCommented:
I have never personally used any Trend products.  IDK why I just had this feeling like they'd.. well, suck. Back in the day I worked for a company that used McAfee and at that company we caught I LOVE YOU so I'd say McAfee wasn't a very good AV product.
At this company we used to use Symantec Corp, then Symantec Endpoint Protection.. it was also rather meh.  The server side reporting would notify us of infections, and sometimes it wouldn't.. it really just seemed to depend on what the object was.
For the past few years we've been using Microsoft Forefront Protection and I really feel it's kinda the same.  Of course since the switch we've not had any reported infections outside of malware and scareware which a MFP wouldn't find any way.

But yeah dude honestly, I think it's a good idea to have multiple engines on any given network.  Run one app at the client level and a different one at the server level.  Nothing is 100% that's for sure and malicious types can churn out virii faster than the coders can keep up.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LockDown32OwnerAuthor Commented:
That is why I haven't jumped ship yet. Every time you turn around Trend is rated number one or two in protection. I have looked and just haven't found anything that I really like or seems to do a better job. It isn't like I am picking a good one it is like I am picking the least bad one. They are all kind of so-so. Anyone tried Malwarebytes client/server yet?
0
Ben HartCommented:
Unless something changed.. isn't MalwareBytes still for malware and malware-related objects?

Yeah I question at how they rank AV applications.. controlled environments and what-not.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

LockDown32OwnerAuthor Commented:
Yes it is just for Malware. I got ahold of them yesterday just to ask that particular question. Same response as when they started. Yes if you want virus protection you need a second package. So... you either get Malwarebytes that will stop malware but not virus or you get Trend which doesn't stop either LOL!
0
Ben HartCommented:
According to this place: http://www.av-comparatives.org/wp-content/uploads/2015/06/avc_factsheet2015_05.pdf 

Panda and BitDefender would be comparable replacements to Trend.
0
LockDown32OwnerAuthor Commented:
I love it. It shows Trend with a 100% detection rate! VB100 rates Trend the same way. Am I just extremely unlucky or what?

Do you know if Panda or Bitdefender is client/server?
0
Ben HartCommented:
BitDefender has three different business related products.  I'd be highly surprised if they weren't Client/Server.  But no I dont know for sure.
0
rindiCommented:
All AV products will always be behind and playing "catch up" with the viruses. Also, of the ransomware viruses there are many variations and new mutations coming out all the time. So no AV product should be regarded as fool-proof and you should never think that an AV product is enough.

For everything in IT, the most important protection is having good, reliable backups, and the ransomware only stresses that more. Other very important way of being protected is to never use accounts with Admin rights on PC's, and to train the users how to use the PC so it is kept as secure as possible, for example what web-sites to trust and what open and what to not open, and also how to use email safely, for example not to open any attachments you aren't expecting.

I've been using the free version of Panda Antivirus for years, and have never had any problem with it.
0
Ben HartCommented:
I don't think he needed advice on how to mitigate the risks.. anyone in IT worth a crap shouldn't.  But that's interesting about Panda.. I'm too old school to use anything free like that in a business setting.
0
rindiCommented:
In a business setting you can't use the free version, it is only for personal use. For business you need to get the payed version. But the protection you get doesn't really differ whether you have to pay or not.
0
LockDown32OwnerAuthor Commented:
Speaking of interesting... I inherited this customer. I spent a long time convincing them that they needed to go back and remove admin rights from all the users. I finally got the approval to do so at a considerable cost to the customer. The one user that got the Crypto the other day was NOT an admin of their computer. So much for that theory :)
0
skijCommented:
Have you tried ClamWin? If you haven't then you should.  It is free and free is good.
http://www.clamwin.com/
0
btanExec ConsultantCommented:
can't just rely on AV and I believe you kow pretty well such catch up of signature is just another cat and mouse game, we on the losing end. anti-malware and application whitelisting are to built the deterrence though not foolproof - at least augment the Host AV and FW. For the case of CryptoLocker (see BleedingComputer), consider CryptoPreventhttps://www.foolishit.com/cryptoprevent-malware-prevention/

The candidate for the family Emsisoft Anti-Malware, or Malwarebytes' Anti-Malware, and SUPERAntiSpyware. I am not saying they are best and there is no best, but ultimately, I see HIPS (host intrusion prevention s/w) has many capabilities but not many has done well ... I err on safe side and go protect the standalone ... the shared 3 candidates has central mgmt (easily available in their site under "Enterprise" or "business" category) and can be client/server
0
LockDown32OwnerAuthor Commented:
Yep. That is another thing I don't understand. None of the client/server packages as a rule are worth a damn. The ones that clean it up or catch it in the first place always seem to be Malwarebytes, SuperantiSpyware or ComboFix.  Why can the big boys do the same thing or does it simply lose something in the translation by going with a console?
0
Ben HartCommented:
That first company that got hit by ILOVEYOU.. we actually added a small runtime scan initiated by the login script for the entire company and let it run upon login for probably two weeks afterward just to make sure it was gone.
0
btanExec ConsultantCommented:
never rely as one for "life insurance", false sense of security is our own belief if we really want the job done cleaner, we need to go for experience trial and run even those machine without patch and stay connected in the WWW and see if the security s/w  can withstand the penetration and as we surf to potential compromised site or malicious site ... there is no straight answer to what is best but you need to define what suite your environment and optimal for mass protection.

To be the most secure, then stay in isolation and run from LiveCD like tails, have no persistent store of data ... pardon me I taking the extreme as we are just too connected and we need it to communicate and connect to eServices. Just some thoughts. pardon me - we are still no smarter or faster than the "mal" family - see http://www.malwarestats.org/
possible evasion - http://marcoramilli.blogspot.it/2013/07/malware-evasion-chart.html

Even at times AV may not be doing all the supposedly "right" thing (if we give some assumption the analysis and findings are of certain degree of truth..)
https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.