We help IT Professionals succeed at work.

What anti virus software are you using for a company running 150+ computers?

Medium Priority
321 Views
1 Endorsement
Last Modified: 2019-02-09
The client complains about the expense on antivirus software. What solution are you using for a company running over 150 computers?
This client has been using Trend Micro for over a decade, which is installed on servers and PCs. Every year when renewing the software, the client always questions
- Is there anything cheaper but doing the job?
- Can we disable internet access on certain computers and save the license on them?

I am so fxxking annoyed.
Comment
Watch Question

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I probably cannot help you. You have a client that puts "Cheap" ahead of downtime because of viruses and ransomware. Your client cannot be helped.

We use Symantec Endpoint Protection (not free) and will probably move toward Windows Defender on Server 2016.
yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
What are you currently paying?
I am using Symantec endpoint protection right now for the same size company and I spend $7000 Per

That comes out to $46.30 lic/user for the year.   I would break your environment down and see what it is per user per year.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Agree. Good name brand AV comes out to under $50 in most cases. It costs more than this to give the employee phone and internet.
Mal OsborneAlpha Geek
CERTIFIED EXPERT

Commented:
The Trend suite of products is not bad. If already implemented and in place, I would tend to stay with it.


Webroot is pretty good as well.


In would strongly advise against blocking internet access and removing antivirus, there are other vectors, and I have seen MANY machines that "don't need antivirus" get infected and cause huge problems.
Y Yconsultant

Author

Commented:
Hi John,
"Windows Defender on Server 2016." - Is this free?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Can we disable internet access on certain computers and save the license on them?  

Yes, then they cannot do updates or do email. GREAT productivity enhancement to cut people off.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
https://docs.microsoft.com/en-us/windows-server/security/windows-defender/windows-defender-overview-windows-server

I think Windows Defender is included and there is no mention of cost (but the Server OS costs). I am still looking at that.
Y Yconsultant

Author

Commented:
Hi yo_bee,
The 1yr renewal is about US$30/seat, a little cheaper than Symantec.
Y Yconsultant

Author

Commented:
"Yes, then they cannot do updates or do email. GREAT productivity enhancement to cut people off."
- Good point!
Y Yconsultant

Author

Commented:
Hi John,
Thanks for the link.
I quickly checked one of Windows 2016 servers which did not have Trend Micro installed, and found that Defender was running. So it is for free as i did not pay for it.

But i doubt i would trust a free anti virus.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Windows Defender - Windows 10 and Server 2016 and above with Microsoft EMET is a very good product and worthy of consideration.
IT Consultant
CERTIFIED EXPERT
Commented:
> The client complains about the expense on antivirus software.

please be aware that Windows 7 and higher all have built-in anti-virus (AV) application - Windows Defender, free, officially supported and well recognized.

> What solution are you using for a company running over 150 computers?

generally speaking you need a SMB solution from management perspective, though technically choosing an AV software has nothing to do with company size.

> - Is there anything cheaper but doing the job?

yes, as long as they use latest version of Windows, they can always use the built-in AV solution for free.

> - Can we disable internet access on certain computers and save the license on them?

it depends, if they can absolutely separate the certain computers from the other access. even there is no Internet access, people with no security awareness may bring the virus in manually or on purpose.
Andrew LeniartIT Professional | Freelance Journalist
CERTIFIED EXPERT
Author of the Year 2019
Distinguished Expert 2018

Commented:
But i doubt i would trust a free anti virus.

Despite being Free, I've noticed Windows Defender score fairly highly at independent Real-World testing labs.

https://www.av-comparatives.org/tests/real-world-protection-test-july-november-2018/

The biggest problem appears to be with the frequency of False Positives.
Y Yconsultant

Author

Commented:
One problem from Defender is that it lacks central management which is important in a domain network with lots computers.
Y Yconsultant

Author

Commented:
Hi Andrew, Thanks for the link.
Trend Micro was ranked #3 overall, not bad.
bbaoIT Consultant
CERTIFIED EXPERT

Commented:
> Defender is that it lacks central management

not really. please see below the options, features and functions controlled by Group Policy of centrally managed domain.

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus
CERTIFIED EXPERT
Commented:
That chart shows Microsoft has the highest number of false positives.  I also wouldn't switch to Windows Defender because you won't have good centralized Monitoring.  It looks like Trend Micro, BitDefender, and F-Secure were the 3 best scorers.  I would look at those to compare prices and pick the cheaper one.  If you just want to stick with Trend Micro, then show them that it's already a top scoring AV.
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
All antivirus stinks these days.

Don't believe me?  Upload a few samples to virustotal.com and watch as >50% fail to catch.  And which are caught and which aren't vary.  That doesn't mean you shouldn't have one - it's like getting the flu shot, it helps protect against some and may lessen the impact of others... but it's far from a guarantee you won't get the flu. In my opinion, arguing over which one is more effective is like like arguing over how far above the speed limit you can go before you'll get a ticket.  Answer: it depends on the cop and if they spotted anyone else before you.  Or in the case of antivirus, the virus.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
We use defender network wide since win8 is out (included in win8.x and win10). It can be tuned using GPOs and updated using the WSUS server that we have and for central monitoring and we use event based tasks that write e-mails to us admins in case a virus is detected.
It is an approach that you should consider, since defender integrates best with windows of all solutions (it is integrated by default) and the product quality has caught up with many competitors.

Whether or not AV software has seen better days is arguable. I agree with comments that say AV software is just a small piece in the security puzzle and cannot be relied on, anyway.
madunixExecutive IT Director, MVE
CERTIFIED EXPERT
Most Valuable Expert 2019

Commented:
We use Windows Defender. Windows Defender is starting with Windows 8, Windows Defender became Microsoft's official anti-malware solution, offering real-time protection.

Windows Defender includes an option to automatically send malware signatures to Microsoft for analysis.
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Symantec Endpoint Protection is a terrible AV and fails horribly with polymorphic viruses. IPS, SONAR, Insight etc. all useless.

I have close to a hundred samples that SEP misses and 60% detect. Here are the ones after I registered. Note that every entry here shows that Symantec detected it but this is only because I physically submitted a sample to Symantec and rescanned after they confirmed that it is part of the definition
https://www.virustotal.com/#/user/svermaak

Some of my favorites
vt1.pngvt2.png
And just for those that will say VirusTotal does not do the "advance" scans of SEP, all the viruses that weren't detected was tested against the full SEP AV too.

On top of that, it broke our environment more than once.
  • DNS, DHCP, AD DBs corrupted after claiming they automatically exclude files
  • Broke server shares
  • Memory leak on servers. Kills them in a few hours

I do not take any AV seriously unless they have features that block ransomware definitionless such as BitDefender protected folders, I believe Defender added something similar recently.
Y Yconsultant

Author

Commented:
"All antivirus stinks these days."
- Ha! kinda agreed!
Y Yconsultant

Author

Commented:
Shaun, I feel your pain with SEP! And thanks for the info, i will keep staying away from it.
yo_beeDirector of Information Technology
CERTIFIED EXPERT

Commented:
You have players like Carbon Black or Crowd Strike that take behavioral analysis of applications and block based on out of context behavior from that application.  

These are not any cheaper, but do a better
bbaoIT Consultant
CERTIFIED EXPERT

Commented:
again, Windows Defender can be centrally managed in a certain way. if you are interested in helping the client switch to the built-in solution on Windows 10, you may check this discussion - how to manage Windows Defender in an enterprise environment.

https://techcommunity.microsoft.com/t5/Windows-10-security/Windows-Defender-Management/td-p/80704

moreover, the solution can be even extended into Azure.

https://docs.microsoft.com/en-au/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus

Explore More ContentExplore courses, solutions, and other research materials related to this topic.