| Author | Messages | |
borisd@xxxx.yyy
 | | 10/04/2005 2:18 AM |
| Hello everybody,
I got some questions about the anti-virus protection of a domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I am using it
successfully on many workstations, but I am not quite sure how it will act on
a DC. What kind of protection do you use on your DCs and have somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your workstations in
domain, do you use a single copy of a normal AV or some enterprise edition?
All advises on the topic of antivirus protection in domain controller and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| prenouf
Posts:1
| | 10/04/2005 3:28 AM |
| Phil
On 10/4/05, Boris Demirov wrote:
Hello everybody,I got some questions about the anti-virus protection of a domain controllerand the domain environment:
In my opinion the best AV program for the moment is NOD32 - I am using itsuccessfully on many workstations, but I am not quite sure how it will act ona DC. What kind of protection do you use on your DCs and have somebody got a
closer look on the NOD32 installed on a DC?And something else to ask: what kind of AV protect your workstations indomain, do you use a single copy of a normal AV or some enterprise edition?All advises on the topic of antivirus protection in domain controller and the
stations in the domain are welcome.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001210
Posts:0
| | 10/04/2005 3:30 AM |
| Trend ServerProtect for the servers and Trend Officescan for the workstations
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Boris Demirov
Sent: Tuesday, October 04, 2005 9:10 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Anti-virus protection in domain enviroment
Hello everybody,
I got some questions about the anti-virus protection of a domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I am using it
successfully on many workstations, but I am not quite sure how it will act on
a DC. What kind of protection do you use on your DCs and have somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your workstations in
domain, do you use a single copy of a normal AV or some enterprise edition?
All advises on the topic of antivirus protection in domain controller and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| bdesmond
Posts:409
| | 10/04/2005 3:49 AM |
| We use that combination as well, has worked out well for the past four or
five years. Supposedly Trend has rolled ServerProtect into OfficeScan
recently. The latest OfficeScan has not worked out well on DCs.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mike Williams
Sent: Tuesday, October 04, 2005 11:14 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Trend ServerProtect for the servers and Trend Officescan for the
workstations
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Boris Demirov
Sent: Tuesday, October 04, 2005 9:10 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Anti-virus protection in domain enviroment
Hello everybody,
I got some questions about the anti-virus protection of a domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I am using it
successfully on many workstations, but I am not quite sure how it will act
on
a DC. What kind of protection do you use on your DCs and have somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your workstations in
domain, do you use a single copy of a normal AV or some enterprise edition?
All advises on the topic of antivirus protection in domain controller and
the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001210
Posts:0
| | 10/04/2005 4:16 AM |
| I better check that out before we re-up in April. Thanks for the heads up on
that!
We also run ScanMail 7, I've been trying to fix a memory fragmentation error
that only happens when I have scanmail installed. Their tech support has been
helpful so far..
We also run a 3COM email firewall for first line virus protection, but just
read that Kaspersky has some flaw..
Never ending struggle continues..
Mike
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Brian Desmond
Sent: Tuesday, October 04, 2005 10:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
We use that combination as well, has worked out well for the past four or
five years. Supposedly Trend has rolled ServerProtect into OfficeScan
recently. The latest OfficeScan has not worked out well on DCs.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mike Williams
Sent: Tuesday, October 04, 2005 11:14 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Trend ServerProtect for the servers and Trend Officescan for the
workstations
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Boris Demirov
Sent: Tuesday, October 04, 2005 9:10 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Anti-virus protection in domain enviroment
Hello everybody,
I got some questions about the anti-virus protection of a domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I am using it
successfully on many workstations, but I am not quite sure how it will act
on
a DC. What kind of protection do you use on your DCs and have somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your workstations in
domain, do you use a single copy of a normal AV or some enterprise edition?
All advises on the topic of antivirus protection in domain controller and
the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD000001290
Posts:0
| | 10/04/2005 4:20 AM |
| Just to add a little to what Phil says:
When I last used ePO I found that possibly the most useful
feature was the reporting aspect. This allows you (amongst others) to assess
which viruses were found in the environment and therefore what action if any
needs to be taken to prevent further infection.
Most organisations don't have any idea how many infections
they suffer from or how regularly the infections occur. A tool such as ePO can
help in this area quite significantly. [it's also a handy management tool which
helps justify the ongoing AV costs :) ]
neil
___________________________ Neil Ruston Global Technology Infrastructure Nomura International plc
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Phil
RenoufSent: 04 October 2005 16:10To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Anti-virus
protection in domain enviroment
Take a look at this article, it should give you the information you need to
configure Antivirus on your DC's:
http://support.microsoft.com/default.aspx/kb/822158
I don't have any experience running NOD32 on anything :)
As for clients, most environments I have been in use a product similar to
McAfee's EPO to centrally manage all the AV agents on the desktop to make sure
they are configured to the corporate standard and that they have up to date scan
engines and DAT files.
Phil
On 10/4/05, Boris
Demirov borisd@xxxxxxxxxxxxxx> wrote:
Hello
everybody,I got some questions about the anti-virus protection of a domain
controllerand the domain environment: In my opinion the best AV
program for the moment is NOD32 - I am using itsuccessfully on many
workstations, but I am not quite sure how it will act ona DC. What kind of
protection do you use on your DCs and have somebody got a closer look on
the NOD32 installed on a DC?And something else to ask: what kind of AV
protect your workstations indomain, do you use a single copy of a normal
AV or some enterprise edition?All advises on the topic of antivirus
protection in domain controller and the stations in the domain are
welcome.List info : http://www.activedir.org/List.aspxList
FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies. | | | |
| tvanderkooi
Posts:15
| | 10/04/2005 4:29 AM |
| We use NOD32 on DCs with no ill effects what so ever. I agree that right
now it is the best anti-virus solution available. We use is for both
servers and workstations using the enterprise edition with Remote
Management console. I love it. We do not use NOD's Exchange product, not
because it isn't great. I just don't believe in putting all my eggs in
one vendor's basket, so to speak. If you have other questions Boris
please feel free to ask.
HTH
Tim
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Brian Desmond
Sent: Tuesday, October 04, 2005 10:42 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
We use that combination as well, has worked out well for the past four
or five years. Supposedly Trend has rolled ServerProtect into OfficeScan
recently. The latest OfficeScan has not worked out well on DCs.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mike Williams
Sent: Tuesday, October 04, 2005 11:14 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Trend ServerProtect for the servers and Trend Officescan for the
workstations
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]On Behalf Of Boris Demirov
Sent: Tuesday, October 04, 2005 9:10 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Anti-virus protection in domain enviroment
Hello everybody,
I got some questions about the anti-virus protection of a domain
controller and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I am using
it successfully on many workstations, but I am not quite sure how it
will act on
a DC. What kind of protection do you use on your DCs and have somebody
got a closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your workstations in
domain, do you use a single copy of a normal AV or some enterprise
edition?
All advises on the topic of antivirus protection in domain controller
and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000275
Posts:0
| | 10/04/2005 4:54 AM |
| My 2
cents...
EpO has worked
outstanding for us.
Does inventory
reports, finds "rogues", demonstrates to pointy-haired bosses how many
infections are avoided and how dangerous it is "out there."
Combined with
CommTouch Anti-Spam solution.
-----Original Message-----From:
neil.ruston@xxxxxxxxxxxxx [mailto:neil.ruston@xxxxxxxxxxxxx] Sent:
Tuesday, October 04, 2005 8:36 AMTo:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Anti-virus
protection in domain enviroment
Just to add a little to what Phil
says:
When I last used ePO I found that possibly the most
useful feature was the reporting aspect. This allows you (amongst others) to
assess which viruses were found in the environment and therefore what action
if any needs to be taken to prevent further infection.
Most organisations don't have any idea how many
infections they suffer from or how regularly the infections occur. A tool such
as ePO can help in this area quite significantly. [it's also a handy
management tool which helps justify the ongoing AV costs :)
]
neil
___________________________ Neil Ruston Global Technology Infrastructure Nomura International plc
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Phil
RenoufSent: 04 October 2005 16:10To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir] Anti-virus
protection in domain enviroment
Take a look at this article, it should give you the information you need
to configure Antivirus on your DC's:
http://support.microsoft.com/default.aspx/kb/822158
I don't have any experience running NOD32 on anything :)
As for clients, most environments I have been in use a product similar to
McAfee's EPO to centrally manage all the AV agents on the desktop to make sure
they are configured to the corporate standard and that they have up to date
scan engines and DAT files.
Phil
On 10/4/05, Boris
Demirov borisd@xxxxxxxxxxxxxx>
wrote:
Hello
everybody,I got some questions about the anti-virus protection of a
domain controllerand the domain environment: In my opinion the
best AV program for the moment is NOD32 - I am using itsuccessfully on
many workstations, but I am not quite sure how it will act ona DC. What
kind of protection do you use on your DCs and have somebody got a closer
look on the NOD32 installed on a DC?And something else to ask: what kind
of AV protect your workstations indomain, do you use a single copy of a
normal AV or some enterprise edition?All advises on the topic of
antivirus protection in domain controller and the stations in the domain
are welcome.List info : http://www.activedir.org/List.aspxList
FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura
International plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the
presence of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought
then please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment
research; (2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or
sell securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT
No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.
A member of the Nomura group of companies.
� | | | |
| sbradcpa
Posts:349
| | 10/04/2005 5:23 AM |
| My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution:
http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
My 2 cents...
EpO has worked outstanding for us.
Does inventory reports, finds "rogues", demonstrates to pointy-haired
bosses how many infections are avoided and how dangerous it is "out
there."
Combined with CommTouch Anti-Spam solution.
-----Original Message-----
*From:* neil.ruston@xxxxxxxxxxxxx [mailto:neil.ruston@xxxxxxxxxxxxx]
*Sent:* Tuesday, October 04, 2005 8:36 AM
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Anti-virus protection in domain enviroment
Just to add a little to what Phil says:
When I last used ePO I found that possibly the most useful feature
was the reporting aspect. This allows you (amongst others) to
assess which viruses were found in the environment and therefore
what action if any needs to be taken to prevent further infection.
Most organisations don't have any idea how many infections they
suffer from or how regularly the infections occur. A tool such as
ePO can help in this area quite significantly. [it's also a handy
management tool which helps justify the ongoing AV costs :) ]
neil
*___________________________*
*Neil Ruston*
Global Technology Infrastructure
Nomura International plc
------------------------------------------------------------------------
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil Renouf
*Sent:* 04 October 2005 16:10
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* Re: [ActiveDir] Anti-virus protection in domain enviroment
Take a look at this article, it should give you the information
you need to configure Antivirus on your DC's:
http://support.microsoft.com/default.aspx/kb/822158
I don't have any experience running NOD32 on anything :)
As for clients, most environments I have been in use a product
similar to McAfee's EPO to centrally manage all the AV agents on
the desktop to make sure they are configured to the corporate
standard and that they have up to date scan engines and DAT files.
Phil
On 10/4/05, *Boris Demirov* > wrote:
Hello everybody,
I got some questions about the anti-virus protection of a
domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I
am using it
successfully on many workstations, but I am not quite sure how
it will act on
a DC. What kind of protection do you use on your DCs and have
somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your
workstations in
domain, do you use a single copy of a normal AV or some
enterprise edition?
All advises on the topic of antivirus protection in domain
controller and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and
delete your
copy from your system. You must not copy, distribute or take any
further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious or
disabling
code in, this message or any attachment(s) to it. If verification
of this
email is sought then please request a hard copy. Unless otherwise
stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.
NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| Ahmed.AlAwah@xxxx.yyy
| | 10/04/2005 5:51 AM |
| Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition for
A/V protection in a domain environment?
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@xxxxxxxxxxx]
Sent: October 4, 2005 11:07 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
> My 2 cents...
> EpO has worked outstanding for us.
> Does inventory reports, finds "rogues", demonstrates to pointy-haired
> bosses how many infections are avoided and how dangerous it is "out
> there."
> Combined with CommTouch Anti-Spam solution.
>
> -----Original Message-----
> *From:* neil.ruston@xxxxxxxxxxxxx [mailto:neil.ruston@xxxxxxxxxxxxx]
> *Sent:* Tuesday, October 04, 2005 8:36 AM
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Just to add a little to what Phil says:
>
> When I last used ePO I found that possibly the most useful feature
> was the reporting aspect. This allows you (amongst others) to
> assess which viruses were found in the environment and therefore
> what action if any needs to be taken to prevent further infection.
>
> Most organisations don't have any idea how many infections they
> suffer from or how regularly the infections occur. A tool such as
> ePO can help in this area quite significantly. [it's also a handy
> management tool which helps justify the ongoing AV costs :) ]
>
> neil
>
>
> *___________________________*
> *Neil Ruston*
> Global Technology Infrastructure
> Nomura International plc
>
>
>
------------------------------------------------------------------------
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil Renouf
> *Sent:* 04 October 2005 16:10
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Take a look at this article, it should give you the information
> you need to configure Antivirus on your DC's:
>
> http://support.microsoft.com/default.aspx/kb/822158
>
> I don't have any experience running NOD32 on anything :)
>
> As for clients, most environments I have been in use a product
> similar to McAfee's EPO to centrally manage all the AV agents on
> the desktop to make sure they are configured to the corporate
> standard and that they have up to date scan engines and DAT files.
>
> Phil
>
>
> On 10/4/05, *Boris Demirov* > wrote:
>
> Hello everybody,
> I got some questions about the anti-virus protection of a
> domain controller
> and the domain environment:
>
> In my opinion the best AV program for the moment is NOD32 - I
> am using it
> successfully on many workstations, but I am not quite sure how
> it will act on
> a DC. What kind of protection do you use on your DCs and have
> somebody got a
> closer look on the NOD32 installed on a DC?
> And something else to ask: what kind of AV protect your
> workstations in
> domain, do you use a single copy of a normal AV or some
> enterprise edition?
>
> All advises on the topic of antivirus protection in domain
> controller and the
> stations in the domain are welcome.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> PLEASE READ: The information contained in this email is
> confidential and
> intended for the named recipient(s) only. If you are not an intended
> recipient of this email please notify the sender immediately and
> delete your
> copy from your system. You must not copy, distribute or take any
> further
> action in reliance on it. Email is not a secure method of
> communication and
> Nomura International plc ('NIplc') will not, to the extent
> permitted by law,
> accept responsibility or liability for (a) the accuracy or
> completeness of,
> or (b) the presence of any virus, worm or similar malicious or
> disabling
> code in, this message or any attachment(s) to it. If verification
> of this
> email is sought then please request a hard copy. Unless otherwise
> stated
> this email: (1) is not, and should not be treated or relied upon as,
> investment research; (2) contains views or opinions that are
> solely those of
> the author and do not necessarily represent those of NIplc; (3) is
> intended
> for informational purposes only and is not a recommendation,
> solicitation or
> offer to buy or sell securities or related financial instruments.
> NIplc
> does not provide investment services to private customers.
> Authorised and
> regulated by the Financial Services Authority. Registered in England
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand,
> London, EC1A 4NP. A member of the Nomura group of companies.
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| bdesmond
Posts:409
| | 10/04/2005 5:58 AM |
| We upgraded at least 30K if not more computers to SP2 with Officescan
installed. I didn't hear about any catastrophes.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 04, 2005 1:07 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution there's
something to check on... some of the a/v vendors have historically needed
admin rights to update or have had vulnerabilities themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file upgrade
to XP sp2 wasn't properly 'vetted" and flatlined my workstations and last I
heard cost Trend $8 mil in lost sales. They've also had a security
vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy Orchestrator
command execution:
http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
> My 2 cents...
> EpO has worked outstanding for us.
> Does inventory reports, finds "rogues", demonstrates to pointy-haired
> bosses how many infections are avoided and how dangerous it is "out
> there."
> Combined with CommTouch Anti-Spam solution.
>
> -----Original Message-----
> *From:* neil.ruston@xxxxxxxxxxxxx [mailto:neil.ruston@xxxxxxxxxxxxx]
> *Sent:* Tuesday, October 04, 2005 8:36 AM
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Anti-virus protection in domain enviroment
>
> Just to add a little to what Phil says:
>
> When I last used ePO I found that possibly the most useful feature
> was the reporting aspect. This allows you (amongst others) to
> assess which viruses were found in the environment and therefore
> what action if any needs to be taken to prevent further infection.
>
> Most organisations don't have any idea how many infections they
> suffer from or how regularly the infections occur. A tool such as
> ePO can help in this area quite significantly. [it's also a handy
> management tool which helps justify the ongoing AV costs :) ]
>
> neil
>
>
> *___________________________*
> *Neil Ruston*
> Global Technology Infrastructure
> Nomura International plc
>
>
>
------------------------------------------------------------------------
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil Renouf
> *Sent:* 04 October 2005 16:10
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] Anti-virus protection in domain enviroment
>
> Take a look at this article, it should give you the information
> you need to configure Antivirus on your DC's:
>
> http://support.microsoft.com/default.aspx/kb/822158
>
> I don't have any experience running NOD32 on anything :)
>
> As for clients, most environments I have been in use a product
> similar to McAfee's EPO to centrally manage all the AV agents on
> the desktop to make sure they are configured to the corporate
> standard and that they have up to date scan engines and DAT files.
>
> Phil
>
>
> On 10/4/05, *Boris Demirov* > wrote:
>
> Hello everybody,
> I got some questions about the anti-virus protection of a
> domain controller
> and the domain environment:
>
> In my opinion the best AV program for the moment is NOD32 - I
> am using it
> successfully on many workstations, but I am not quite sure how
> it will act on
> a DC. What kind of protection do you use on your DCs and have
> somebody got a
> closer look on the NOD32 installed on a DC?
> And something else to ask: what kind of AV protect your
> workstations in
> domain, do you use a single copy of a normal AV or some
> enterprise edition?
>
> All advises on the topic of antivirus protection in domain
> controller and the
> stations in the domain are welcome.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> PLEASE READ: The information contained in this email is
> confidential and
> intended for the named recipient(s) only. If you are not an intended
> recipient of this email please notify the sender immediately and
> delete your
> copy from your system. You must not copy, distribute or take any
> further
> action in reliance on it. Email is not a secure method of
> communication and
> Nomura International plc ('NIplc') will not, to the extent
> permitted by law,
> accept responsibility or liability for (a) the accuracy or
> completeness of,
> or (b) the presence of any virus, worm or similar malicious or
> disabling
> code in, this message or any attachment(s) to it. If verification
> of this
> email is sought then please request a hard copy. Unless otherwise
> stated
> this email: (1) is not, and should not be treated or relied upon as,
> investment research; (2) contains views or opinions that are
> solely those of
> the author and do not necessarily represent those of NIplc; (3) is
> intended
> for informational purposes only and is not a recommendation,
> solicitation or
> offer to buy or sell securities or related financial instruments.
> NIplc
> does not provide investment services to private customers.
> Authorised and
> regulated by the Financial Services Authority. Registered in England
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand,
> London, EC1A 4NP. A member of the Nomura group of companies.
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tvanderkooi
Posts:15
| | 10/04/2005 9:15 AM |
| NOD has an admin console very similar to ePO and the others. (does
anyone NOT have a console now days?) Works very nicely to see everything
that is happening throughout your LAN and WAN virus-wise.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 04, 2005 12:07 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution:
http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
> My 2 cents...
> EpO has worked outstanding for us.
> Does inventory reports, finds "rogues", demonstrates to pointy-haired
> bosses how many infections are avoided and how dangerous it is "out
> there."
> Combined with CommTouch Anti-Spam solution.
>
> -----Original Message-----
> *From:* neil.ruston@xxxxxxxxxxxxx
[mailto:neil.ruston@xxxxxxxxxxxxx]
> *Sent:* Tuesday, October 04, 2005 8:36 AM
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Anti-virus protection in domain
enviroment
>
> Just to add a little to what Phil says:
>
> When I last used ePO I found that possibly the most useful feature
> was the reporting aspect. This allows you (amongst others) to
> assess which viruses were found in the environment and therefore
> what action if any needs to be taken to prevent further infection.
>
> Most organisations don't have any idea how many infections they
> suffer from or how regularly the infections occur. A tool such as
> ePO can help in this area quite significantly. [it's also a handy
> management tool which helps justify the ongoing AV costs :) ]
>
> neil
>
>
> *___________________________*
> *Neil Ruston*
> Global Technology Infrastructure
> Nomura International plc
>
>
>
------------------------------------------------------------------------
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil
Renouf
> *Sent:* 04 October 2005 16:10
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] Anti-virus protection in domain
enviroment
>
> Take a look at this article, it should give you the information
> you need to configure Antivirus on your DC's:
>
> http://support.microsoft.com/default.aspx/kb/822158
>
> I don't have any experience running NOD32 on anything :)
>
> As for clients, most environments I have been in use a product
> similar to McAfee's EPO to centrally manage all the AV agents on
> the desktop to make sure they are configured to the corporate
> standard and that they have up to date scan engines and DAT files.
>
> Phil
>
>
> On 10/4/05, *Boris Demirov* > wrote:
>
> Hello everybody,
> I got some questions about the anti-virus protection of a
> domain controller
> and the domain environment:
>
> In my opinion the best AV program for the moment is NOD32 - I
> am using it
> successfully on many workstations, but I am not quite sure how
> it will act on
> a DC. What kind of protection do you use on your DCs and have
> somebody got a
> closer look on the NOD32 installed on a DC?
> And something else to ask: what kind of AV protect your
> workstations in
> domain, do you use a single copy of a normal AV or some
> enterprise edition?
>
> All advises on the topic of antivirus protection in domain
> controller and the
> stations in the domain are welcome.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> PLEASE READ: The information contained in this email is
> confidential and
> intended for the named recipient(s) only. If you are not an
intended
> recipient of this email please notify the sender immediately and
> delete your
> copy from your system. You must not copy, distribute or take any
> further
> action in reliance on it. Email is not a secure method of
> communication and
> Nomura International plc ('NIplc') will not, to the extent
> permitted by law,
> accept responsibility or liability for (a) the accuracy or
> completeness of,
> or (b) the presence of any virus, worm or similar malicious or
> disabling
> code in, this message or any attachment(s) to it. If verification
> of this
> email is sought then please request a hard copy. Unless otherwise
> stated
> this email: (1) is not, and should not be treated or relied upon
as,
> investment research; (2) contains views or opinions that are
> solely those of
> the author and do not necessarily represent those of NIplc; (3) is
> intended
> for informational purposes only and is not a recommendation,
> solicitation or
> offer to buy or sell securities or related financial instruments.
> NIplc
> does not provide investment services to private customers.
> Authorised and
> regulated by the Financial Services Authority. Registered in
England
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand,
> London, EC1A 4NP. A member of the Nomura group of companies.
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| sbradcpa
Posts:349
| | 10/04/2005 10:10 AM |
| Sorry... I didn't make that clear at all and didn't mean the upgrade to
sp2 but rather a dat file upgrade.
The infamous Friday at 3:45 pst when Trend shot out an untested dat that
flatlined any computer that was on at that time is what I was referring
to. West Coast and Asian countries were most affected.
Brian Desmond wrote:
We upgraded at least 30K if not more computers to SP2 with Officescan
installed. I didn't hear about any catastrophes.
Thanks,
Brian Desmond
brian@xxxxxxxxxxxxxxxx
c - 312.731.3132
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 04, 2005 1:07 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution there's
something to check on... some of the a/v vendors have historically needed
admin rights to update or have had vulnerabilities themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file upgrade
to XP sp2 wasn't properly 'vetted" and flatlined my workstations and last I
heard cost Trend $8 mil in lost sales. They've also had a security
vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy Orchestrator
command execution:
http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
My 2 cents...
EpO has worked outstanding for us.
Does inventory reports, finds "rogues", demonstrates to pointy-haired
bosses how many infections are avoided and how dangerous it is "out
there."
Combined with CommTouch Anti-Spam solution.
-----Original Message-----
*From:* neil.ruston@xxxxxxxxxxxxx [mailto:neil.ruston@xxxxxxxxxxxxx]
*Sent:* Tuesday, October 04, 2005 8:36 AM
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Anti-virus protection in domain enviroment
Just to add a little to what Phil says:
When I last used ePO I found that possibly the most useful feature
was the reporting aspect. This allows you (amongst others) to
assess which viruses were found in the environment and therefore
what action if any needs to be taken to prevent further infection.
Most organisations don't have any idea how many infections they
suffer from or how regularly the infections occur. A tool such as
ePO can help in this area quite significantly. [it's also a handy
management tool which helps justify the ongoing AV costs :) ]
neil
*___________________________*
*Neil Ruston*
Global Technology Infrastructure
Nomura International plc
------------------------------------------------------------------------
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil Renouf
*Sent:* 04 October 2005 16:10
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* Re: [ActiveDir] Anti-virus protection in domain enviroment
Take a look at this article, it should give you the information
you need to configure Antivirus on your DC's:
http://support.microsoft.com/default.aspx/kb/822158
I don't have any experience running NOD32 on anything :)
As for clients, most environments I have been in use a product
similar to McAfee's EPO to centrally manage all the AV agents on
the desktop to make sure they are configured to the corporate
standard and that they have up to date scan engines and DAT files.
Phil
On 10/4/05, *Boris Demirov* > wrote:
Hello everybody,
I got some questions about the anti-virus protection of a
domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I
am using it
successfully on many workstations, but I am not quite sure how
it will act on
a DC. What kind of protection do you use on your DCs and have
somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your
workstations in
domain, do you use a single copy of a normal AV or some
enterprise edition?
All advises on the topic of antivirus protection in domain
controller and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and
delete your
copy from your system. You must not copy, distribute or take any
further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious or
disabling
code in, this message or any attachment(s) to it. If verification
of this
email is sought then please request a hard copy. Unless otherwise
stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.
NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| dharris
Posts:0
| | 10/04/2005 11:20 AM |
| Yes: it works OK (nothing has gotten through), except that it uses
EXCESSIVE system resources. I've downgraded many machines back to v9.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al Awah
Sent: Tuesday, October 04, 2005 11:35 AM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition
for A/V protection in a domain environment?
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@xxxxxxxxxxx]
Sent: October 4, 2005 11:07 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
> My 2 cents...
> EpO has worked outstanding for us.
> Does inventory reports, finds "rogues", demonstrates to pointy-haired
> bosses how many infections are avoided and how dangerous it is "out
> there."
> Combined with CommTouch Anti-Spam solution.
>
> -----Original Message-----
> *From:* neil.ruston@xxxxxxxxxxxxx
[mailto:neil.ruston@xxxxxxxxxxxxx]
> *Sent:* Tuesday, October 04, 2005 8:36 AM
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Just to add a little to what Phil says:
>
> When I last used ePO I found that possibly the most useful feature
> was the reporting aspect. This allows you (amongst others) to
> assess which viruses were found in the environment and therefore
> what action if any needs to be taken to prevent further infection.
>
> Most organisations don't have any idea how many infections they
> suffer from or how regularly the infections occur. A tool such as
> ePO can help in this area quite significantly. [it's also a handy
> management tool which helps justify the ongoing AV costs :) ]
>
> neil
>
>
> *___________________________*
> *Neil Ruston*
> Global Technology Infrastructure
> Nomura International plc
>
>
>
------------------------------------------------------------------------
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil
Renouf
> *Sent:* 04 October 2005 16:10
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Take a look at this article, it should give you the information
> you need to configure Antivirus on your DC's:
>
> http://support.microsoft.com/default.aspx/kb/822158
>
> I don't have any experience running NOD32 on anything :)
>
> As for clients, most environments I have been in use a product
> similar to McAfee's EPO to centrally manage all the AV agents on
> the desktop to make sure they are configured to the corporate
> standard and that they have up to date scan engines and DAT files.
>
> Phil
>
>
> On 10/4/05, *Boris Demirov* > wrote:
>
> Hello everybody,
> I got some questions about the anti-virus protection of a
> domain controller
> and the domain environment:
>
> In my opinion the best AV program for the moment is NOD32 - I
> am using it
> successfully on many workstations, but I am not quite sure how
> it will act on
> a DC. What kind of protection do you use on your DCs and have
> somebody got a
> closer look on the NOD32 installed on a DC?
> And something else to ask: what kind of AV protect your
> workstations in
> domain, do you use a single copy of a normal AV or some
> enterprise edition?
>
> All advises on the topic of antivirus protection in domain
> controller and the
> stations in the domain are welcome.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> PLEASE READ: The information contained in this email is
> confidential and
> intended for the named recipient(s) only. If you are not an
intended
> recipient of this email please notify the sender immediately and
> delete your
> copy from your system. You must not copy, distribute or take any
> further
> action in reliance on it. Email is not a secure method of
> communication and
> Nomura International plc ('NIplc') will not, to the extent
> permitted by law,
> accept responsibility or liability for (a) the accuracy or
> completeness of,
> or (b) the presence of any virus, worm or similar malicious or
> disabling
> code in, this message or any attachment(s) to it. If verification
> of this
> email is sought then please request a hard copy. Unless otherwise
> stated
> this email: (1) is not, and should not be treated or relied upon
as,
> investment research; (2) contains views or opinions that are
> solely those of
> the author and do not necessarily represent those of NIplc; (3) is
> intended
> for informational purposes only and is not a recommendation,
> solicitation or
> offer to buy or sell securities or related financial instruments.
> NIplc
> does not provide investment services to private customers.
> Authorised and
> regulated by the Financial Services Authority. Registered in
England
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand,
> London, EC1A 4NP. A member of the Nomura group of companies.
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| Glen@xxxx.yyy
| | 10/05/2005 4:59 AM |
| Look into a product called Office Scan, by a company called Trend Micro. I have been using this product happily since 1998. It saved me from the "I love you" bug and a few rather nasty ones since.
"I want my two dollars!"
And Joe! Petitioning Webster's to include Joe-isms as an actual word.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al Awah
Sent: Tuesday, October 04, 2005 12:35 PM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition for
A/V protection in a domain environment?
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@xxxxxxxxxxx]
Sent: October 4, 2005 11:07 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
> My 2 cents...
> EpO has worked outstanding for us.
> Does inventory reports, finds "rogues", demonstrates to pointy-haired
> bosses how many infections are avoided and how dangerous it is "out
> there."
> Combined with CommTouch Anti-Spam solution.
>
> -----Original Message-----
> *From:* neil.ruston@xxxxxxxxxxxxx [mailto:neil.ruston@xxxxxxxxxxxxx]
> *Sent:* Tuesday, October 04, 2005 8:36 AM
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Just to add a little to what Phil says:
>
> When I last used ePO I found that possibly the most useful feature
> was the reporting aspect. This allows you (amongst others) to
> assess which viruses were found in the environment and therefore
> what action if any needs to be taken to prevent further infection.
>
> Most organisations don't have any idea how many infections they
> suffer from or how regularly the infections occur. A tool such as
> ePO can help in this area quite significantly. [it's also a handy
> management tool which helps justify the ongoing AV costs :) ]
>
> neil
>
>
> *___________________________*
> *Neil Ruston*
> Global Technology Infrastructure
> Nomura International plc
>
>
>
------------------------------------------------------------------------
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil Renouf
> *Sent:* 04 October 2005 16:10
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Take a look at this article, it should give you the information
> you need to configure Antivirus on your DC's:
>
> http://support.microsoft.com/default.aspx/kb/822158
>
> I don't have any experience running NOD32 on anything :)
>
> As for clients, most environments I have been in use a product
> similar to McAfee's EPO to centrally manage all the AV agents on
> the desktop to make sure they are configured to the corporate
> standard and that they have up to date scan engines and DAT files.
>
> Phil
>
>
> On 10/4/05, *Boris Demirov* > wrote:
>
> Hello everybody,
> I got some questions about the anti-virus protection of a
> domain controller
> and the domain environment:
>
> In my opinion the best AV program for the moment is NOD32 - I
> am using it
> successfully on many workstations, but I am not quite sure how
> it will act on
> a DC. What kind of protection do you use on your DCs and have
> somebody got a
> closer look on the NOD32 installed on a DC?
> And something else to ask: what kind of AV protect your
> workstations in
> domain, do you use a single copy of a normal AV or some
> enterprise edition?
>
> All advises on the topic of antivirus protection in domain
> controller and the
> stations in the domain are welcome.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> PLEASE READ: The information contained in this email is
> confidential and
> intended for the named recipient(s) only. If you are not an intended
> recipient of this email please notify the sender immediately and
> delete your
> copy from your system. You must not copy, distribute or take any
> further
> action in reliance on it. Email is not a secure method of
> communication and
> Nomura International plc ('NIplc') will not, to the extent
> permitted by law,
> accept responsibility or liability for (a) the accuracy or
> completeness of,
> or (b) the presence of any virus, worm or similar malicious or
> disabling
> code in, this message or any attachment(s) to it. If verification
> of this
> email is sought then please request a hard copy. Unless otherwise
> stated
> this email: (1) is not, and should not be treated or relied upon as,
> investment research; (2) contains views or opinions that are
> solely those of
> the author and do not necessarily represent those of NIplc; (3) is
> intended
> for informational purposes only and is not a recommendation,
> solicitation or
> offer to buy or sell securities or related financial instruments.
> NIplc
> does not provide investment services to private customers.
> Authorised and
> regulated by the Financial Services Authority. Registered in England
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand,
> London, EC1A 4NP. A member of the Nomura group of companies.
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
a
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000975
Posts:0
| | 10/05/2005 5:08 AM |
| We™re testing SAV10 in our domain
environment at the moment. SAV9 caused problems with the Appletalk protocol
(Macs couldn™t find shared volumes on 2K servers), and caused erroneous
results when scanning the network (every IP device showed up as having misconfigured
FTP, SMTP, and HTTP services running on them). So far, SAV10 appears to
have fixed those problems. The management seems quite simple, also.
Dana
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of ActiveDir@xxxxxxxxxxxxxxxxxx
Sent: Wednesday, October 05, 2005
10:55 AM
Subject: RE: [ActiveDir]
Anti-virus protection in domain enviroment
Importance: Low
Look into a product
called Office Scan, by a company called Trend Micro. I have been using
this product happily since 1998. It saved me from the "I love
you" bug and a few rather nasty ones since.
"I want my two dollars!"
And Joe! Petitioning Webster's to include Joe-isms as an actual word.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Ahmed Al Awah
Sent: Tuesday, October 04, 2005 12:35 PM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition for
A/V protection in a domain environment? | | | |
| tvanderkooi
Posts:15
| | 10/05/2005 5:18 AM |
| I've only been on the list a short time, but I must have missed the
mandatory Trend Micro brainwashing. :-)
So far from what I have noticed there seems to be a set answer to all AV
questions.
Question: I'm curious about the capabilities of NOD32.
Answers (en mass): You should use Trend Micro.
Question: Is anyone using Symantec?
Answer (again en mass): You should buy Trend Micro.
Not that there is anything wrong with Trend Micro's product, it's great
in my opinion, but these responses don't seem to be very helpful with
regard to the questions being asked.
My apologies to the list "gods" if TM is the list sponsor. :-)
Tim
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Glen Miller
Sent: Wednesday, October 05, 2005 11:55 AM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Look into a product called Office Scan, by a company called Trend Micro.
I have been using this product happily since 1998. It saved me from the
"I love you" bug and a few rather nasty ones since.
"I want my two dollars!"
And Joe! Petitioning Webster's to include Joe-isms as an actual word.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al Awah
Sent: Tuesday, October 04, 2005 12:35 PM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition
for A/V protection in a domain environment?
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@xxxxxxxxxxx]
Sent: October 4, 2005 11:07 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
> My 2 cents...
> EpO has worked outstanding for us.
> Does inventory reports, finds "rogues", demonstrates to pointy-haired
> bosses how many infections are avoided and how dangerous it is "out
> there."
> Combined with CommTouch Anti-Spam solution.
>
> -----Original Message-----
> *From:* neil.ruston@xxxxxxxxxxxxx
[mailto:neil.ruston@xxxxxxxxxxxxx]
> *Sent:* Tuesday, October 04, 2005 8:36 AM
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* RE: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Just to add a little to what Phil says:
>
> When I last used ePO I found that possibly the most useful feature
> was the reporting aspect. This allows you (amongst others) to
> assess which viruses were found in the environment and therefore
> what action if any needs to be taken to prevent further infection.
>
> Most organisations don't have any idea how many infections they
> suffer from or how regularly the infections occur. A tool such as
> ePO can help in this area quite significantly. [it's also a handy
> management tool which helps justify the ongoing AV costs :) ]
>
> neil
>
>
> *___________________________*
> *Neil Ruston*
> Global Technology Infrastructure
> Nomura International plc
>
>
>
------------------------------------------------------------------------
> *From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil
Renouf
> *Sent:* 04 October 2005 16:10
> *To:* ActiveDir@xxxxxxxxxxxxxxxxxx
> *Subject:* Re: [ActiveDir] Anti-virus protection in domain
> enviroment
>
> Take a look at this article, it should give you the information
> you need to configure Antivirus on your DC's:
>
> http://support.microsoft.com/default.aspx/kb/822158
>
> I don't have any experience running NOD32 on anything :)
>
> As for clients, most environments I have been in use a product
> similar to McAfee's EPO to centrally manage all the AV agents on
> the desktop to make sure they are configured to the corporate
> standard and that they have up to date scan engines and DAT files.
>
> Phil
>
>
> On 10/4/05, *Boris Demirov* > wrote:
>
> Hello everybody,
> I got some questions about the anti-virus protection of a
> domain controller
> and the domain environment:
>
> In my opinion the best AV program for the moment is NOD32 - I
> am using it
> successfully on many workstations, but I am not quite sure how
> it will act on
> a DC. What kind of protection do you use on your DCs and have
> somebody got a
> closer look on the NOD32 installed on a DC?
> And something else to ask: what kind of AV protect your
> workstations in
> domain, do you use a single copy of a normal AV or some
> enterprise edition?
>
> All advises on the topic of antivirus protection in domain
> controller and the
> stations in the domain are welcome.
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
>
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>
> PLEASE READ: The information contained in this email is
> confidential and
> intended for the named recipient(s) only. If you are not an
intended
> recipient of this email please notify the sender immediately and
> delete your
> copy from your system. You must not copy, distribute or take any
> further
> action in reliance on it. Email is not a secure method of
> communication and
> Nomura International plc ('NIplc') will not, to the extent
> permitted by law,
> accept responsibility or liability for (a) the accuracy or
> completeness of,
> or (b) the presence of any virus, worm or similar malicious or
> disabling
> code in, this message or any attachment(s) to it. If verification
> of this
> email is sought then please request a hard copy. Unless otherwise
> stated
> this email: (1) is not, and should not be treated or relied upon
as,
> investment research; (2) contains views or opinions that are
> solely those of
> the author and do not necessarily represent those of NIplc; (3) is
> intended
> for informational purposes only and is not a recommendation,
> solicitation or
> offer to buy or sell securities or related financial instruments.
> NIplc
> does not provide investment services to private customers.
> Authorised and
> regulated by the Financial Services Authority. Registered in
England
> no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
> Martin's-le-Grand,
> London, EC1A 4NP. A member of the Nomura group of companies.
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
a
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| sbradcpa
Posts:349
| | 10/05/2005 5:29 AM |
| I came > to ripping out Trend in my office due to the BSOD,
false positives and the infamous Friday incident. They are on probation
right now.
The ones bantered around in our A/V wars discussions:
Symantec [not yellow box but corp]
Sophos
CA
I have a fellow SBSer in AU who LOVES Nod32.
Pick one... they are in reality ALL reactionary.
Real geeks don't use A/V anyway. [you should have seen the thread on
whether to stick a/v on a web server on the focus on ms listserve... if
you set up a server for a select job, lock it down.... only serve up
static pages.. why 'does' it need to be covered by A/V was the topic]
Tim Vander Kooi wrote:
I've only been on the list a short time, but I must have missed the
mandatory Trend Micro brainwashing. :-)
So far from what I have noticed there seems to be a set answer to all AV
questions.
Question: I'm curious about the capabilities of NOD32.
Answers (en mass): You should use Trend Micro.
Question: Is anyone using Symantec?
Answer (again en mass): You should buy Trend Micro.
Not that there is anything wrong with Trend Micro's product, it's great
in my opinion, but these responses don't seem to be very helpful with
regard to the questions being asked.
My apologies to the list "gods" if TM is the list sponsor. :-)
Tim
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Glen Miller
Sent: Wednesday, October 05, 2005 11:55 AM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Look into a product called Office Scan, by a company called Trend Micro.
I have been using this product happily since 1998. It saved me from the
"I love you" bug and a few rather nasty ones since.
"I want my two dollars!"
And Joe! Petitioning Webster's to include Joe-isms as an actual word.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al Awah
Sent: Tuesday, October 04, 2005 12:35 PM
To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition
for A/V protection in a domain environment?
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@xxxxxxxxxxx]
Sent: October 4, 2005 11:07 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
My 2 cents...
EpO has worked outstanding for us.
Does inventory reports, finds "rogues", demonstrates to pointy-haired
bosses how many infections are avoided and how dangerous it is "out
there."
Combined with CommTouch Anti-Spam solution.
-----Original Message-----
*From:* neil.ruston@xxxxxxxxxxxxx
[mailto:neil.ruston@xxxxxxxxxxxxx]
*Sent:* Tuesday, October 04, 2005 8:36 AM
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* RE: [ActiveDir] Anti-virus protection in domain
enviroment
Just to add a little to what Phil says:
When I last used ePO I found that possibly the most useful feature
was the reporting aspect. This allows you (amongst others) to
assess which viruses were found in the environment and therefore
what action if any needs to be taken to prevent further infection.
Most organisations don't have any idea how many infections they
suffer from or how regularly the infections occur. A tool such as
ePO can help in this area quite significantly. [it's also a handy
management tool which helps justify the ongoing AV costs :) ]
neil
*___________________________*
*Neil Ruston*
Global Technology Infrastructure
Nomura International plc
------------------------------------------------------------------------
*From:* ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] *On Behalf Of *Phil
Renouf
*Sent:* 04 October 2005 16:10
*To:* ActiveDir@xxxxxxxxxxxxxxxxxx
*Subject:* Re: [ActiveDir] Anti-virus protection in domain
enviroment
Take a look at this article, it should give you the information
you need to configure Antivirus on your DC's:
http://support.microsoft.com/default.aspx/kb/822158
I don't have any experience running NOD32 on anything :)
As for clients, most environments I have been in use a product
similar to McAfee's EPO to centrally manage all the AV agents on
the desktop to make sure they are configured to the corporate
standard and that they have up to date scan engines and DAT files.
Phil
On 10/4/05, *Boris Demirov* > wrote:
Hello everybody,
I got some questions about the anti-virus protection of a
domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I
am using it
successfully on many workstations, but I am not quite sure how
it will act on
a DC. What kind of protection do you use on your DCs and have
somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your
workstations in
domain, do you use a single copy of a normal AV or some
enterprise edition?
All advises on the topic of antivirus protection in domain
controller and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately and
delete your
copy from your system. You must not copy, distribute or take any
further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious or
disabling
code in, this message or any attachment(s) to it. If verification
of this
email is sought then please request a hard copy. Unless otherwise
stated
this email: (1) is not, and should not be treated or relied upon
as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.
NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| deji
Posts:150
| | 10/05/2005 6:48 AM |
| >>> if you set up a server for a select job, lock it down.... only serve up
static pages.. why 'does' it need to be covered by A/V was the topic
>>>
Maybe because if your server can "serve" anything, it can be "served" in
return. Where I come from, we call it the "scratch my back, I scratch your
back" factor :)
With the prevalence of network-burrowing, SMB-crawling worms and trojans, the
fact that you are serving static files is no protection at all.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Susan Bradley, CPA aka
Ebitz - SBS Rocks [MVP]
Sent: Wed 10/5/2005 10:28 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment
I came > to ripping out Trend in my office due to the BSOD,
false positives and the infamous Friday incident. They are on probation
right now.
The ones bantered around in our A/V wars discussions:
Symantec [not yellow box but corp]
Sophos
CA
I have a fellow SBSer in AU who LOVES Nod32.
Pick one... they are in reality ALL reactionary.
Real geeks don't use A/V anyway. [you should have seen the thread on
whether to stick a/v on a web server on the focus on ms listserve... if
you set up a server for a select job, lock it down.... only serve up
static pages.. why 'does' it need to be covered by A/V was the topic]
Tim Vander Kooi wrote:
>I've only been on the list a short time, but I must have missed the
>mandatory Trend Micro brainwashing. :-)
>So far from what I have noticed there seems to be a set answer to all AV
>questions.
>Question: I'm curious about the capabilities of NOD32.
>Answers (en mass): You should use Trend Micro.
>Question: Is anyone using Symantec?
>Answer (again en mass): You should buy Trend Micro.
>
>Not that there is anything wrong with Trend Micro's product, it's great
>in my opinion, but these responses don't seem to be very helpful with
>regard to the questions being asked.
>
>My apologies to the list "gods" if TM is the list sponsor. :-)
>Tim
>
>-----Original Message-----
>From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
>[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Glen Miller
>Sent: Wednesday, October 05, 2005 11:55 AM
>To: 'ActiveDir@xxxxxxxxxxxxxxxxxx'
>Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment
>
>Look into a product called Office Scan, by a company called Trend Micro.
>I have been using this product happily since 1998. It saved me from the
>"I love you" bug and a few rather nasty ones since.
>
>"I want my two dollars!"
> |
|
|