2

Are there any desktop antivirus products suitable for use in an enterprise environment without a Windows server?

We're currently using McAfee for our Windows desktops but to get updates and alerts with the latest version it looks like you need to be running their EPO server software. I'd like to avoid the cost of hardware and Windows licensing, and if possible to run just client-based antivirus.

Ideally it would support:

  1. Updates from an internal copy of the definitions (e.g. a wget mirror)
  2. Automated configuration of the install
  3. Alerts from the client via email
Adam
  • 352
  • 2
  • 9
  • Do you have any servers available, Linux for example? – Sam Cogan Feb 10 '10 at 11:53
  • Our main servers are Solaris so unlikely to be useful for any products. Adding a Linux server would be better than a Windows server, but I'd still prefer as little server-based as possible – Adam Feb 10 '10 at 12:21
  • do you have a domain controller? use that – Nick Kavadias Feb 10 '10 at 16:19
  • 1
    @Nick Kavadias - I have to disagree with this. A DC shouldn't run any other services, especially one as potentially taxing as AV event logging and updating. – MDMarra Mar 31 '10 at 21:28

6 Answers6

3

It almost sounds like you're after a P2P kind of deployment. I've never seen something like that, but it could be an interesting idea.

We use ESET NOD32, which can run just fine without connection to a central server. Of course, then you miss out on centralized monitoring and alerting, as well as automated deployment. I believe it uses HTTP as the update method, so with a bit of hacking you could get all of the clients to update from a local HTTP server.

Nic
  • 13,425
  • 17
  • 61
  • 104
  • Oh yeah, and I'm pretty sure the client can be configured to send alerts using an arbitrary SMTP server. – Nic Mar 31 '10 at 23:13
  • Come to think of it, I seem to recall that any client can be configured as an update mirror - no hacking required. – Nic Apr 01 '10 at 00:30
  • HTTP updates and SMTP alerts sounds promising. I realise that we can't get active monitoring, but we could live without that. – Adam Apr 01 '10 at 08:31
2

Do you have a caching proxy server, or do you have the ability to add one?

If you do, then any AV that gets its updates over the internet should be fine. If you were to set very aggressive caching for their update site (should be easy to track down with some basic logging), then the updates only need to be downloaded once, and can then be grabbed from the cache of the proxy server.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • +1 for mentioning the caching proxy. A useful option (unfortunately doesn't help with software that needs a server for alerts) – Adam Apr 01 '10 at 08:33
1

Trend Micro's Worry-Free Business Security does not require a Windows Server. Any machine you wish can become "the server" as it installs an apache based management console. From there you can push updates or push a virus scan to any or all computers. You can also place machines in groups and have them utilize different parameters such as scan frequency, blocked URLs, etc. It also sends emails when a virus is detected or removed, or when it can't be removed. Installation on each machine can be done via command line or web browser.

http://us.trendmicro.com/us/products/sb/worry-free-business-security/

  • It looks like the "server" in that case still needs to be Windows (though it can be XP rather than Server). They also have a hosted option which might be good though. – Adam Apr 01 '10 at 08:39
0

CA ETrust Enterprise AV you can purchase and run as few as one individual clients that download from the vendor's servers over the internet. Cost is about $40 per client per year.

Internal updates/redistribution mechanism is very simple. Configuration is also customizable and very simple. They have a free 30-day eval you can download.

http://www.ca.com/us/products/product.aspx?id=156

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • 5
    I would stay FAR FAR away from CA AV products, they are resource hogs, miss 10 year old viruses, and just generally are not ready for enterprise deployment. – Zypher Feb 10 '10 at 15:04
0

I think it may be worth you while to grab eval copies of some likely looking AV products and install them on a test (virtual?) machine. Then have a look to see if they can be configured to grab the updates from a specific source. If they can, it should be easy enough to determine where their default downloads come from, along with whatever connection strings are sent to the source. Once you've found one you can work with, set one machine up to download the updates and configure the rest to get them from that machine. In all likelihood the download source settings will be stored in the registry, making it simply to use GPO or a script to propagate that information. It's a fair bit of fiddling about but the end result may be worth it.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
-2

I have been using Symantec Corporate edition for years, and finally just updated to the latest version of Endpoint Protection, and I'm loving it. Its reasonably priced, and does very well, and isn't a resource hog either.

DanBig
  • 11,423
  • 1
  • 29
  • 53
  • Any details relevant to the question about non-windows central server or internet updating? We've done the 'whats your favorite AV' thread previously. – Chris Thorpe Mar 31 '10 at 20:54
  • Sorry, Symantec definitely requires a central management server on Windows so it isn't useful in this case. – Adam Apr 01 '10 at 08:41
  • You can certainly use SAV without a central server, the clients will be in "unmanaged" mode, and will get updates directly from the internet. And what we have here, is "client based licensing" – DanBig Apr 01 '10 at 16:46