AntiVirus for Windows Servers?

[Jamsan]

I'm looking to replace our Antivirus, as McAfee recently end-of-lifed it (currently have McAfee VirusScan Enterprise 8.0) - We're thinking of going up to the current version of the app (8.7), but want to weigh all of our options out prior to doing so. The other options we're looking at are Sophos and Symantec Corporate. Anyone have any experiencing or any reviews available comparing the 3 (or any others I haven't included)? Servers are a mix of web, file server, dhcp/dns/dc, and SQL.

Lastly, the chosen product should be compatible with Windows 08 server, as we may plan an upgrade on some of the servers soon.

Thanks.

 

[chuck2002]

I was involved in the campus AV license for FSU and we had the same choice.
It came down to the three you mentioned, where Mcafee was currently licensed on campus. We also wanted antispyware, which wasn't in our campus agreement previously.
We sent out for bid to Mcafee, Sophos and Symantec, but doing for campus, the scale was for 50k plus devices.
Result: Symantec wasn't interested in putting out a price.
Sophos brought a price and we tested the product along with the management interface
Mcafee was cheaper.
We assumed both products have equal scanning capabilities, which may or may not be true depending on who you ask, but since it is a moving target, we had to equal the playing field and say they discover threats equally.
From an end user and management interface perspective, Mcafee wins hands down. The Sophos management interface was crummy. Truly crummy.
We decided to stick with Mcafee, as for the price it was a clear winner. Sophos would have had to be head and shoulders better and it simply was not as good.

We are currently running 8.7 AV with antispyware and ePO 4.0.
Also, we run Citrix servers and found that the Antispyware module add on was crushing the performance on these servers. Uninstalling antispyware for these servers fixed the issue. We have since placed a policy that no servers get the antispyware addon.
Otherwise 8.7 and ePO has been excellent for us.

 

[imported_snikt]

We were using 8.0i on our servers as well but we would experience intermittent problems where some of our servers would lose their network connection and we would have to bounce them to regain the connection. After researching the problem we determined 8.0i was causing the problem. McAfee has a patch for the problem but it didn't really help much. So finally we decided to go with 8.5i which has been rock-solid. We have a mix of 2000, '03, and '08 and all are now using 8.5i.

 

[mvbighead]

I will say that we have 8.5.0i; it is managed out of our corporate office, and the big issue we have with it is performance. It absolutely killed our file server, (which has dual Xeons in the +2.0GHz range), and also our older workstations have gotten to a point where they are almost unusable (Dell GX260s with P4 2.4GHz procs). Since I can't really configure any of the settings as an admin since it is managed elsewhere, all I can do is send feedback up the ladder and hope for some assistance. It isn't at all bad for current systems with Dual Core CPUs, but if you have single core CPUs, you might want to test it out if you can before you step up there.

 

[drebo]

Symantec Endpoint Protection is a fantastic application. I recommend it for and sell it to all of our clients, and I recommend it here as well.

 

[Emulex]

yup SEP is great. just disable everything but AV.

the small business version is really nice not so top heavy on administration server requirements.

been using sep11 since MR1 and quite honestly its just now getting stable on 2008 or x64.

one cool thing is that SEP will on clients protect its other symantec products. if you try to nuke a backup exec job on a client pc; tamper protection can block it. keeps idiots from stopping important processes.

SEP is also cool if both the server and client (over a network share) are using the same SEP it will not double scan if you desire.

overall a really wonky program but when its going smooth it does work quite well.

heed my warning on the server install just the AV and think carefully about the active-scanning.

p.s. SEP has client scanning of inbound and outbound mail (pop/smtp) and built in scanning in outlook ; iirc one of those products left that out. not all gateways catch all viruses 100% of the time; the outbound filter keeps folks from spamming since it effectively rate limits itself outbound

 

[Zstream]

SEP MR3 or MR4, it is meant for servers.

 

[Matt84]

Originally posted by: mvbighead
I will say that we have 8.5.0i; it is managed out of our corporate office, and the big issue we have with it is performance. It absolutely killed our file server, (which has dual Xeons in the +2.0GHz range), and also our older workstations have gotten to a point where they are almost unusable (Dell GX260s with P4 2.4GHz procs). Since I can't really configure any of the settings as an admin since it is managed elsewhere, all I can do is send feedback up the ladder and hope for some assistance. It isn't at all bad for current systems with Dual Core CPUs, but if you have single core CPUs, you might want to test it out if you can before you step up there.

We had exaclty the same issues with McAfee 8.0 and 8.5 on our old single core developer workstations. It was so bad that compilation times of less than 1 minute with the resident protection disabled would take over 15 with it enabled.

Complaining to management fell on deaf ears until one ofour developers worked out that if you killed the McAfee Framework Service process, the central management program could no longer push out policy settings to that machine. From that point forward we could disable the resident scanner while compiling our applications and then turn it back on again after.

Once management found out about this they began to take the issue seriously. Now we have Sophos and it seems very light on resources compared to McAfee.