loveboy_lion

Level 1
Verified
dont know abut which company uses comodo for business but all universities and collages in US use Comodo SSL certificate
http://www.comodo.com/news/press_releases/2011/09/Comodo-And-InCommon-Partnership.html
 

pcjunklist

Level 1
The easiest corporate AV's to manage are Symantec Endpoint Protection (SEP) and Microsoft System Center 2012 Endpoint Protection (part of SCCM). The most versatile would be MS SCCM, it provides a great management platform with a half decent AV and if your GPO's are set correctly you shouldn't get any viruses. Also MS is a cheaper solution to Symantec. Comodo Enterprise is just the regular CIS that can be run by a Management package which really can't compare to the big names. Comodo is fairly cheap though I think a year deal is only $1 per license. When I get a chance I have a 8 hyper-v server setup with 8 different Enterprise AV's that I intend to test, hopefully end of weekend or early next week.
 

pcjunklist

Level 1
The thing that really irritates me is almost all the management side of the AV's use Java. I really hate having to install java on a server.
 

nick76

Level 1
with Vipre you don't have to install Java anywhere. And it's really easy to manage, but I'm quite unsure about protection
 

pcjunklist

Level 1
If your systems are getting lots of virus's I think you should look over your policies and GPOs. Do you have any gateway protection? Any site blocking on the firewall?

nick76 said:
with Vipre you don't have to install Java anywhere. And it's really easy to manage, but I'm quite unsure about protection
 

malbky

New Member
I agree to pc junklist. There are certain Idiots in our school lab who will disable Kaspersky while using the pcs. THey think its a hinderance. This is how our machines get infected. So I asked the system admin to change the settings in Kaspersky's centralised manager password protect all settings. From that time we have had far less cases of virus issues.
 

nick76

Level 1
nope, domain users cannot install/uninstall software, they cannot disable av, and they cannot download exe, cmd, vbs...... They don't have access to removable devices or CD ROM, and everything between inside and outside is strictly filtered. The problem is about some IDIOTS users who have privileges as local admin. Conficker has been inserted with one of these users. but I cannot deny them as local admin. :-(
 

pablozi

Level 23
Verified
Trusted
Why not try SAAS? http://en.wikipedia.org/wiki/Software_as_a_service
Webroot: http://www.webroot.com/En_US/business-web-security-saas.html
Symantec: http://www.symantec.com/theme.jsp?themeid=symantec-cloud&inid=us_ghp_cont1_symcloud
 

Spirit

New Member
If I were you i would have go with either Norton or Kaspersky because they have good protection,professional technician, advance knowledge of security.

Yes it can cost you few more $ than other but if you want good protection to business you have to spend some extra bucks.
 

pcjunklist

Level 1
Nobody in a domain should be running as an admin. You should setup a local admin account on the machine so they can use the "run as admin" but not as a day to day operational user. With Win2k8 and Windows 7 you should be utilizing both Software Restriction Policies and Applocker. If you have the money you should look at bit9 whitelisting much easier to implement. You should also implement some strict computer usage policies with punishments. Forgot to ask, do these local admin's have domain admin rights as well?

nick76 said:
nope, domain users cannot install/uninstall software, they cannot disable av, and they cannot download exe, cmd, vbs...... They don't have access to removable devices or CD ROM, and everything between inside and outside is strictly filtered. The problem is about some IDIOTS users who have privileges as local admin. Conficker has been inserted with one of these users. but I cannot deny them as local admin. :-(
 

malbky

New Member
Cant help if admins are Idiots. Trust me no security can prevent infections when idiots use the pc. Best bet switch to linux.
 

pcjunklist

Level 1
It has nothing to do with the OS it's just following least privilege.
malbky said:
Cant help if admins are Idiots. Trust me no security can prevent infections when idiots use the pc. Best bet switch to linux.
 

nick76

Level 1
Forgot to ask, do these local admin's have domain admin rights as well?
No, the local admin aren't domain admins. we have only 6 domain admins with very hard rules with them.
 

pcjunklist

Level 1
Good, that would be a total disaster. You should look into some form of app control either it be applocker or bit9. You may also be able to add a companion scanner on their machine for extra protection, depending on the hardware specs of the laptop. Maybe EAM or mamutu. Have you installed Emet on any of the machines?
nick76 said:
Forgot to ask, do these local admin's have domain admin rights as well?
No, the local admin aren't domain admins. we have only 6 domain admins with very hard rules with them.
 

nick76

Level 1
I'm planning to add EMET on all internet enabled wks. I'm testing the resource usage, because normally users tend to be very annoying with wks performances...
 

pcjunklist

Level 1
To help with Emet distribution, not sure what your setup is so I just added some general help links

http://recxltd.blogspot.com/2012/04/recx-emet-configuration-builder.html
http://blogs.technet.com/b/configmgrteam/archive/2012/05/15/deploying-and-configuring-the-enhanced-mitigation-experience-toolkit.aspx
nick76 said:
I'm planning to add EMET on all internet enabled wks. I'm testing the resource usage, because normally users tend to be very annoying with wks performances...