- May 11, 2013
- 1,687
Hello Guys,
After months and months being offline i am finally back.
Lots of private problems, moving house, people passing away, and the birth of my son last 30 sept.
So for those who missed me guess what: I am back
A few months ago i wrote: http://malwaretips.com/threads/n-nvt-configuration.15799/
And based upon this topic i received loads of positive reactions but also a load of questions.
So let me reply to some of the most common questions:
How does SEP Policy setting stack up against Windows Group Policy?
SEP does have a separate set of rules which can be configured both locally as client or centrally as system admin.
These policy settings can be configured per account and per scenario and if specifically requested they can replace the windows group policy manager completely.
However one needs to understand that WGP is made with the workstation / client behavior in mind, while SEP has been made with security in mind. So even tho SEP has the option to replace the WGP it would be best to merge them. Which has been done on my systems.
One needs to remember that out of the box windows has a basic set of rules, which applies also to SEP or any other end point product (Cloud based or Server/Locally Based) Most of these settings are a trade of between usability, speed, compatibility and sacrificing some security and controlling/monitoring options.
While this might suit the average user its KEY to, read the extensive documentation of both WGP and SEP as they do share some internal rules that tend to cancel out the security and flexibility that both intent to provide.
So its important to remove any rule or policy setting (disable them) that does conflict, or is considered inferior / obsolete to your specific configuration.
My point is there are loads of reviews about SEP, Sophos and other vendors regarding their EPP (End Point Solutions and Applications.)
And virtually non of them reflect the possibilities and flexibility that such program provide.
As i mentioned in the main post some months ago, for me personally Symantec does the job superior to any other product, However it needs to be said that this applies to our infrastructure and to our specific needs and configuration settings utilizing the full potential of the policy config settings within SEP to implement and replace obsolete and inferior rule settings within the windows WGP.
This is vital to understand, because what works for me, does not have to work for you.
Any EPP vendor like Symantec, Sophos, F-Secure will offer you seriously good packages, but their effectiveness and flexibility really becomes visible the moment when you are going to configure them to fit into your setup on top of that not every Vendor has the ability to full fill your needs if your configuration does not support individual policy settings that are being enforced by for example SEP.
So in short said any EPP Solution can be magic to your configuration, but at the very same time it can be horror, if you do not understand the abilities and if you do not predefine what you want the EPP to do for you.
And yes stupid WGP is a big hassle, because with all respect to Microsoft they do not provide much protection within their WGP predefined rule set. However they configured it such way that windows itself will try to enforce those settings regardless if you disabled them or not.
So installing SEP or any vendor EPP will not do you any good unless you specifically go trough each rule and change them to your needs. If you do so then SEP can merge into WGP and take over the full enforcing module thus providing max security while not having to face several trade offs.
Also i received some comments from players using Comodo.
No disrespect to a rather average product, but programs like SEP and other EPP are in a league of their own and within the policy settings described above there is so much potential and security available that Comodo could be regarded as a nice "home" application but compared to EPP solutions its just a empty shell.
This is not because Comodo is bad, hell no but its just because its specifically focus on a entire different scenario and setup.
As many people out there have posted on their blogs and review pages, what works for you does not need to work for me and vice versa, BUT there are some programs specifically made for a select group of scenario's and environments and they cannot be compared to products like Comodo or other similar brands.
Comodo does provide a good level of security and layered modules specifically made for the average home user, in rare cases it even might suit a small company desktop computer.
But for large networks and hundreds of client computers Comodo is plain and simple utterly useless and a fake idea of security, and totally outclassed by even average EPP brands not to mention how it would stack against vendors like Symantec or Sophos.
In other words Comodo should do what they do best and thats securing a single home user pc and stay away from the big boy jobs. Which is not so surprisingly as Comodo was never made to compete wit the big boys.
I hope this gives you a good insight and a better understanding.
Kind Regards Nico
Ps oeps seems i posted this in the wrong section, please relocate my post if needed.
After months and months being offline i am finally back.
Lots of private problems, moving house, people passing away, and the birth of my son last 30 sept.
So for those who missed me guess what: I am back
A few months ago i wrote: http://malwaretips.com/threads/n-nvt-configuration.15799/
And based upon this topic i received loads of positive reactions but also a load of questions.
So let me reply to some of the most common questions:
How does SEP Policy setting stack up against Windows Group Policy?
SEP does have a separate set of rules which can be configured both locally as client or centrally as system admin.
These policy settings can be configured per account and per scenario and if specifically requested they can replace the windows group policy manager completely.
However one needs to understand that WGP is made with the workstation / client behavior in mind, while SEP has been made with security in mind. So even tho SEP has the option to replace the WGP it would be best to merge them. Which has been done on my systems.
One needs to remember that out of the box windows has a basic set of rules, which applies also to SEP or any other end point product (Cloud based or Server/Locally Based) Most of these settings are a trade of between usability, speed, compatibility and sacrificing some security and controlling/monitoring options.
While this might suit the average user its KEY to, read the extensive documentation of both WGP and SEP as they do share some internal rules that tend to cancel out the security and flexibility that both intent to provide.
So its important to remove any rule or policy setting (disable them) that does conflict, or is considered inferior / obsolete to your specific configuration.
My point is there are loads of reviews about SEP, Sophos and other vendors regarding their EPP (End Point Solutions and Applications.)
And virtually non of them reflect the possibilities and flexibility that such program provide.
As i mentioned in the main post some months ago, for me personally Symantec does the job superior to any other product, However it needs to be said that this applies to our infrastructure and to our specific needs and configuration settings utilizing the full potential of the policy config settings within SEP to implement and replace obsolete and inferior rule settings within the windows WGP.
This is vital to understand, because what works for me, does not have to work for you.
Any EPP vendor like Symantec, Sophos, F-Secure will offer you seriously good packages, but their effectiveness and flexibility really becomes visible the moment when you are going to configure them to fit into your setup on top of that not every Vendor has the ability to full fill your needs if your configuration does not support individual policy settings that are being enforced by for example SEP.
So in short said any EPP Solution can be magic to your configuration, but at the very same time it can be horror, if you do not understand the abilities and if you do not predefine what you want the EPP to do for you.
And yes stupid WGP is a big hassle, because with all respect to Microsoft they do not provide much protection within their WGP predefined rule set. However they configured it such way that windows itself will try to enforce those settings regardless if you disabled them or not.
So installing SEP or any vendor EPP will not do you any good unless you specifically go trough each rule and change them to your needs. If you do so then SEP can merge into WGP and take over the full enforcing module thus providing max security while not having to face several trade offs.
Also i received some comments from players using Comodo.
No disrespect to a rather average product, but programs like SEP and other EPP are in a league of their own and within the policy settings described above there is so much potential and security available that Comodo could be regarded as a nice "home" application but compared to EPP solutions its just a empty shell.
This is not because Comodo is bad, hell no but its just because its specifically focus on a entire different scenario and setup.
As many people out there have posted on their blogs and review pages, what works for you does not need to work for me and vice versa, BUT there are some programs specifically made for a select group of scenario's and environments and they cannot be compared to products like Comodo or other similar brands.
Comodo does provide a good level of security and layered modules specifically made for the average home user, in rare cases it even might suit a small company desktop computer.
But for large networks and hundreds of client computers Comodo is plain and simple utterly useless and a fake idea of security, and totally outclassed by even average EPP brands not to mention how it would stack against vendors like Symantec or Sophos.
In other words Comodo should do what they do best and thats securing a single home user pc and stay away from the big boy jobs. Which is not so surprisingly as Comodo was never made to compete wit the big boys.
I hope this gives you a good insight and a better understanding.
Kind Regards Nico
Ps oeps seems i posted this in the wrong section, please relocate my post if needed.
Last edited:
