3 Replies Latest reply on Mar 6, 2010 6:07 PM by zman

    Thoughts on LANDesk AV 8.8 SP3 + 9, real world usage



      So I am currently involved with evaluating new managed client AV products for our environment and LANDesk AV is one of the contenders.


      Currently we are running SAV10 however our renewal is comming up soon and we have to upgrade the product to accomodate a Win 7 rollout that is anticipated.


      Orignially we considered SEP 11, however the reviews were less than glowing, conifguration seemed cumbersome due to the modules available, and it meant retaining a dedicated VM/server for client management.


      The current contenders are as follows:


      McAfee Enterprise (upper management is interested from use in past environemnts)


      SEP 11 (An updated port from our current SAV10 infrastructure, but reports indicate that it seems somewhat bloated, neither myself in engineering nor security are a fan of continuing with this option currently)


      ESET Business Edition (This is the security teams "favorite" as their assesment is that the engine is one of the most advanced out there plus it offers realtime download scanning, though everything I have read which is limited suggests that it is a bit of work to implement it properly and its not as intuitive as other clients, that and the rate of detection isn't any better than simpler clients)


      Landesk AV based on Kaspersky  (This would be for me the easiest solution as we already use LANDesk for client management, the AV piece is just a module in the agent and is easy to deploy, and as a part of the deployment they include the removal option which means I wouldn't have to script an uninstall process of whatever we have on the systems (primarily SAV though some Sophos)


      So while I am leaning towards LANDesk AV because of its convenience and my efforts to consolidate technologies, security is concerned that it might not be the best possible product for threat detection/remediation.


      Wondering if anyone has any data they could share if possible or real world expereince with the LD AV client, I think the biggest problem is the lack of knowledge surrounding LD AV by our security people as it is relatively unknown (though they do like the fact that it uses kaspersky defs and the engine).


      Also security was concerned that the LANDesk agent did not seem to scan .jpg files, some extended java files, and also did not do real time download scanning which are all things they felt put clients at high risk.


      Regardless of what we choose between LDAV and ESET or whatever I feel it stands to be better than where we are with SAV 10, but the ease of deployment and client management as well as possible lower expense are all for me big draws to LDAV...wondering if there is anything I am missing about the product?



        • 1. Re: Thoughts on LANDesk AV 8.8 SP3 + 9, real world usage
          LANDave SupportEmployee

          A word on download scanning with LANDesk Antivirus.   With the realtime scanner running, the files are not even able to be written to disk as they are downloaded.


          An example of this is using the EICAR Test Malware file (An industry standard Malware test file). 




          If you have the realtime scanner running and download this file, as soon as it tries to write it to disk the write operation will be blocked and the OS will say "You need permission to perform this action.  You require permission from the computer's administrator to make these changes".   At the same time a LANDesk Antivirus notification appears (if configured to show realtime messages on the client) that shows the malware found, where It was found, the file name, and the virus name.


          A combination of Patch Manager, LANDesk Antivirus and LANDesk Endpoint Security (LANDesk Firewall, LANDesk HIPS, and LANDesk Device Control) is an extremely robust suite of utilities to protect against all kinds of security threats.


          I would definitely seriously consider LANDesk Antivirus.


          The Kaspersky engine boasts some of the best response times to new malware, most frequent updates, and highest rate of detection in the industry.

          • 2. Re: Thoughts on LANDesk AV 8.8 SP3 + 9, real world usage

            Hi David,


            Thanks, that is reassuring and I will be sure to let our security team know.


            By chance would you happen to know much about the security that the gateway device employs, our security team is rather concerned that the gateway passes a connection through the DMZ to the Core server for authentication verification, the thought is that once you're beyond the firewall then that gives you an opportunity to breach security and access the corporate network.


            We had a recent conference call with a Landesk Gateway engineer but he couldn't speak to the security piece of it.