What is a good AV solution that also blocks spyware?

[Red Squirrel]

It seems most AVs don't bother with spyware and they only do actual viruses. In my eyes spyware is just as bad as a virus as it will do the same things a virus does: screw up your system, bog it down, and allow access.

Anyone know of a good solution for a comany to use, that has central management?

Right now we're using Mcaffee with EPO.

 

[AnnonUSA]

Symantec Endpoint

 

[mechBgon]

Use the behavior-blocking capabilities in VS Enterprise to block attempted installation. Create a suite of behavior-blocking rules that forbid execution of "attack-capable" filetypes within the user's profile directory. In the version of VS Enterprise I used, you'd do that on this panel :camera: in the Files and folders to block: section.

One rule to block .EXE.

One rule to block .COM.

One rule to block .PIF.

One rule to block .SCR.

and so forth. You'll get some very interesting insights into user behavior as you peruse your ePO logs, not to mention attempted exploits via the usual methods (browsers, media players, etc).

Also, in the Unwanted Programs Policy panel, ensure that you do have all the optional detection categories enabled (spyware, adware, RATs, dialers, jokes, etc).

Overall, McAfee's not good at detecting spyware, but it was never an issue with my fleet regardless, thanks to a good defense-in-depth setup. The behavior-blocking rules were part of the big picture.

 

[Red Squirrel]

I'll take a good look at Symantec Endpoint. The cost does not seem too bad either. Do you know if that comes with a central admin software too?

The macafee hardening is another option too, though I have a feeling it wont work well in that environment. Too many weird apps that people use without IT even being aware of. To me that should be a big no no. Any apps should come through us first, but it does not work that way unfortunatly.

 

[AnnonUSA]

Endpoint does have administrative software....a learning curve to be sure....But I have found it's protection to be second to none.

 

[Lemon law]

While some of you may see nothing but roses in an all in one AV that does all other sorts of malware too, I get very disturbed. The plate of an AV is already full to overflowing, and when AV comparatives start asking AV to do all forms of malware also, it dilutes the comparatives and encourages AV's to rob Peter to pay the less dangerous malware Paul. I am one of those render to Caesar what is Caesar's, and let other apps take care of spyware and malware.