Webroot SecureAnywhere Business Replacement?
-
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
@kelly said in Webroot SecureAnywhere Business Replacement?:
@dashrender said in Webroot SecureAnywhere Business Replacement?:
@kelly said in Webroot SecureAnywhere Business Replacement?:
@dashrender said in Webroot SecureAnywhere Business Replacement?:
@kelly said in Webroot SecureAnywhere Business Replacement?:
@dashrender said in Webroot SecureAnywhere Business Replacement?:
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
I will definitely need centralized management.
So for Intune, it boils down to - does the cost make sense when you add in the other features you gain along with AV? I'm not sure I can get there. Damn it's way more expensive than O365 Business, 20% more... for RMM and AV...
Shit MS is basically giving O365 away, it's the add-ons that kill ya!
Intune is actually a good price compared to Apple focued MDM solutions.
Sure, if MDM is what you're looking for. In my case, I'm mainly looking for an AV alternative, a sprinkle of MDM would be nice, but not something I was really looking for.
At least wrx7m seems like he wants both, so likely the cost will be justifiable to his management.
Lots of options for Defender now: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.
Without digging into all those articles, does anything offer centralized logging other than SCCM and Intune?
Perhaps the rest do, but only if you're pulling logs from the clients into something like Graylog server, or if all of your devices are set to send their logs to a centralized Windows server (then you get to deal with Windows Event Viewer - ewww!
I don't think there is a way to do it without third party tools.
https://i.imgur.com/X9Rkw2e.png
So straight GPO doesn't give you reporting, but you can use Powershell to collect information, I'm not really sure how the WMI part works - I'm guessing one could write a web applet that could poll this data from MSFT_MpPreference class and MSFT_MpSignature class?
-
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
I will definitely need centralized management.
What's the piece of that that you need? AV isn't something requiring much management typically. You want it updated and running, maybe centrally reporting. What do you want to manage?
White listing something would be the main thing I could think of for management.
-
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
I will definitely need centralized management.
What's the piece of that that you need? AV isn't something requiring much management typically. You want it updated and running, maybe centrally reporting. What do you want to manage?
Deployment, configuration and reporting.
Is that really needed? We use Defender most places. Nothing to deploy, that's automatic. Nothing to configure, also automatic (normally.) And reporting, can be done lots of ways but is rarely needed. that's the one piece that could be improved a lot, but what kind of reporting do you really want?
-
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
I will definitely need centralized management.
What's the piece of that that you need? AV isn't something requiring much management typically. You want it updated and running, maybe centrally reporting. What do you want to manage?
Deployment, configuration and reporting.
Deployment is built into Windows 10, so nothing to worry about there. Config - what other than whitelisting something is there to configure?
Reporting is the bugaboo. As listed Intune and SCCM with MOM can it, Powershell and WMI can do it, GPO alone can't. -
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
, but what kind of reporting do you really want?
To know what the current status of the endpoint is - i.e. version of software, engine and dat files.
Also want to know about any infection/attempted infections.This last bit I'd like in realtime so we can see if there is something weird going on.
-
@dashrender said in Webroot SecureAnywhere Business Replacement?:
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
, but what kind of reporting do you really want?
To know what the current status of the endpoint is - i.e. version of software, engine and dat files.
Also want to know about any infection/attempted infections.This last bit I'd like in realtime so we can see if there is something weird going on.
https://docs.microsoft.com/en-us/powershell/module/defender/index?view=win10-ps
Realtime is the hard part.
-
I still have mostly Windows 7, but am migrating to Windows 10. Also, currently on Server 2012 R2 for all but one Server 2008 r2.
I want reporting for immediate alerts for any infections. Almost no one will notify me of issues until it really impedes their work.
-
@kelly said in Webroot SecureAnywhere Business Replacement?:
@dashrender said in Webroot SecureAnywhere Business Replacement?:
@scottalanmiller said in Webroot SecureAnywhere Business Replacement?:
, but what kind of reporting do you really want?
To know what the current status of the endpoint is - i.e. version of software, engine and dat files.
Also want to know about any infection/attempted infections.This last bit I'd like in realtime so we can see if there is something weird going on.
https://docs.microsoft.com/en-us/powershell/module/defender/index?view=win10-ps
Realtime is the hard part.
Agreed - but the WMI thing I would guess could get you pretty damned close. I'd say 5 mins is good enough in most cases.
-
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
I still have mostly Windows 7, but am migrating to Windows 10. Also, currently on Server 2012 R2 for all but one Server 2008 r2.
I want reporting for immediate alerts for any infections. Almost no one will notify me of issues until it really impedes their work.
Defender can be baked into your deployment image, so that's not much different that Win 10. And I'm pretty sure you can put defender on Windows Server 2008 or newer.
-
At my new place, we use ESET. That's purely for the central management console when we're supporting 250+ small businesses.
-
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
@momurda said in Webroot SecureAnywhere Business Replacement?:
This task Manager behavior is from Webroot?
I see it occasionally; one developer in particular says it is always a problem.https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Task-Manager/td-p/309032
According to the most recent post in that thread (edit - the most recent post is currently 2 weeks old), a beta release fixes this issue. Being that the thread started in December of 2017, it goes to show how long it takes them to fix things.
yes, that is also what we found out, especially in Windows 10.