I've been having lots of trouble with Trend Micro Worry-Free
Business Security, which was the antivirus software consensus choice in this
newsgroup back when it was Clent/Server/Messaging Security. I think that it
may be a dog that had its day. Someone was touting Sophos on the Trend Micro
bulletin board. I'd like to install that on a test server to see if I like
it any better. Which product should I try for SBS and does anyone have any
opinions about it?

The big issue now a days is not so much AV as it is malware and the general concensus I think is that most of the client server AV products do a terrible job with Malware. And the client server products think they need to add additional stuff like firewalls and so on.

The Trend Firewall (and others that have added firewall components) seems to be the big challenge
Worry Free with the latest service pack provides and option to get rid of that which settles it down alot

That's the reason I'm switching all my clients to a UTM device..kill it before it gets to the server or a workstation. A simple desktop AV solution takes of issues if they bring in a flash drive, etc from the outside.



--
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-...7269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message news:uo4lUZ0pKHA.4648@newsgroup
I've been having lots of trouble with Trend Micro Worry-Free
Business Security, which was the antivirus software consensus choice in this
newsgroup back when it was Clent/Server/Messaging Security. I think that it
may be a dog that had its day. Someone was touting Sophos on the Trend Micro
bulletin board. I'd like to install that on a test server to see if I like
it any better. Which product should I try for SBS and does anyone have any
opinions about it?

I agree with this in general. And as I've said before, it's the OUTBOUND traffic that's just as important to regulate severely. If the guy at the drawbridge lever is an idiot, it doesn't matter how many crocodiles are in the moat.

I keep getting questions like, "I had antivirus software-- why did I get a virus?" Of course, they didn't actually get a virus-- it was "just" malware, but who cares? Even limiting administrator privileges is becoming less effective.
"Cris Hanna [SBS - MVP]" <crisnospamhanna@newsgroup> wrote in message news:uSDFJt0pKHA.5840@newsgroup
The big issue now a days is not so much AV as it is malware and the general concensus I think is that most of the client server AV products do a terrible job with Malware. And the client server products think they need to add additional stuff like firewalls and so on.

The Trend Firewall (and others that have added firewall components) seems to be the big challenge
Worry Free with the latest service pack provides and option to get rid of that which settles it down alot

That's the reason I'm switching all my clients to a UTM device..kill it before it gets to the server or a workstation. A simple desktop AV solution takes of issues if they bring in a flash drive, etc from the outside.



--
Cris Hanna [SBS - MVP] (since 1997)
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-...7269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message news:uo4lUZ0pKHA.4648@newsgroup
I've been having lots of trouble with Trend Micro Worry-Free
Business Security, which was the antivirus software consensus choice in this
newsgroup back when it was Clent/Server/Messaging Security. I think that it
may be a dog that had its day. Someone was touting Sophos on the Trend Micro
bulletin board. I'd like to install that on a test server to see if I like
it any better. Which product should I try for SBS and does anyone have any
opinions about it?

Had trouble with Trend - had to re-install it also after several hours
trouble-shooting with Trend - but....downloaded a fresh copy and install
went fine. My original download was bad.
JimC


"Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message
news:uo4lUZ0pKHA.4648@newsgroup

> I've been having lots of trouble with Trend Micro Worry-Free
> Business Security, which was the antivirus software consensus choice in
> this newsgroup back when it was Clent/Server/Messaging Security. I think
> that it may be a dog that had its day. Someone was touting Sophos on the
> Trend Micro bulletin board. I'd like to install that on a test server to
> see if I like it any better. Which product should I try for SBS and does
> anyone have any opinions about it?
>

In article <uo4lUZ0pKHA.4648@newsgroup>, spam-only@
2000computer.com says...

>
> I've been having lots of trouble with Trend Micro Worry-Free
> Business Security, which was the antivirus software consensus choice in this
> newsgroup back when it was Clent/Server/Messaging Security. I think that it
> may be a dog that had its day. Someone was touting Sophos on the Trend Micro
> bulletin board. I'd like to install that on a test server to see if I like
> it any better. Which product should I try for SBS and does anyone have any
> opinions about it?

I run Sophos Endpoint Protection and PureMessage (Exchange/email) Server
on several clients - it's pretty easy install, and an excellent product
to push out to client PC's. I highly recommend it - it's dearer than
Trend, but the product and support is excellent.

I've managed to move all but two clients from Trend to Sophos - I think
you'll agree it's a superior prouduct. As said, it's downside is that
it it quite expensive.

--
Duncan.

Thanks for the note. One reason I moved clients to Trend Micro is
that it's much less expensive than Symantec. Another is the excellent spam
filtering. Is the spam filtering as good as Trend Micro's?


"Duncan McCormack" <no-spam@newsgroup> wrote in message
news:MPG.25d8e9ce718c08d9989b5a@newsgroup

> In article <uo4lUZ0pKHA.4648@newsgroup>, spam-only@
> 2000computer.com says...

>>
>> I've been having lots of trouble with Trend Micro Worry-Free
>> Business Security, which was the antivirus software consensus choice in
>> this
>> newsgroup back when it was Clent/Server/Messaging Security. I think that
>> it
>> may be a dog that had its day. Someone was touting Sophos on the Trend
>> Micro
>> bulletin board. I'd like to install that on a test server to see if I
>> like
>> it any better. Which product should I try for SBS and does anyone have
>> any
>> opinions about it?

>
> I run Sophos Endpoint Protection and PureMessage (Exchange/email) Server
> on several clients - it's pretty easy install, and an excellent product
> to push out to client PC's. I highly recommend it - it's dearer than
> Trend, but the product and support is excellent.
>
> I've managed to move all but two clients from Trend to Sophos - I think
> you'll agree it's a superior prouduct. As said, it's downside is that
> it it quite expensive.
>
> --
> Duncan.

I couldn't tell you sorry - as I've never implemented it. I use
zen.spamhous blacklist in Exchange Server and Exchange Server's IMF, and
find that combination does pretty well on it's own.

--
Duncan.

In article <esXbo55pKHA.1672@newsgroup>, spam-only@
2000computer.com says...

>
> Thanks for the note. One reason I moved clients to Trend Micro is
> that it's much less expensive than Symantec. Another is the excellent spam
> filtering. Is the spam filtering as good as Trend Micro's?
>
>
> "Duncan McCormack" <no-spam@newsgroup> wrote in message
> news:MPG.25d8e9ce718c08d9989b5a@newsgroup

> > In article <uo4lUZ0pKHA.4648@newsgroup>, spam-only@
> > 2000computer.com says...

> >>
> >> I've been having lots of trouble with Trend Micro Worry-Free
> >> Business Security, which was the antivirus software consensus choice in
> >> this
> >> newsgroup back when it was Clent/Server/Messaging Security. I think that
> >> it
> >> may be a dog that had its day. Someone was touting Sophos on the Trend
> >> Micro
> >> bulletin board. I'd like to install that on a test server to see if I
> >> like
> >> it any better. Which product should I try for SBS and does anyone have
> >> any
> >> opinions about it?

> >
> > I run Sophos Endpoint Protection and PureMessage (Exchange/email) Server
> > on several clients - it's pretty easy install, and an excellent product
> > to push out to client PC's. I highly recommend it - it's dearer than
> > Trend, but the product and support is excellent.
> >
> > I've managed to move all but two clients from Trend to Sophos - I think
> > you'll agree it's a superior prouduct. As said, it's downside is that
> > it it quite expensive.
> >
> > --
> > Duncan.

Off topic here, but I have been in contact with Trend Micro and offered them
a suggestion/request to enable blocking files by actual file type when
viewing web pages. I had asked if it would be possible to somehow use the
SMTP ability to strip attachments by file type and port that to the desktop
firewall or HTTP stream so that admins could block the download of EXE or
DLL files during web browsing, with password-required bypass access
available and also the ability to trust certain sites such as their own,
Microsoft, etc.

I have my WatchGuard firewall set to block executables by MIME type except
for files from trusted sites, and no executable gets past it, even when
visiting known-infected sites from my test system. If Trend's programmers
could make that work, and give us the ability to trust certain sites
(Microsoft, Trend Micro, etc), then they no longer would have to rely upon
detection of new threats with signatures, which they are not doing very well
for the rogue malware apps. I have run into a few sites that no AV vendor
has classified yet that have infected files, and I can click OK on their
little “protect me now” window and not get hit because the firewall blocks
the EXE or DLL files.

If we can get a few more Trend resellers to jump on them and suggest this
ability, maybe they will implement it.

Gregg Hill







"Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message
news:uo4lUZ0pKHA.4648@newsgroup

> I've been having lots of trouble with Trend Micro Worry-Free
> Business Security, which was the antivirus software consensus choice in
> this newsgroup back when it was Clent/Server/Messaging Security. I think
> that it may be a dog that had its day. Someone was touting Sophos on the
> Trend Micro bulletin board. I'd like to install that on a test server to
> see if I like it any better. Which product should I try for SBS and does
> anyone have any opinions about it?
>

That sounds promising. I realized that signature-based detection was
a dead-end 15-20 years ago, and today we have just too many signatures and
too many files to scan (meaning slow), and too many polymorphic threats, too
many zero-day threats, and too many holes (meaning ineffective). I've long
blocked e-mail attachments by extension (the only effective way to do it).
I'll suggest it to Trend Micro, but it may actually be more effective at the
firewall level. I'll have to see if I can implement it on our Sonicwalls
(not optimistic about our Netgear FVS318's).

"Gregg Hill" <greggmhill at please do not spam me at yahoo dot com> wrote in
message news:uM9BXB9pKHA.4648@newsgroup

> Off topic here, but I have been in contact with Trend Micro and offered
> them a suggestion/request to enable blocking files by actual file type
> when viewing web pages. I had asked if it would be possible to somehow use
> the SMTP ability to strip attachments by file type and port that to the
> desktop firewall or HTTP stream so that admins could block the download of
> EXE or DLL files during web browsing, with password-required bypass access
> available and also the ability to trust certain sites such as their own,
> Microsoft, etc.
>
> I have my WatchGuard firewall set to block executables by MIME type except
> for files from trusted sites, and no executable gets past it, even when
> visiting known-infected sites from my test system. If Trend's programmers
> could make that work, and give us the ability to trust certain sites
> (Microsoft, Trend Micro, etc), then they no longer would have to rely upon
> detection of new threats with signatures, which they are not doing very
> well for the rogue malware apps. I have run into a few sites that no AV
> vendor has classified yet that have infected files, and I can click OK on
> their little “protect me now” window and not get hit because the firewall
> blocks the EXE or DLL files.
>
> If we can get a few more Trend resellers to jump on them and suggest this
> ability, maybe they will implement it.
>
> Gregg Hill
>
>
>
>
>
>
>
> "Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message
> news:uo4lUZ0pKHA.4648@newsgroup

>> I've been having lots of trouble with Trend Micro Worry-Free
>> Business Security, which was the antivirus software consensus choice in
>> this newsgroup back when it was Clent/Server/Messaging Security. I think
>> that it may be a dog that had its day. Someone was touting Sophos on the
>> Trend Micro bulletin board. I'd like to install that on a test server to
>> see if I like it any better. Which product should I try for SBS and does
>> anyone have any opinions about it?
>>

In article <u77RtLFqKHA.1544@newsgroup>, spam-only@
2000computer.com says...

> That sounds promising.
>

I've used this method with my WatchGuard firewalls for a LONG TIME, both
SMTP and HTTP proxy rules permit this.

For HTTP, you can also created multiple HTTP Proxy rules, one for each
different area of your network, as example:

DHCP POOL 192.168.32.100-199

HTTP_Generic_Proxy.Out LAN 192.168.32.100-159 - Block all file types
that might contain malware. Set Web-Blocker to most restrictive blocking
of websites by content classification.

Now, create DHCP reservations for ...160-199 (or the range you need for
special rules.

HTTP_Managers_Proxy.Out LAN 192.168.32.160-199 - Block all file types
that might contain malware, allow exceptions for ADOBE, MICROSOFT,
SYMANTEC, AVIRA, etc.... Set Web-Blocker to LEAST restrictive blocking
of websites by content classification as risk level permits.

In some businesses we have up to 4 HTTP rules, one that doesn't permit
any web access except white-listed sites (for MS updates, Adobe,
Symantec, etc...), the others around the type types above....



--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@newsgroup (remove 999 for proper email address)