Posted on 03-09-2017 09:03 AM
Hello All,
We were looking at obtaining Sophos AV for our 450 teacher laptops and 200+ lab machines for a school district. In doing some research, I see that both Sophos and McAffe are adding a minimum of 30 seconds to login time.
What programs are you and your teams utilizing that is not only comprehensive on protecting the device / network but also efficient on the machine and doesn't impact the login times in a significant fashion.
Posted on 03-09-2017 09:14 AM
We have two separate platforms we use here at my organization. For our student-owned laptops, we use Avira Free, which is very lightweight and low impact. On our org-owned machines, we use Intego Flextivity. It's very low resource. We have heard complaints of slow boot times or app launch times (especially in regards to CC apps) but nothing has been substantiated or proven through testing.
Posted on 03-09-2017 09:39 AM
We use System Centre EndPoint Protection by Microsoft.
It updates the Anti virus signatures automatically on the Student machines without having to be an Admin
It seems to catch stuff too
Posted on 03-09-2017 09:49 AM
We're using Microsoft SCEP also. It seems to be fine (for the most part) on machines where the same user logs into the same machine consistently and their home folder never goes anywhere, but it's been a nightmare on our lab machines because we wipe profiles regularly. We see a login time increase of at least 30 seconds on machines where the user does not already have a home folder. Shrinking the size of the default user template helped to a degree, but I'm still actively looking for an antivirus solution that doesn't blow up our login times.
Posted on 03-09-2017 11:56 AM
Another one using SCEP here. It works ok - haven't seen the login issues that @dudzikj has, but from an "enterprise" ready perspective, SCEP doesn't have the central management capabilities that other vendors provide. For companies where certain security audits may be required, SCEP may not be sufficient. I've mitigated this to some degree with extension attributes, but they're not too accurate around infection reporting and there wasn't any way I found at the time to initiate scans from a script or anything like that. No real central management of exceptions, and so on. If you have an EA with Microsoft that includes SCEP and no budget to purchase a different AV solution, then it is certainly a good option in that case.
Posted on 03-09-2017 12:44 PM
We use Kaspersky and I would he happy to have only 30 additional seconds during a first login. We are seeing anything from 30 seconds -2 minutes. We had a lot of issues with slow apps but it appeared to be related to actively scanning a few sandbox locations. In terms of catching things, it does a great job of finding windows virus's that are in old backups of users files from when they migrated over to the Apple world. I think my advice for any direction you go would be to carefully implement exclusions for known sandbox locations as well as keeping the User Template as small as possible like mentioned by @dudzikj People will always complain that it makes things slower all around.
Posted on 03-09-2017 01:04 PM
Try excluding /private/var/db/dslocal/ or just all of /private/var/db.
Posted on 03-10-2017 06:50 AM
I agree with @Kaltsas . However, I'll give a shoutout to Cylance. We moved from Sophos to Cylance last year to improve performance and gain execution control. It's done a great job combating the actual adware/malware that affects the MacOS now-a-days as well as having a beautiful console. It also manages it's own update process quite smoothly.
P.S. Their enterprise pricing will scare any EDU. I hope they've come up with a broader policy on edu pricing plan's to compete with all of the others. We worked something out.
Posted on 03-10-2017 07:43 AM
We run Sophos AV, I've not encountered th eissues you are experiencing.
Maybe check settings for auto update: Primary location - Internal , Secondary - External
"Check for updates" xxx: We set at 55 minutes
Posted on 03-10-2017 07:48 AM
OH, Also, On our Macbooks, the primary and secondary update servers are reversed.
Maybe your settings are as my previous post? Therefor, 1st point of attempted contact (internal) is primary and may be causing the delay?
Posted on 03-10-2017 10:40 AM
We use Avast free for edu its a web portal that is pretty good at what it does we have it on 350 so devices. Best part is its free.
Posted on 03-10-2017 10:45 AM
@WBS I played around with Avast and thought it showed a lot of promise, but when our licensing coordinator reached out to Avast they said they were no longer doing the "free for edu" program. Do you have a contact from Avast that we might be able to reach out to?
I'd love to get in on that program if it's still alive!
Posted on 03-10-2017 11:13 AM
I am sorry i thought it was for EDU but it is for business however when i talked to avast to begin with they said its just merged really, here is what my console calls it.
AVAST FOR BUSINESS
BASIC ANTIVIRUS
https://business.avast.com
Its free to sign up and is painless all around. You can get the paid version but for our needs free works fine.
Posted on 03-10-2017 02:37 PM
@Ricky wrote:
I see that both Sophos and McAffe are adding a minimum of 30 seconds to login time.
If these files are excluded from antivirus scans, the login delay caused by such scans should go away:
ls -l /private/var/db/dslocal/nodes/Default | grep sqlindex
total 1920
-rw------- 1 root wheel 372736 Mar 9 22:44 sqlindex
-rw------- 1 root wheel 32768 Mar 9 22:29 sqlindex-shm
-rw------- 1 root wheel 576832 Mar 10 14:34 sqlindex-wal