Jamf Nation Community

We use System Centre EndPoint Protection by Microsoft. It updates the Anti virus signatures automatically on the Student machines without having to be an Admin
It seems to catch stuff too

We're using Microsoft SCEP also. It seems to be fine (for the most part) on machines where the same user logs into the same machine consistently and their home folder never goes anywhere, but it's been a nightmare on our lab machines because we wipe profiles regularly. We see a login time increase of at least 30 seconds on machines where the user does not already have a home folder. Shrinking the size of the default user template helped to a degree, but I'm still actively looking for an antivirus solution that doesn't blow up our login times.

Another one using SCEP here. It works ok - haven't seen the login issues that @dudzikj has, but from an "enterprise" ready perspective, SCEP doesn't have the central management capabilities that other vendors provide. For companies where certain security audits may be required, SCEP may not be sufficient. I've mitigated this to some degree with extension attributes, but they're not too accurate around infection reporting and there wasn't any way I found at the time to initiate scans from a script or anything like that. No real central management of exceptions, and so on. If you have an EA with Microsoft that includes SCEP and no budget to purchase a different AV solution, then it is certainly a good option in that case.

We use Kaspersky and I would he happy to have only 30 additional seconds during a first login. We are seeing anything from 30 seconds -2 minutes. We had a lot of issues with slow apps but it appeared to be related to actively scanning a few sandbox locations. In terms of catching things, it does a great job of finding windows virus's that are in old backups of users files from when they migrated over to the Apple world. I think my advice for any direction you go would be to carefully implement exclusions for known sandbox locations as well as keeping the User Template as small as possible like mentioned by @dudzikj People will always complain that it makes things slower all around.

Try excluding /private/var/db/dslocal/ or just all of /private/var/db.

I agree with @Kaltsas . However, I'll give a shoutout to Cylance. We moved from Sophos to Cylance last year to improve performance and gain execution control. It's done a great job combating the actual adware/malware that affects the MacOS now-a-days as well as having a beautiful console. It also manages it's own update process quite smoothly.

P.S. Their enterprise pricing will scare any EDU. I hope they've come up with a broader policy on edu pricing plan's to compete with all of the others. We worked something out.

We run Sophos AV, I've not encountered th eissues you are experiencing.
Maybe check settings for auto update: Primary location - Internal , Secondary - External

"Check for updates" xxx: We set at 55 minutes

OH, Also, On our Macbooks, the primary and secondary update servers are reversed.

Maybe your settings are as my previous post? Therefor, 1st point of attempted contact (internal) is primary and may be causing the delay?

We use Avast free for edu its a web portal that is pretty good at what it does we have it on 350 so devices. Best part is its free.

@WBS I played around with Avast and thought it showed a lot of promise, but when our licensing coordinator reached out to Avast they said they were no longer doing the "free for edu" program. Do you have a contact from Avast that we might be able to reach out to?

I'd love to get in on that program if it's still alive!

I am sorry i thought it was for EDU but it is for business however when i talked to avast to begin with they said its just merged really, here is what my console calls it.

AVAST FOR BUSINESS
BASIC ANTIVIRUS

https://business.avast.com

Its free to sign up and is painless all around. You can get the paid version but for our needs free works fine.

@Ricky wrote:

I see that both Sophos and McAffe are adding a minimum of 30 seconds to login time.

If these files are excluded from antivirus scans, the login delay caused by such scans should go away:

 ls -l /private/var/db/dslocal/nodes/Default |  grep sqlindex
total 1920
-rw-------    1 root  wheel  372736 Mar  9 22:44 sqlindex
-rw-------    1 root  wheel   32768 Mar  9 22:29 sqlindex-shm
-rw-------    1 root  wheel  576832 Mar 10 14:34 sqlindex-wal