 |
McAfee Active Virus Defense
By Jay
Munro
April 22, 2003
|
- Product: McAfee Active Virus Defense
- Price: For 25 users, with one-year support,
$1,845 per year
- Company Info: Network Associates Inc.,
888-847-8766, http://mcafeeb2b.com
Editor Rating: 
McAfee Active Virus Defense offers multitier protection for
the network, with good integration among modules and
excellent reporting. We recommend it for those who have to
submit detailed AV activity reports to their superiors.
Though it's initially complex to set up, and the interface
isn't as friendly as some of the competition's, it can
manage both McAfee and Symantec scanners, so you're not
locked into McAfee's client software.
McAfee ePolicy Orchestrator (ePO), though tedious to
configure, gives you a global look at your enterprise's
antivirus landscape. Products at the desktop (VirusScan),
file server (NetShield), mail server (GroupShield), and SMTP
gateway (WebShield) all use agents to supply ePO with
up-to-date status for each AV node.
As the center of McAfee's enterprise product line, ePO
can deploy, configure, and monitor VirusScan and NetShield,
configure and monitor GroupShield, and monitor WebShield. It
lets administrators see more than 25 information points for
each machine on the network, such as OS version, CPU type,
and disk statistics.
The ePO interface is not as easy to configure as those of
the Symantec or Trend Micro products, but it makes up for
this with the strongest reporting in our roundup. Setup is
complicated, because ePO shows all the possible products to
install rather than just those available. Using Crystal
Reports, ePO comes with enough preconfigured reports to
satisfy any CIO.
As with its consumer sibling, you configure VirusScan
through tabbed property pages, which administrators can
preset or lock from ePO. The background scanner was the
slowest on our performance degradation test, with a 7.1
percent degradation, but this wasn't hugely off from the
rest. You can install VirusScan to run independently of ePO,
but managed users can still work disconnected: An agent for
mobile users checks in for policy and program updates when
connected. Virus alerts can be sent to the Alert Manager, as
well as to the ePO console. Similar to Symantec's alert
manager, McAfee's is a central point for alerts, which you
can filter by type, contact, and method (pager, e-mail, SNMP
traps, and so on).
NetShield protects file servers, checking inbound and
outbound files for infection. Scan caching in NetShield
works like Sophos's InterCheck, recognizing previously
scanned files and speeding up subsequent scans.
GroupShield safeguards Microsoft Exchange servers and
offers scheduling, scanning, alerts, and a detailed status
console. GroupShield's on-access scanner defaults with
heuristics and archive scanning enabled and scans all file
types. GroupShield can send the administrator, sender, or
recipient notifications and replace infected attachments
with custom text. As a virus escalates, you can step up the
response from simply checking for updates to shutting down
the mail server.
WebShield SMTP is an easy-to-configure mail relay that
can stop malicious code at the perimeter. It scans all
e-mail attachments and attempts to clean infections. It can
block messages with specific e-mail addresses, domains,
sizes, or numbers of attachments. WebShield also offers
rudimentary content filtering.
We tested the currently available versions, but McAfee
plans to release VirusScan 7.0, ePolicy Orchestrator 3.0,
and its new AutoUpdate Architect in the next few months.
These promise a friendlier interface, distributed
repositories, and better integration of definition updates.
