VirusScan Enterprise 8.0

VirusScan Enterprise 8.0
McAfee
Prices start: $39 per user

At its core, McAfee's VirusScan Enterprise 8.0 (VSE) is, well, an antivirus application. But its embedded event response capabilities coupled with McAfee's ePolicy Orchestrator 3.5 (EPO) makes this package more like an intrusion prevention suite.

Designed for Windows environments, VSE performs continuous or on-demand scans of files and e-mails (supporting Microsoft Exchange and Lotus Notes), catching malware through signature-matching and heuristics. VSE also detects and blocks unwanted programs, such as adware and spyware, and provides multiple response and remediation options.

VSE sports several useful tools that monitor and block potentially dangerous scripts. It blocks inbound and outbound traffic to a specific range of ports, and helps detect and prevent buffer overflows by monitoring commonly exploited API calls.

VSE ships with predefined rules for monitoring and blocking specific actions (such as never allowing executable files in the temp folder); custom rules can be easily added by simply clicking the "Add" button in the VSE interface. The intuitive management console lets security managers define monitoring and blocking parameters.

More Information Visit our virus/antivirus resource center for news, tips and expert advice

By default, VSE blocks connections to any remote system attempting to access an infected file in a shared folder. Similarly, connection attempts to remote computers running malicious spyware are blocked.

During our testing, VSE effectively blocked everything thrown at it. We set up firewall rules that prohibited outbound FTP and inbound HTTP connections, and restricted access to certain network shares on the VSE workstation. We attempted to install Gator, a prolific piece of adware, and the VNC remote control applications. VSE detected and quarantined both.

Buttressing VSE's security functionality is EPO's impressive management and endpoint security capabilities.

Using VSE like a host-based agent, EPO checks connecting devices for security status and policy compliance. Through its System Compliance Profiler module, it can adjust VSE configuration settings and check Windows machines for patch and service pack status. However, it can't push patches or configuration changes to non-AV applications and OSes. EPO can also manage Symantec and Trend Micro AV applications, but functionality is limited.

EPO can detect untrusted devices on the network, but blocking or isolating untrusted devices must be done manually or through another application.

Security managers will appreciate EPO's predefined reports and events dashboard. There are approximately 40 predefined reports that list information such as DAT and engine versions, hosts most commonly infected and infection rate analysis.

VirusScan Enterprise 8.0 is definitely more than an AV application, but it's not quite a full-featured firewall or an IPS. Bundling it with ePolicy Orchestrator 3.5's strong management, reports and limited endpoint security capabilities gives VSE added dimension.

About the Author
Steven Weil is a contributor to Information Security magazine.

This review orginally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Security Buyer's Guide Keystroke dynamics makes BioPassword Internet Edition a viable authentication option Access security with KoolSpan's SecurEdge NetChk Protect 5.5 Biometrics: Best practices, future trends 2006 Products of the Year: Emerging Technologies Secure Sphere 2.0 Scan & Deliver: SLAs force service providers and outsources to hit the mark ... or hit the road Secure remote access: SSH Tectia Manager Spycatcher Enterprise 3.2 Configuresoft's Enterprise Configuration Manager v4.7 Viruses, Worms and Other Malware Microsoft Word zero-day being actively exploited New defenses for automated SQL injection attacks Are there antivirus suites that pick up more than just run-of-the-mill viruses? Information security book excerpts and reviews Yahoo, McAfee to warn users of dangerous websites Botnets and ethics Interview: Jim Kirkhope of NCR Trojan downloaders, droppers skyrocket, Microsoft says New phishing, Zeus Trojan technique spreads crimeware Researchers uncover tool used to infect websites, spread malware Hardware 2006 Products of the Year: E-mail security Symantec's Symantec Mail Security 8200 series Sizing up e-mail appliances IronPort C-Series Messaging Gateway MXtreme Mail Firewall 4.0 Products of the Year: Security appliances Products of the Year: Security management systems Hot Pick: Blue Coat ProxyAV 2000 No sweat appliances RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) Mytob  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.