VirusScan Enterprise 8.0
McAfee
Prices start: $39 per user

At its core, McAfee's VirusScan Enterprise 8.0 (VSE) is, well, an antivirus application. But its embedded event response capabilities coupled with McAfee's ePolicy Orchestrator

    Requires Free Membership to View

3.5 (EPO) makes this package more like an intrusion prevention suite.

Designed for Windows environments, VSE performs continuous or on-demand scans of files and e-mails (supporting Microsoft Exchange and Lotus Notes), catching malware through signature-matching and heuristics. VSE also detects and blocks unwanted programs, such as adware and spyware, and provides multiple response and remediation options.

VSE sports several useful tools that monitor and block potentially dangerous scripts. It blocks inbound and outbound traffic to a specific range of ports, and helps detect and prevent buffer overflows by monitoring commonly exploited API calls.

VSE ships with predefined rules for monitoring and blocking specific actions (such as never allowing executable files in the temp folder); custom rules can be easily added by simply clicking the "Add" button in the VSE interface. The intuitive management console lets security managers define monitoring and blocking parameters.

More Information
Visit our virus/antivirus resource center for news, tips and expert advice

By default, VSE blocks connections to any remote system attempting to access an infected file in a shared folder. Similarly, connection attempts to remote computers running malicious spyware are blocked.

During our testing, VSE effectively blocked everything thrown at it. We set up firewall rules that prohibited outbound FTP and inbound HTTP connections, and restricted access to certain network shares on the VSE workstation. We attempted to install Gator, a prolific piece of adware, and the VNC remote control applications. VSE detected and quarantined both.

Buttressing VSE's security functionality is EPO's impressive management and endpoint security capabilities.

Using VSE like a host-based agent, EPO checks connecting devices for security status and policy compliance. Through its System Compliance Profiler module, it can adjust VSE configuration settings and check Windows machines for patch and service pack status. However, it can't push patches or configuration changes to non-AV applications and OSes. EPO can also manage Symantec and Trend Micro AV applications, but functionality is limited.

EPO can detect untrusted devices on the network, but blocking or isolating untrusted devices must be done manually or through another application.

Security managers will appreciate EPO's predefined reports and events dashboard. There are approximately 40 predefined reports that list information such as DAT and engine versions, hosts most commonly infected and infection rate analysis.

VirusScan Enterprise 8.0 is definitely more than an AV application, but it's not quite a full-featured firewall or an IPS. Bundling it with ePolicy Orchestrator 3.5's strong management, reports and limited endpoint security capabilities gives VSE added dimension.

About the Author
Steven Weil is a contributor to Information Security magazine.

This review orginally appeared in Information Security magazine.

This was first published in August 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.