Re: Sonicwall Virus protection

From: wowcow (nomail_at_nomail.com)
Date: 05/06/05


Date: Fri, 06 May 2005 11:42:10 GMT


> You are right. I am talking about the desktop/firewall approach. It
> would
> seem to enforce the compliance or updating of dats, but pound for pound,
> dollar for dollar, is it better than Mcafee alone? I think I read that
> only
> internet capable machines could run it, is that right?
>
> Is anyone using it today?

    I have it all (from SonicWall). I use the Firewall based scanner, the
Intrusion Prevention, Content Filter and yes, the client based virus scanner
(Overkill maybe, but I'm a one man IT show and I can't afford to go around
cleaning machines).

    "Pound for pound", the client AV through the firewall is cheaper. As of
a couple months ago, you can now even automate the scanning of machines at
the client. It used to be the AV software on the client only watched for
incoming viri and if you wanted to scan the disk, you had to initiate that
from the client. Now I do that via the firewall admin panels.

    You are correct though about the internet. If a machine does not try to
BROWSE the internet, it will never have the AV installed. In-other-words,
if you only setup eMail (no browsing of web pages) the Firewall won't force
the AV software. An easy fix for that is as an administrator, when you
setup a machine on your LAN, start the browser which will force the AV
software to install on the client. Once you have it installed, even if you
never browse the internet again, it will still download updates. HOWEVER,
if a machine is never connected to the ineternet, then NO, you cannot have
the AV running on it.

    On the other hand, if all your internet capable machines are getting the
AV updates, there should be no viri floating around for the unprotected
machine, unless they're exposed to floppy or USB drives?

-Wayne



Relevant Pages

  • Re: sms deployment basic questions
    ... started on all the machines but only one showed up under the "all systems" ... I haven't tried to install ... > In your discovery methods, ... >> client it was telling me it couldn't access some container, ...
    (microsoft.public.sms.admin)
  • Re: wuauclt/srvchost at 100% today
    ... It may say "Install is not needed since Windows Update Agent is ... Manager, WSUS, Microsoft, WSUS 3.0 was released on April 30th and is ... Install the Windows Update Agent for all the client computers ... machines will still be responsive when WU client scans for updates. ...
    (microsoft.public.windowsupdate)
  • Deploying SUS client thru GPO
    ... Trying to deploy SUS client through GP... ... installs fine to machines that need the client. ... Microsoft Windows Update Auto Update -- Microsoft Windows ... needed on these newer machines so the install fails. ...
    (microsoft.public.win2000.windows_update)
  • Re: svchost.exe at 100%
    ... It may say "Install is not needed since Windows Update Agent is ... Manager, WSUS, Microsoft, WSUS 3.0 was released on April 30th and is ... Install the Windows Update Agent for all the client computers ... machines will still be responsive when WU client scans for updates. ...
    (microsoft.public.windowsupdate)
  • RE: Upgrading Adv Client. Some work, some dont.
    ... Using the always install option doesn't seem to produce any better results. ... it's not like the batch file is wrong or has bad syntax because ... it works fine on other machines in the same AD group. ... If I remove the previous version client, ...
    (microsoft.public.sms.admin)