Recommend anti-virus and anti-malware that works with systems manager

Phil1
Here to help

Recommend anti-virus and anti-malware that works with systems manager

Hi All,

 

I know this is not directly related to Merkai however I'm hoping some users can provide some recommendations to the following.

We are about to deploy Systems Manager to all our devices and was seeing what people use for anti- virus and anti- malware for their devices on Systems manager (Windows & MacOS). I would love to be able to use Systems manager to push these apps out to the devices and register the license etc. via either some sort of package or script. I currently don't have a anti-virus/malware vendor so willing to pick one that works better with Systems manager.

 

Has any done this on or something similar? I would love to know what every else is doing and how they are doing it.

 

Thanks,

Phil

14 Replies 14
salimhurjuk
Conversationalist

Hi Phil,

 

There is nothing as such mentioned in docs of Meraki-SM, I think so you can use any AV and AM Solutions.

 

If you are looking for something in Advance AntiMalware, check with Meraki Security Appliances Advanced Malware Prevention (AMP).

Salim Hurjuk
PhilipDAth
Kind of a big deal
Kind of a big deal

I quite like Trend Worry-Free Remote Services (the "services" bit mean it is the cloud based version).  I prefer all my technology like this to be cloud managed.  The same platform does both Windows and Mac.

https://www.trendmicro.com/en_us/small-business/worry-free-services.html

 

I have never tried deploying it via Systems Manager.  However they have an MSI you can download, and you can run it with a very long GUID parameter to link it to your Trend cloud instance.

https://success.trendmicro.com/solution/1055230-using-the-example-deployment-script-to-deploy-the-wo...

Stoffe
Here to help

Hi! 

 

I'm with @PhilipDAth on this, Trend Worry-Free is really good and i've had only good experiences with it and MDM.

rguthrie
Getting noticed

I'm on my 3rd day of the Trend Micro Worry Free trial.  So far so good with our test system; however, we had to manually install it. I was not able to push it out via the Meraki Applications push.  
Furthermore, the link provided in the email to install it would not work in MacOS Chrome. We had to do it from Safari (weird I thought).

@Stoffe did you run into anything similar? How did you push this to your users? 

 

Stoffe
Here to help

Hi! 

Glad you like it! 

 

Hm, thats weird. I have not run into any issues. 

Our end users only have windows machines so i cannot say anything about MacOS unfortunatly. Have you made sure that the SM client is installed on the system you're pushing it to? 

 

Ill have a look in our workshops, there might be a Macbook somewhere. What OS version do you run?

 

Regards,

 

Chris

rguthrie
Getting noticed

Aaah! gotcha. We have very few win machines. The macOS versions vary.... our devs work on 10.12.1 - 10.13.4  (I know, this makes it a little harder to narrow down). I thought at first it was related to the test machine having 10.13.4 with the new KEXT enforcement, but we've eliminated that as the culprit. 

 

I'm about to wipe a system and use it as a test bed.  I'll gladly update the thread down the road with a summary of findings, etc. 

 

 

Stoffe
Here to help

Ok. 

 

Yes, please do keep us updated. I'll try to find and deploy a MacOS machine to test on here.

 

//Chris

rguthrie
Getting noticed

Hello All,

Well~ our Trial has come and gone.  Although I liked the dashboard interface and their support was responsive when we needed them, Trend Micro's Worry Free Business Security Services is not the ideal solution for a mac shop. We were unable to remote install TMWF without end-user interaction, and the uninstall from dashboard does not work. Systems with macOS require a manual uninstall (found in the tools section).  Most concerning was the fact that we were unable to create directory exclusions with wildcards. Most of our users use some kind of mounted cloud directory file share, the scan would attempt to include the entire directory...  and due to the lack of wildcard usage, we were unable to use the targeted scan options to only include certain directories (which would require a wildcard in lieu of each username). Most of their documentation and advanced scripting/support is geared for Windows environments. Overall, it was very limited functionality. 
We know this is not TrendMicro's only offering, so we will be reaching out to sales and consulting on whether they offer something different for our needs. 
We are also trying out Sophos (which so far seems more robust for macs although it has the same limitation for user interaction for install).  I'll gladly return and post what I find.

Phil1
Here to help

Hi All,

I am currently testing the Crowd Strike suite and here is what I have so far.
Good
- Amazing level of detail in the GUI
- Deploys easy to Windows via Systems manager
- Helpful support
- Reasonably priced based on what they offer
-Spunk intergration
-Very low resource usage on the agent and once installed very hard for end users to stop or remove
Bad
- Will not auto deploy to mac's running High Sierra (case raised to Meraki as Systems manager can push out a profile to allow this https://support.apple.com/en-us/HT208019, other MDM's have done this and got it to work)
- Does not support iOS or Android (in pipeline for Android however)

I also tested Sophos and while it was good if Meraki can allow Crowd Strike to be fully installed with no user interaction on High Sierra it seems the best solution so far.

Updates to come.
rguthrie
Getting noticed

Hey Phil!  We've crossed each other in the IT nether!!!
I was just on a demo with a couple of the CrowdStrike folks just yesterday afternoon  🙂  Their product is nothing short of amazing. But truthfully, although it was SUUUPER cool and the insight it offered was mind-blowing, it was also overkill for what we need... I think we're still going to trial it in the interest of being thorough (And because I'm dying to play with their features). 
Please do follow up and let me know what you decide at the end.  We're still on the Sophos trial ourselves. And considering ESET next.  Feels like I've been researching and testing this stuff for ages  😐

Phil1
Here to help

Update: Meraki Systems Manager is unable to deploy the software with out user interaction. Although Apple have provided a way to allow this with MDM Meraki does not have this feature enabled and recommend I place a Make a wish in the dashboard.

Honestly I think this is ridiculous as Crowd Strike installs fine on Mac OS Sierra, its only High Sierra that has the problem. More and more people are going to have this issue when trying to install certain apps on their Mac unless Meraki provide this feature. I have raised a wish please give it Kudos to get the ball rolling on this one.

 

https://community.meraki.com/t5/Endpoint-Management-Systems/Wish-Allow-kernel-extensions-in-macOS-Hi...

 

Thanks

rguthrie
Getting noticed

Hi Phil~ I definitely feel your pain on this one!  The KEXT issues that have come with the added security of 10.13.4 do have a viable workaround (albeit a manual one): create .mobileconfig payloads that are delivered as profiles to the macbooks.  You could have individual ones or keep a master list.

 

 

Short Version:

1. Create a apple profile / .mobileconfig file that allows the application

2. In Meraki Go to  System Manager > MDM Settings > Add Profile  > Upload custom Apple profile

 

For details on step 1 and some excellent info from user sshort, go to this thread:

https://community.meraki.com/t5/Endpoint-Management-Systems/whitelisting-kernel-extensions-via-team-...


 edit:  I see that you ran into that thread. I do agree that this shouldn't have to be a "thing".  It's taking a bit of time for developers to catch up to these added securities at the kernel level.  I will kudos your post for sure.

 

rguthrie
Getting noticed

Howdy! 

I've actually been looking for an antivirus solution as well (but in our case, it's nearly 100% mac users). I tried AVG's and found that it "does not play well" with Meraki.  Despite hours of troubleshooting, we (both AVG support and Meraki internal support) were unable to get AVG's antivirus service to work allow Meraki traffic on macbooks properly.  
The short version: A macbook that already has the SM installed receives the pushed app AVG from Meraki. It will check-in and work as expected until a reboot.  Once it reboots, the AVG service super imposes itself and does not allow the Meraki MDM traffic through (and there was no way to whitelist on the macOS version of the AVG app). 

 

So, I do not recommend AVG.  Someone mentioned Sophos to me, but while looking at their website, it looks like they are a whole MDM solution itself (which includes endpoint protection).  I'll report back if I find anything useful during the trial to address just the endpoint protection part.

 

Phil1
Here to help

Thanks for the response, I had a feeling something like this may be an issue. I'm speaking to my Meraki Supplier now who also offer endpoint security solutions, hopefully they can recommend something. Any further updates on this will be great and i'll do the same if I make any progress
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels