back to article Review: McAfee Endpoint Protection for SMB

Anti-virus – sorry, endpoint security - programs suck. I loathe them and they have been the bane of my professional existence for the better part of 20 years. Despite the crushing, crushing sadness that they cause, the call came down to review Intel Security’s latest endpoint security product, McAfee Endpoint Protection Advanced …

  1. Mage Silver badge
    Devil

    No!

    It will sooner than later bork everything.

    I don't know what the answer is for "ordinary people", but AV is nearly as bad as the illness.

  2. Anonymous Coward
    Anonymous Coward

    Looks pretty but that's as far as it goes!

    Over the years I've been forced to administer McAfee AV among other things.

    I personally think McAfee's detection is crap! I've had so many conversations with senior tech and management within McAfee asking them how come free tools on the internet pick it up but you don't??

    Each time there was a awkward silence and some bum shuffling followed by the same old "we'll look into this", it never happens. Malwarebytes is much better and cheaper!

    My company are now with Sophos, slows the pc's down still but at least it picks stuff up!

  3. TonyJ

    Checks date...

    Nope...doesn't seem to be April 1st!

    1. TonyJ

      Re: Checks date...

      Clearly I should've used a joke icon for some of the folks here...then again the voting system* is borked now and you get people hitting downvote on pretty much everything just for the sake of it.

      *By which I mean some of the people using it, really.

  4. fruitoftheloon
    Devil

    Fellow commentards - help needed pls...

    Folks,

    one has a new Lenovo with Win 8.1 (yes I have 'disinfected it'), which came with a 1 month of McAfee, which doesn't seem to be TOO annoying, and will be expiring shortly.

    Can my fellow commantards make suggestions for paid/free AV stuff that works and won't make me want to tear my remaining hair out?

    Cheers,

    j.

    1. Siv

      Re: Fellow commentards - help needed pls...

      All products seem to have weaknesses, if they are very good at catching everything they seem to slow your PCs to a crawl and if they are fast they seem to miss everything. I am with another commenter here in that my experience is that McAfee/Intel just misses too much stuff.

      I recommend VIPRE by ThreatTrack security. They do both standalone and corporate versions. The corporate AV solution has a server console that communicates with the client PCs and is pretty easy to manage. It seems pretty good at catching most of the viruses that normal (as in non-porn site visiting

      business) users encounter, however it seems to miss a lot of the PUP (Potentially Unwanted Programs) type annoyances like ASK, Conduit, Alot and so on, so I tend to also have a copy of Malwarebytes free loaded as well so that if a user thinks they have been hit by something they can run a quick scan with that and it will shift the PUPs. The free version does not include the real-time scanning engine so it won't conflict with your main AV program.

      Between those two you get pretty good coverage.

      ThreatTrack also do a product called VIPRE for Exchange which sifts out malware and spam and is quite configurable allowing you to create custom rules to block spam with certain words in the body or subject and add people to allowed or blocked senders.

      The good thing about VIPRE is that it's very lightweight and doesn't slow your PC down whilst scanning unless you have a very old single core processor PC and most AVs will clobber them.

      1. fruitoftheloon
        Thumb Up

        @Siv: Re: Fellow commentards - help needed pls...

        Siv,

        many thanks, that wasn't on my radar, 'tis now...

        Cheers,

        Jay

    2. Lusty

      Re: Fellow commentards - help needed pls...

      Just uninstall McAfee and let the Windows one do its thing. AFAIK all modern AV uses the MS API anyway so it's really just interface and definitions you're worried about. Make sure the firewall is on and configured and you'll stop 99.99% of modern malware. Don't click on stupid emails/links/pictures and you'll stop most of the rest. For the one in a million remaining, Microsoft are quire capable by themselves because it's really a crap-shoot as to who gets a definition out first. Anyone who genuinely is first every time with a definition for new exploits I would recommend not funding simply because they probably also wrote or funded the malware!

      1. Boris the Cockroach Silver badge

        Re: Fellow commentards - help needed pls...

        Quote : " Make sure the firewall is on and configured and you'll stop 99.99% of modern malware. Don't click on stupid emails/links/pictures and you'll stop most of the rest."

        Good advice for us techie types who pretend to know what we're doing.

        Sadly , out in the real world of users, you'll always going to be shot by someone who clicks on the cat pictures.jpg.exe file sent to them by Aunty Doris...... then spend the next 3 days trying to repair the damage.

        Boris

        <<<currently wanting to rip out the wi-fi antenna from a new laptop after someone linked it to the network and did just that

      2. fruitoftheloon
        Pint

        @Lusty & Sandtitz: Re: Fellow commentards - help needed pls...

        Lusty et al,

        Thanks it looks like I have me a viable solution.

        All advice much appreciated.

        Cheers,

        J

      3. Robert Helpmann??
        Childcatcher

        Re: Fellow commentards - help needed pls...

        It's not just firewall and AV, though. There is also spyware and PUPs and other nasties to worry about, unless you are lumping everything into one category. McAfee does not and many other AV vendors don't either. This sets up a situation where customers believe they have a reasonable amount of protection but do not. I have a bigger issue with this than AV products.

        McAfee has a broad range of products. They target these to different markets in different combinations. This product is not an enterprise version, but is most likely based on the same tech that their ePO suite of products supports. I am curious as to whether it would do things like prevent an admin from accessing a browser or e-mail client, and if it would prevent users from running software from the temp directory. These actions have signatures in HIPS another of McAfee's products I would bet shares some code with Endpoint Protection for SMB.

    3. Sandtitz Silver badge

      Re: Fellow commentards - help needed pls...

      Just use the built-in Windows Defender. It works and is very unobtrusive.

    4. Anonymous Coward
      Holmes

      Re: Fellow commentards - help needed pls...

      Windows Defender plus a free Malwarebytes scan a few times each week/month. I stick Malwarebytes in the startup so that it pops up and reminds me to run a scan every time I turn a machine on. Haven't hit a problem in almost 3 years of use on various machines, and impact on system resources is nearly zero.

      1. fruitoftheloon
        Pint

        @Andy prough: Re: Fellow commentards - help needed pls...

        Andy,

        Many thanks.

        J

    5. Anonymous Coward
      Anonymous Coward

      Re: Fellow commentards - help needed pls...

      Try this trick:

      http://www.verboon.info/2013/03/how-to-install-system-center-2012-endpoint-protection-on-a-standalone-client/

      I used it recently on a Server 2012 installation, so far so good... touch wood.

    6. Wade Burchette

      Re: Fellow commentards - help needed pls...

      I personally use Eset. What I like about Eset most of all is the small footprint, which is the primary reason I keep using it. It has good detection but it is not perfect. For anything it cannot clean, a removal tool is available of the company's website. Every antivirus product has some weakness. For me Eset has fewer weaknesses than any other product I have used. My experience has shown that Eset can stop Cryptowall but not Poweliks, but Eset makes the best Poweliks removal tool I've seen.

      I have heard good things about Vipre, but I don't have any experience with it to make an informed decision. I am always looking for something better.

  5. druck Silver badge
    Thumb Down

    Positive?

    Not sure why with a list of misfeatures like that, its summarised as a positive review? Utter shite more like. The free version of Avast runs rings around it.

    1. mt_head

      Re: Positive?

      I was a big fan of Avast! Free, and recommended it wholeheartedly, until an update about two weeks ago - when avastsvc.exe suddenly started consuming 85%-100% CPU and couldn't be stopped, even if I temporarily "disabled protection". I put up with it for a day or so, but gave up and went with AVG's free offering (which I had ditched in favor of Avast a couple of years ago when their IDS component became too intrusive, even when disabled.) The day after I made my own switch, I received multiple calls from people to whom I'd recommended Avast, complaining of sudden slowness; I'm pretty sure it wasn't just me.

      No company in this sector seems to be able to long resist feature creep and the temptation to monopolize your PC; it's nice to hear from the author that McAfee has apparently got better than it used to be, but it burned through all of my goodwill years ago.

  6. Anonymous Coward
    Anonymous Coward

    "I have four criteria by which I judge endpoint security products"

    And criterion 6 is "must be able to count!"

    1. Ken Hagan Gold badge

      Re: "I have four criteria by which I judge endpoint security products"

      As well as mentioning the corrections link at the foot of the article, I'd like to say that if this product causes Trevor to lose the ability to count up to five then that's probably the most damning review I've ever read of a software product.

      Count me out!

    2. Anonymous Coward
      Anonymous Coward

      Re: "I have four criteria by which I judge endpoint security products"

      Umm - fixed!

  7. Anonymous Coward
    Anonymous Coward

    ESET

    Another one to add to the pot.

    So far, the Free Eset scanner has found things that Malwarebytes has missed.

    The non-free one has a disgusting UI though...

    1. This post has been deleted by its author

  8. Christopher Lane

    Trend...

    ...doing the job here but interestingly I've been looking around as I'm getting twitchy about its effectiveness. As for McAfee I can honestly say in over twenty years of corporate and "family/friends" environments if I've had a problem with an infection (Oooo Matron!) it's always been McAffe "protecting" the machine.

    1. fruitoftheloon
      Pint

      @Christopher Lane: Re: Trend...

      Christopher,

      Ta.

      J.

  9. Anonymous Coward
    Anonymous Coward

    The ways of AV packages are indeed mysterious.

    Last week I wrote a small VB.Net program as a watchdog. All it does is listen on UDP port 32000 on IP 127.0.0.1 - and plays a DirectSound wav file if doesn't see a message in a defined time.

    Norton*** Sonar keeps deleting the .exe after every few uses claiming its heuristic doesn't like it. Even after having found the Sonar exceptions setting to protect it - Sonar still deletes it on an apparently random basis.

    ***Yes - I know many commentards don't like Norton - but please humour my staying with a product that has previously been fine for over a decade. I've tried others and always ended up back with Norton Internet Security.

    1. Anonymous Coward
      Holmes

      @AC - "Yes - I know many commentards don't like Norton - but please humour my staying with a product that has previously been fine for over a decade. I've tried others and always ended up back with Norton Internet Security."

      I just threw up in my mouth a little bit...

      Maybe the AC found his machines run too fast, and felt the need to throttle them?

      1. Anonymous Coward
        Anonymous Coward

        "Maybe the AC found his machines run too fast [...]"

        The current version of Norton Internet Security has no visibly undue consumption on my PC or laptops.

        Tried Kaspersky for a while - and that really did slug the machines.

        YMMV

  10. Anonymous Coward
    Anonymous Coward

    Can't McAfee (and Symantec) just go backrupt and be turfed in the bitbucket already!

    It's an f'ing sluggish pain on my work machine because it keeps pointlessly scanning my big development projects etc. which causes loads of time wasting, and the sad-mins don't allow any exclusion control!!!

    Anti-virus is mostly pointless dinosaur tech. now; it's often too late /if/ anti-virus identifies malware, given I only see stupid false positives now, and we still need specialist tools like Unchecky and AdwCleaner, to block and delete injected malware, including adware.

    Proper intrusion security should use system gateways; this idea that all of a user's applications are run with full user security access is nuts, thus the need for kludged on flawed late security like anti-virus. All applications should be put in secure containers and only be granted a /limited/ customisable virtual OS view by default, like a kind of sub-user, and the OS should support and enforce this natively, like *Solaris Zones and maybe containers/Docker in Linux. OS VMs should be reserved only for stuff which /really/ requires an isolated OS instance.

    Android is closer to proper isolation security and friendly notification, via application (flawed) "user" permissions and message passing, but the b'stards at Google still don't allow you to allow only some of the requested permissions, and the message passing security is lacking.

  11. Mark 85

    McAfee? Good? Heresy!!!!!!!!!!!

    I came into the comments expecting to find Trevor at least pilloried and possibly burned at the stake. The makes me wonder if it doesn't deserve a second look after ignoring McAfee (both the namesake and the AV) for all these years.

    1. Anonymous Coward
      Holmes

      Re: McAfee? Good? Heresy!!!!!!!!!!!

      Trevor could write that McAfee doubles the speed of your computer and automatically deposits $100 in your bank account every Friday, and I still wouldn't give it a second look.

      Burn me once - shame on you

      Burn me 10 times and keep sneaking your crap into downloads to keep trying to burn me more? Where's my shotgun...

  12. Sarah Balfour
    Mushroom

    Permission to ask a COMPLETELY off-topic question…?

    Buggrit, I'm gonna anyway. :oP

    Is there any reason - sane or otherwise - why gadgetry cables are round, as opposed to flat…? The cable that accompanied my Belkin Ultra Fast has ruptured at the dock end - and it must be at LEAST the 100th-odd cable I've had break like that in my years of iThing ownership (my first Touch was a 4G, so not all that long in the scale of things) - and I'm far from the only one, Amazon, the fruity firm's fora, MacFixit, Mac Rumours, and just about every other Apple-specific, and non-Apple-specific, gadgetry site and forum that I've come across are littered with scores of people moaning about cables lasting a fortnight - or less, I think the the record is around 6 weeks.

    I'm guessing it must have something to do with flat cables costing more to manufacture, therefore reducing profit margins but, then again, telephony cables are, as a general rule, flat, and you get several bundled with a new router - are they cheaper to produce…?

    It just seems to me that round is the stupidest design on Earth, and that the cable with break in pretty short order no matter HOW careful you are with it, due to the small surface area concentrating the applied stress on a single point.

    Would it be too cynical of me to think they deliberately make 'em shite to shift more…? I can believe that of an OEM - particularly one like Apple - but it's not just Apple cables I've had break. Is it only cables for iThings that are this shit - how about Android…? Can't afford to keep wasting bread I ain't really got on cables!

    1. Mark 85

      Re: Permission to ask a COMPLETELY off-topic question…?

      Simples.. your third paragraph about costs explains it all. Telephony cables use one of (I'm thinking this right...) 3 sizes only of connector and all the commercial connectors are for that particular cable which is a standard. Even the connections are standard. The round stuff.. not so much standard anymore as connectors (especially in AppleLand) are proprietary. Plus many of the round ones have shielding.... it's tough to shield a flat cable economically.

      1. Anonymous Coward
        Anonymous Coward

        @Sarah Re: Permission to ask a COMPLETELY off-topic question…?

        Micro USB cables I have ever had personally go 'a bit weird' tend to be ones that the cat chewed.

        However, I have noticed a disparity in quality of cables which I think is down to the wire used.

        IIRC, more thinner strands of cable are better than less thicker strands for longevity. However, thinner strands are more costly to produce. Since cables are inherently seen as consumable and a necessary in most packaged devices, you tend to get cheaper ones.

        Interestingly, the cable that came with a Palm Pixi a good few years ago is one of my favourite go-to cables when travelling because it is pretty robust. Despite the tooth marks.

        edit: Re-read your post. When you say 'ruptured', do you mean the insulation only around the bottom or actually the wire cable starting to show?

    2. Tom 13

      Re: Permission to ask a COMPLETELY off-topic question…?

      Your problem isn't the cable shape, it's the failure of the manufacturer to use appropriate strain relief at the point of attachment. Wherever the join point is, you get the most stress. If it doesn't have appropriate strain relief, it will break.

      Thinner cables are not better, only cheaper in as much as they use less material especially if the core is copper or similar. The thicker the gauge the better the transmission and the better the heat dissipation. Also, it helps with stress.

      I once worked for an outfit that specified an odd flat cable. The cable has 3 strands of of 12 or 14 gauge wire for power, and 6 strands of 22 or 24 gauge for communications. As a flat cable, it was impossible to pull through the house for wiring. So the manufacturers bundled it into a round cable. Also, the comms weren't twisted, so they tended to work as antennas that were especially good at picking up cross talk from the power strands. So they got a shield folded around them. This was about 20 years back and the cable sold for about $1.20/ft when normal power sold for about $0.03/ft. Anyway, we started having problems with some of the installs. The number 5, and especially the number 6 comm cables were failing to communicate. The problem was traced to breaks in the cable. The breaks in the cable were traced to stressing the bundled cable as it was pulled through the house. Somewhere around the 22nd time you bent the cable in the opposite direction of the previous bend, the outermost comms wires broke. The recommended work around was to use shorter cable runs and install more splices (special adapter box, which made three of the vendors happy because they'd sell more kit).

  13. Anonymous Coward
    Anonymous Coward

    El Reg - Aren't you supposed to put the word 'Advertorial' somewhere in articles like this?

    Let's face it - all these sorts of products are The Daily Mail of software packages. None will help you, and to be honest, your PC will run worse with this crap installed than with any amount of viruses.

  14. MotionCompensation

    ePolicy orche-what?

    I'm not sure I can get myself to trust a product that has the words "ePolicy Orchestrator Cloud" on its setup screen. Too much marketing and too little meaning.

  15. Ol' Grumpy

    "Endpoint Security still has an irrational hatred of Java applications,"

    It isn't alone. So do I.

  16. Dan Wilkie

    Try this simple test.

    Use msfpayload to make an exe containing windows/meterpreter/reverse_tcp.

    Does McAfee detect it? Yes. Good.

    Now try the same thing with windows/x64/meterpreter/reverse_tcp.

    Uh oh.

    Now you have your reverse shell, migrate to a McAfee process, does it stop it? Yes, good!

    Now migrate to any other process. Uh oh again.

    Even MSE can catch Meterpreter if you don't try and hide it for crying out loud!

  17. Tom 13

    We use a much older version of the suite in my office

    I've used some competing products in the past. I've come to the conclusion that McAfee EE gets the Winston Churchill Statement of Endorsement:

    McAfee EndPoint Encryption is the worst data product on the market, except for all the others.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like