Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 9 subscribers
  • Views 1670 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Installing and running SEC and SUM on a server with a 3rd Party AV solution installed

MarWil

Is it wise to have SEC and SUM installs on servers that run a 3rd party AV solution?

I'm concerned that there is a potential for one solution to try and devour the other.

Any one else done this or is it not a recommended strategy?



This thread was automatically locked due to age.
Parents
  • 0

    Hello MarWil,

    Do I understand correctly that you have a product for use on your servers?

     3rd party AV solution
    is a rather general term. Most products are nowadays more than AV, next gen, complete, whatever. Nevertheless, SEC and SUM are just a management software and a downloader who don't care about the machine and won't devour anything on it. At most the 3rd party AV sees a problem with this but IMO it's clear who's to blame.

    I had a test server with SEC/SUM and Endpoint on it, someone accidentally bestowed a 3rd party AV upon it. Its competitor remover silently uninstalled Endpoint leaving SEC alone, no issues.

    Christian

Reply
  • 0

    Hello MarWil,

    Do I understand correctly that you have a product for use on your servers?

     3rd party AV solution
    is a rather general term. Most products are nowadays more than AV, next gen, complete, whatever. Nevertheless, SEC and SUM are just a management software and a downloader who don't care about the machine and won't devour anything on it. At most the 3rd party AV sees a problem with this but IMO it's clear who's to blame.

    I had a test server with SEC/SUM and Endpoint on it, someone accidentally bestowed a 3rd party AV upon it. Its competitor remover silently uninstalled Endpoint leaving SEC alone, no issues.

    Christian

Children
  • 0 in reply to QC

    Hi Christian

    Thanks for taking the time to consider and respond.

    My referral to a 3rd Party AV solution was a generic term in that another competitor AV product (non-Sophos AV) is installed on the server.

    The SEC and SUM is also installed on the same server as applications but I was concerned that the active competitor solution my detect / object to downloaded Sophos signatures which in turn would then be missing from client machines following updating from the library?

    a good example of my concern is Eicar........ all good AV solutions detect that....... if a Sophos signature is detected by a 3rd party AV solution then it may get blocked or deleted depending on policy. Therefore, when a client machine comes to download from the SUM it would then have that signature missing but would report as "up to date" due to it having pulled down all available files.  It would however, not detect malicious files related to that missing signature.

    Again, your thoughts would be appreciated.

    Mark

  • 0 in reply to MarWil

    Hello Mark,

    if a [Sophos] signature is detected
    there's a still common misconception about the nature of a signature. that it's e.g. in the case of EICAR one or more (sub-)strings. Patterns are of course still in use and there would be a small chance of "cross-detection". I said would  as both libraries and IDEs are delivered in a container format are in addition encrypted to practically eliminate the risk of such detections.

    have that signature missing but would report as "up to date"
    SUM verifies the integrity of the download (not only individual files but also the whole) and update location and secures it with a catalog. Endpoints in turn verify their download against this catalog. The would immediately detect a missing or corrupt file.

    Christian

  • 0 in reply to QC

    OK, thanks again Christian.

    Allays some of my fears but still nervous about it as a solution.

    Cheers

    Mark

Unfiltered HTML