Immunet 3.0 In Web Hosting Environment

[joe5570]

I was hoping to get some community feedback regarding the use of Immunet 3.0 in a web hosting environment. We are currently using McAfee, which I understand can be used side-by-side, but we would rather replace it outright. Does anyone have any reason to think that it would not be ideal in this type of environment?

 

First, is anyone currently doing this on multiple web servers (Windows), MS SQL / MySQL servers and mail servers (we already use ClamAV on the mail servers)? Does anyone have silent deployment script options, scheduled task creation, and startup/shutdown scripts ect to help automate things?

 

We really love that Immunet 3.0 has on-access scanning but I am curious to know how it will interpret our user's code and if it will affect performance. Currently our McAfee solution does scan web page files with little or no noticeable performance issues. Would this be the same with Immunet? Is it worth scanning user's files (on-access) in addition to a daily scan? Will we get a bunch of false-positives with customer scripts that look hackerish?

 

Our McAfee product has an Access Protection option. We typically have to use the "minimal" settings as to not affect customer software installations (dedicated servers) so the feature is often moot for us. However, we use it extensively to create custom rules to block access to specific hacker files and executables we have seen. Is there a *simple* way, Immunet or ClamAV, to block access or flag certain files from being accessed / running?

 

Licensing for Plus seems to be a necessary option for me for the extra scanning and detection. This seems like a good deal because it's about half of cost (yearly) of re-licesing McAffee. Does anyone have an opinions about this? I was slightly put off that there doesn't appear to be any sales support for the licensed version. It's not a big deal necessarily since I don't really talk to McAfee either but from a sales perspective it's nice.

 

Lastly, if Immunet shouldn't be used in this envirnment, any recommended alternatives?

 

Thanks in advance for your help!

[ritchie58]

Hi joe, I can answer a few of your questions I think. Immunet can be used legally and free in a server, networked based business enviorment as many customers do just that. However a bug with the current 3.0.8.9025 version of Immunet has come to light. Platforms affected by this bug are Windows XP Professional being used for networking and Server 2003. Other users have used a group policy roll-out with Immunet and there is a Scheduled Scan option in Settings. Here is an older topic you might find informative about a group policy roll-out. http://forum.immunet...te-enviornment/ Auto shutdown or startup scripts I'm not sure about. Perhaps a support person can elaborate on that. Immunet's log files can not be accessed remotely. That would have to be done by launching the GUI. With Immunet it is possible to create your own custom detection signatures too as you mentioned. The Plus version would give you additional complex malware detection (TETRA) such as rootkits and an email scanning option. Something worth considering.

 

Another option to consider. Sourcefire does have a comprensive security solution designed from the ground up with enterprise business enviorments in mind. No one has a product like it! It's called FireAMP. Info on this inovative security software can be found at this link. http://www.sourcefir...tection/fireamp

 

Best wishes, Ritchie...

[joe5570]

We predominantly use Windowes Server 2008 R2 & IIS 7.5. Any known issues there in general? Is Windows Server 2003 completely out or is there just some spotty iussues?

 

Thank you for the tips!

[ritchie58]

You're in luck there. There has been no reports of conflicts with Server 2008. Here's what Anthony said about the 3.0.8 bug regarding Server 2003: The root cause for this behaviour is a bug that affects Immunet release 3.0.8.9025 on Windows XP and Server 2003 only. The bug interferes with Netbios name resolution. We have found the root cause of the bug and are in the process of testing the fix, the fix will be in the next release of Immunet Protect. - This Netbios bug interferes with remote access to files located on the server.