Antivirus Evaluation – Trend Micro OfficeScan

Posted in Network Modeling, Physical Security Infrastructure on September 15th, 2010 by Rodney

Treend Micro OfficeScan. From the eval download. Looks reasonable for a small system-count closed environment i.e. a physical security infrastructure.

Doesn’t like to be run on an underpowered Windows XP system as the server. Can’t fault it for that, except it neither stopped me or winged at me when I tried.

Worse, it fails to detect certain kinds of malware we have samples of. Specifically, it can’t see “Trojan.Downloader.Bredolab.AZ”, which is what BitDefender’s onlnie web scan calls it. This is in a tgz of a mailbox that happens to be on the disk. Kaspersky also saw it. Two a/v packages saw it counts as a “fail” for trend micro, in my view.

So we’ll pass on this one for a recommendation, for now.

This was a live drive-by product review, of course. If/when we do a more organized search this solution may be a fit.jan

Full Working Model

Posted in Network Modeling on July 13th, 2010 by Rodney

When staging network equipment we prefer to use a pre-planned test environment. Just hanging your new laptop on the public internet so the malware inside your Costco laptop can phone home is… well, a debatable tactic. We model networks so you can try out gear before you really make yourself a user (or victim.)