Posts: 12
Joined: 18.Mar.2005
From: London
Status: offline
Has anyone got any experiences good or bad with AV software for ISA 2004?
We've been using McAfee SecurityShield now for 9 months and it's been nothing but problems, I've logged numerous calls with them and currently running Patch 2 and my ISA Firewall service keeps stopping under load.
I've tested BitDefender for ISA and Panda ISAsecure and they both work with no problems or service crashes.
I was wondering if anyone has any first hand experience with either of them to share, to save us paying for a year of problems like we did with SecurityShield
Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
Trend webprotect is pretty good from what i've seen but they haven't update to a more current version. I heard that they will be bringing out a new release soon. Overall trend looks good to me.
Posts: 12
Joined: 18.Mar.2005
From: London
Status: offline
Thanks, does that work on ISA 2004 ?
On their Web site it says the requirements are ISA 2000:-
Required Hardware & Software:
450MHz Intel PentiumÖ III or compatible CPU MicrosoftÖ Windows 2000 Server or Windows 2000 Advanced Server with SP 1 or later MicrosoftÖ Windows 2003 Server Microsoft ISA Server 2000 Microsoft Internet Information Server 256MB RAM 20MB available disk space
I can tell you guys this. I support 6 ISA 2004 standard proxies for a population of 7000. The servers are dual 3.06HT XEONS with 2.5GBRAM and they have a set of F5 Load Balancers in front of them. First we tried GFI which failed miserably for many reasons. The most important reason besides the crashing was the inability to create white lists for certain sites and/or users. Next I tried bitdefender which alows whitelisting but also crashes the Firewall service after a few hours. The firewall service complains that The Firewall service stopped because an application filter module C:\WINNT\system32\ntdll.dll generated an exception code C0000005 in address 7C8224B2 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service. Anyone have any ideas how to fix this. Within 3 hours my event logs were full of messages stating that: BitDefender Warning Message:
The description for Event ID ( 1 ) in Source ( BitDefender for ISA ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: BitDefender Warning Message:
Hmmmm after checking out the GFI site it looks like they have finally added some much needed functionality to the newest version of their product. I would still be leary though. It consistently crashed our ISA servers many times. We do run Surf Control and it seems like that is the only stable add in. With just SC installed our servers have 100% uptime. Add annother filter and its 50% at best......totally unacceptable!
Posts: 12
Joined: 18.Mar.2005
From: London
Status: offline
It's all a bit depressing isn't it?
Symantec, Trend and Kaspersky can't get AV scanning to work at all on ISA2004 and everyone who does try it seems to crash the firewall service on some servers.
McAfee was crashing our firewall service but BitDefender isn't at the moment, but looks like BitDefender causes crashes for other people.
Have MS just totally screwed up the AV scanning system in ISA 2004? Everyone seemed to be able to AV scan properly in ISA 2000.
I have a suspicion that it's the FTP scanning filters that causes the problems, rather than the HTTP filter. GFI are the only people who don't even try to scan FTP and they don't crash and BitDefender seems fine for us as long as we only install the HTTP filter. It's not as bad as it sounds though because FTP downloads using MSIE are scanned by the HTTP filter by the look of it, it's only FTP clients that use the FTP filter.
Peter, that's a good thought to try just the http service. I wouldn't have thought that FTP would screw everything up, but its worth a go. I am reinstalling it on one of our prod servers right now to see how it goes with just http scanning. I will post back with any results.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Recommendations for AV software? 
Recommendations for AV software? - 
![[Cool]](/image/smiles/cool.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread