07-20-2021 04:21 AM - edited 07-20-2021 05:02 AM
Hi,
Can we install AMP side by side with other AV product ? some users may still use their existing AV license while testing AMP
Regards
Budi
07-20-2021 06:02 AM
Hello @bezeddin,
sure, this is possible, but not necessary as Secure Endpoint is much more then just AV. I would recommend to test with Secure Endpoint only, just to avoid technical issues or bad performance results.
If installed beside other Security (AV) Products, you may do the following
Keep in mind, if Secure Endpoint is not fully enabled, this may has an impact on Cloud IOCs, as the backend intelligence also process, e.g., if a file has been quarantined or not.
Finally, once again, i would recommend to install Secure Endpoint as the only Security Tool.
Greetings,
Thorsten
08-17-2021 06:56 AM
That's good to know. We are looking at other AV solutions and it is good to know that we can evaluate without removing our existing AV.
07-20-2021 06:09 AM
07-20-2021 11:58 PM
Hello @Ken Stieers,
agree, just being curious. From your point of experience, in the cases you know, is USB control included in the AV product or a separated software component on the endpoint?
Greetings,
Thorsten
07-22-2021 06:43 AM
07-21-2021 09:33 AM
super helpful information, appreciate the explanation
07-21-2021 12:32 PM
Well you can. Most likely issues would be increased overhead on the endpoints - so I'd test it a bit first to make sure you aren't overtaxing the poor thing.
07-25-2021 09:48 PM
Won't it reduce our PC performance if AMP runs parallel to the existing AV?
07-26-2021 01:26 AM
Hello @Noviyanto,
yes, duplicate scanning of file can be a performance issue. Especially if different security products want to scan a file at the same time. This also may generate unexpected behavior from a security product.
Example: Secure Endpoint wants to quarantine a file, but the file has been already removed by another AV scanner. It depends which filter driver first sees the file and does a file action.
Greetings,
Thorsten
08-03-2021 04:52 AM - edited 08-03-2021 04:53 AM
I appreciate seeing the feedback about running in place with existing AV. We are having this exact discussion as we evaluate a replacement for our existing AV, so seeing what others have done keeps us informed as we look for our next steps. Thanks!
:woman_dancing:
(Apologies, I can't get the emoji to work properly)
08-06-2021 02:38 AM
we have AMP for endpoints running on over 100.000 machines together with one of the popular AV packages for several years now ... no major problems so far
08-10-2021 07:50 AM
We also have amp running on about 180k workstations while also running Trend Micro. things we did to get them to play nice. Exclusions are key. in both products. another is to to turn off a feature in one if the other product is better at it. as an example. when we roll out amp we use the /skiptetra 1. this does not install the clamAV part. but the main engine is still intact reason for this is that we were already using TM for file scanning for years prior to installing AMP. we mainly use AMP in audit mode for file trajectory and investigations. but we also create Tickets when a certain event types happen. i.e. "Malware Executed" or when certain Cloud IOC's trigger. we do have process protection turned on. Since TM does not have that feature. So far this overlapping protection has been working out. there are things seen by AMP that TM does not and Visa Versa
08-10-2021 08:07 AM
That's excellent advice from Jim2k. The only thing I'd add is that, if you ever think you might enable the classic AV scanning on our side, use policy to disable the Offline Engine (referred to as Tetra for Windows connectors), instead of using the /skiptetra option at install time. Having the offline engine present as part of the install, but disabled, doesn't really cost you all that much, and it gives you the ability to enable/disable it without having to reinstall the connector.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: