Preparing for Migration to AV Defender
Before you begin to migrate to AV Defender, you should prepare by reviewing the environment where the installation will occur so you can understand and mitigate any issues before they arise.
To effectively prepare for this migration, review the following:
- Catalog environment details
- Understand potential points of conflict
- Understand protection needs and service level agreements (SLAs)
To understand potential points of failure, first catalog the environment where you will deploy AV Defender. The following questions will help you to understand the environment:
- What is the current installed antivirus solution?
- How many workstations will you need to deploy AV Defender to?
- How many remote users access the network? You will require their assistance if any issues arise.
- What is the physical map of the network environment? To reduce bandwidth usage, SolarWinds MSP recommends that you use a Probe and an update server deployed in every physical location. For example, if you have five sites, then you would install one update server and one Probe at a minimum at each site. This ensures that all of the computers that you are managing do not download updates from the external cloud.
- How many servers exist in the network environment?
- What is the function of the servers? Knowing what each server's role is can help you determine the deployment order. For example, begin by deploying to servers that are not as resource-intensive or critical, such as domain controllers or file servers, and leave the business-critical servers, such as Exchange and SQL servers, until the end. This way, you can resolve potential issues on less key infrastructure.
- What applications are currently installed within the environment? Review the SolarWinds MSP Known Conflicts list and consider which are business-critical. Check with the vendor's web site to see what antivirus/anti-malware exclusions are recommended and which may conflict with AV Defender.
- Do all of the computers to which AV Defender will be deployed meet the minimum recommended system requirements? For more information, see Supported Operating Systems for AV Defender.
After you have cataloged the environment where you are deploying AV Defender, you can identify potential conflicts more effectively. The table below includes some potential conflicts.
The most common cause of performance issues is competing security applications or the remnants of security applications that continue to affect your network. If you have any applications that resemble the following descriptions, SolarWinds MSP recommends that you either remove the application or research and test the AV Defender deployment in a non-production environment to ensure that no points of conflict exist.
If any of the listed applications are install in your environment, you will need to configure appropriate exclusions when you deploy AV Defender.
Competing Antivirus Applications
An antivirus application that performs antivirus functions on the device similar to those carried out by AV Defender. For a product to fall into this category, it must run actively on the device. Examples include Symantec AV and Kaspersky.
Competing Anti-malware Applications
Anti-malware applications perform real-time or scheduled anti-malware scans. Although AV Defender is primarily an antivirus application, antivirus and anti-malware functions have become synonymous over time. These applications represent a conflict with AV Defender and examples include Spybot or Malwarebytes.
Competing Firewall Applications
These applications perform firewall and traffic inspection functions on the computer as either a standalone application or bundled with VPN or other applications. These applications represent a conflict when you are using the AV Defender Firewall module. If you do not use the firewall module, this may not be considered a conflict however you should create exclusions for the application in question. Examples of firewall applications include ZoneAlarm, Windows Firewall, and Fortinet Security Software.
Applications that utilize a database or that administer a database represent a potential conflict with AV Defender. It is important that you add exclusions to the database files themselves as removal can correct the package. You should also create process exclusions for the database application if it is resource-intensive. Examples include SQL and Quickbooks.
Network Intensive Applications
As with most security applications, AV Defender scans incoming and outgoing network traffic from both a behavioral as well as a signature standpoint. SolarWinds MSP strongly recommends that you create exclusions for these types of applications proactively it could affect performance. Examples of this kind of application include Vulnerability Scanners and Timeline.
Security is an essential service that you offer to your customers. There are two aspects to the service that you need to consider when you are pricing and planning your offering:
- the cost of software and hardware, and
- the cost of labor.
With Security Manager - AV Defender, SolarWinds MSP makes the cost of software both easy and predictable. You simply pay for the number of nodes you have provisioned regardless of the features that are enabled.
The cost of labor can be somewhat harder to predict and must be based on your previous experience in maintaining and administering antivirus solutions.
Labor costs will change based on the features that you have deployed. With each feature that you deploy, you will provide the customer with increased benefits in exchange for adding potential points of failure to the overall solution. For maximum profitability you should ensure that you are providing the service that your customers are paying for and nothing more.
To effectively understand this issue, you will need to determine the answers to the following questions:
- What are my customer's needs related to antivirus protection?
- What are their tolerances for various security issues - false negatives, false positives and performance issues?
- Based on their tolerance levels, you can choose either aggressive or permissive scanning settings.
- If the customer tolerance for performance issues is extremely low, it is recommended that you first deploy a very lightweight profile and then step it up as required.
- Do they have a requirement for HIPS? If HIPS is required, the firewall module must be used.
- Do they have a hardware firewall?
- Do they have a low tolerance for false negatives?
- Do they have a high tolerance for false positives?
- If the answer is yes to both of these questions, then they are a good candidate for behavioral scanning.
Based on the answers to the questions above, you should have a good idea of what your customer's security needs will be. To ensure profitability, only features that are required by the customer and are built into the SLA should be enabled on the target device.