I currently am using VSE/Agent with ePO server and am upgrading to ENS in the near future, we are just starting to build out a new vdi environment for a new business location that will be going up in a few months
I had requested pricing for Move licensing and was told we should use ENS and not Move to protect our vdi thin client equipment/network, is ENS too much overhead for thin clients or should I proceed with the McAfee Move antivirus solution?
In my opinion, yes, there is one major benefit! It's the amount of informations, help, KB-articles, people with knowledge about the product. We tried MoveAV, ran into several issues... and didn't find ways to fix them. To me, it seems like a niche product with a small number of users - and not enough informations on the web to fix a lot of problems by yourself.
We didn't migrate from ENS to Move and I think it was a good decision. But it depends on your environment. Maybe you never have problems and everything runs just fine.
Did you have a look at the Mcafee private cloud workspace?
It is a new extension in EPO that can connect to your VMware ESXi server. With smart shedular you can then prevent CPU overloading on backend hardware on full scan etc.
MA 5.5.0 and ENS are a prerequisite.
There are a lot of benefits to ENS over MOVE but it really comes down to what you need for your environment.
McAfee now has ENS for Server and VDI which offers the same zero day protection as ENS by providing next generation technology like DAC and Real Protect. ENSS looks at hypervisor (CPU) load to help schedule/defer on demand scanning to make sure that your hypervisors aren't overloaded. It's lightweight, and protective.
That said, if you just need antimalware for compliance reasons and are ok with just DAT based protection - MOVE may be the right choice. Really just depends on what you need.
The main principal behind adopting MOVE is to achieve performance on and increasing VM density per hypervisor.
It is widely adopted. The product guides a very robust.
To date 24.05.2018. Move does not feature:
* ATP with TIE
* Real Protect
Which you have on the physical client or on a ENS 10.5.X full installed in the VDI. The main concern Ransomware is the key point for this question. VDI brings two benefits:
* Quicker possible restore off all machines in a case of infection oif all machines (Destroy)
* Move of Desktop
But brings thousands of negative impacts things regarding security
* You can't run the FULL DLP like we had beofre for device Block
* You if you don't have enough power are limited to some smaller version of protection which does not have the same full logic (DAC/REALROTECT)
* Risk get's higher in terms of Risk managment because some VMWARE guy who does NOT understand PKI (Certificates) can take down your full envoriment within minutes. Not to mention storage people who think they understand what they did but allways have a backup from producers of storage to hand since the producer DOES not want to reseller to do certain things alone.
So at the end you get INFECTED because you wanted to go to a solution where you can recovery faster from a total ransomware outfall.
Some egg and chicken question like some other security companys mentiones in their funny adverts movies but DOES not offer any basic pattern protection for 80% of malware (addiontional to existing DAC and REALPROTECT on ENS) and sends all to the US-cloud, does ONLY run when the user is loggged on.. ;-)