8.8 is the latest version with Antispyware integrated and caching of scanned files. Read more here:
It also depends on whether you deploy first versions or like to wait until the first patch of a product is released before you install.
from what I understand, 8.8 is an incremental upgrade from 8.7. The biggest (supposed) differences is that after the initial scan, VSE 8.8 is supposed to me faster. Anti-spyware is also included (as opposed to being a seperate install).
However, there are increasing indications that 8.8 fixes other stuff under the hood that isn't really advertised.
For example, there were 2 hotfixes rather serious security holes that are just now being fixed in 8.7, but those holes are NOT in 8.8...which was released 4 months ago...
These are issues that were documented in KB71708 and KB71709 (articles since removed/hidden). In those articles, it mentions how malware can edit the ntfs permissions to disabled Virusscan.
There is also this one.
(which isn't even patched yet)
All 3 of those bugs don't exist in 8.8, so there were some changes under the hood that weren't announced...
We were on the fence if we should go from 8.7 patch 4 to 8.7 patch 5 AND those hotfixes , and hit 8.8 patch 1 a few months later, or go right to 8.8. We did pilot tests of 8.8 on workstations, an Exchange server, a DC, and a few app servers, and apart form a few small issues, it's better pretty good, so as much as I may cringe by saying we are deploying "version 1" of a product, it's both shown itself to be pretty good, and is definitly the better choice, from a security perspective
I have tried manually to upgrade from 8.7i client to 8.8 and it worked, but if i do product deployment task over epo and push it to client it does not upgrades virusscan from 8.7i to 8.8...
Should I do 2 task, one with remove 8.7i and second to install 8.8?