Hi everyone, I’m currently looking for the right antivirus software for a small business with about 20 employees. A key thing we need is solid admin control to make sure antivirus protection is active on all our systems. We really want a solution that notifies us if the software gets turned off or uninstalled, and it would be great if it could automatically fix those problems too. If you guys have any suggestions lmk!
“a solution that notifies us if the software gets turned off or uninstalled” - no, you want a solution that does not allow the software to be turned off or uninstalled. Tempet protection.
Microsoft Defender for Endpoint is your best bet, available with the Microsoft 365 Business Premium suite, which would suit you down to the ground.
Any AV product worth considering includes measures such as tamper protection to prevent unauthorised changes to settings and unauthorised uninstallation.
For a small business that is already using Windows, Defender is the answer.
Many EDR vendors require a minimum purchase too (Cortex is 200, for example) and defender will do a good enough job at the price point for your size of infrastructure.
Microsoft Defender is solid.
Imo, just defender is fine.
Depends on if you have the resources for managing it yourself. If you don’t I wouldn’t recommend Defender. I would look at Sentinel 1 or CyberReason. CrowdStrike just shit the bed, but they are not bad typically. I just like the other guys more. All of them have a managed option.
This is what I would recommend:
MS Business premium & Entra P1: Suite for AV, EP management, Email filtering, etc… - Very solid defense for the price
Huntress MDR : Run this on endpoints along side MS defender for EP, good not to have all eggs in one basket & is also nice to have a pair of eyes watching while you are not. This actually integrates with the built-in windows for defender to help remediate threats.
AutoElevate PAM: Assists in taking away local admin rights, removing end user ability to tamper with things they shouldn’t be.
Bonus: Action1 and or PDQ to help with centralized management. Both of these have been a huge help with patching and fixing one-offs with some users.
Don’t go straight for Antivirus. Look at an EDR/XDR solution. It covers a whole lot more which you want even if you don’t know it yet. Managed services are great especially if it’s a small team and you don’t have 24/7 security operations.
Describe the rest of your environment.
If you are an M365 shop, it would be worth staying with Microsoft and leverage the whole suite of tools, not just Defender, intune and so forth.
Have a look at Heimdal - https://heimdalsecurity.com/
They have an a la carte selection of modules that can be switched on and off for clients depending on their needs.
For 24/7 monitoring, they have the MXDR module.
The platform is actively developed and they’re very responsive to the MSP community.
u/Andrei_Hinodache is active on Reddit (& TechTribe) and I’m sure would be happy to arrange a demo.
I’ve been using Judy full stack with my smaller clients. SentinelOne next tier up. Crowdstrike next tier up.
Contact a VAR and get a right sized solution. DM me if you have more questions
As others have mentioned, Defender for Endpoint is the one we are currently using at my organization, and I hear it’s very decent.
Bitdefender/crowdstrike
Before the recent issue, Crowdstrike was seen as the gold standard. They’re arguably a better product now that they made their mistake and were forced to rethink some of their processes.
Outside of them, SentinelOne is pretty good but I’d take a good look at Huntress. That team is doing some really great stuff out there.
Malwarebytes does a good job on small business…
I’m a fan of SentinelOne after inheriting it. It works really well and a lot of actions are automated. Very simple to setup and drive.
One you can actually use.