OK, So I have always held Etrust highly in my view of antivirus software, It has always been very configurable with granular settings and high levels of reporting.. It “had” always had a relatively low footprint and hardly any visual pollution (cue Norton’s) but recently I have been struggling to keep it under control.
Etrust has expanded to a heavy resource hog. Even tweaked to exclude certain files/folders/processes it seems to lag the entire computer down..
Just check the services, count them 5 !
Crazy
Now I know I could most likely trim them down, but I don’t see the point now. CA Etrust is using way over 100mb of ram, that’s not acceptable in any situation and I can feel the computer being pulled into the pits of hell by Etrust, Its time to declaw and uninstall CA Etrust
What are my options?
For now there is only one. ForeFront (read up, Its actually good)
This is going to be a new install and deployment of Forefront to the entire domain, I am testing the rollout now and its actually working pretty well.
As I try to use Systems Centre Configuration Manager (SCCM) for application deployment (among other things) these are the special steps I took
- Install & Configure Forefront Server (New Physical)
This is easy, Just follow the prompts and guides from MS
- WSUS Server
You need to follow this guide WSUS FCS Updates
- Follow this guide to deploy FCS Client with SCCM Deploy FCS with SCCM
The only difference with my installation is that I did not use a TASK Sequence to remove the previous Antivirus. I don’t like the idea of having a system unprotected for any amount of reboots.
- I created a New Program for the FCS Client that had to run another software package (etrust uninstaller)
- Etrust remover.bat was basically just a msiexec that called for it to be removed. here is the BAT if you dare to use it :
net stop ITMRTSVC
net stop InoRT
net stop InoTask
net stop InoRPC
REM ITM
MsiExec.exe /X{847501DF-07C0-4691-B04A-893929F108AE} /qn
REM AV
MsiExec.exe /X{85F88F9C-6EB2-426B-88AB-28DA4A3526B9} /qn
exit
This seems to be effective in removing the old and installing the new.
Microsoft forefront has so many good points its hard to imagine how anyone will compete, the reporting is great! It also scans for security problems (service packs or weak passwords etc) I only hope it will handle viruses better or at least as well as CA, Not that viruses happen very often anyway, due to my heavily fortified virus proof(ish) boundary.
How does FCS seem to me? 43MB service, nice.
EDIT
Here are all the required MSIEXEC commands to remove etrust
MsiExec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}
MsiExec.exe /qn /X{85F88F9C-6EB2-426B-88AB-28DA4A3526B9}
This was the final part of the CA Story, Seems to have only left some empty folders..