Best antivirus solution for XPe?

[Barkley Bees]

We are currently testing Windows XPe on HP and Dell thin client computers
(desktops and laptops). The plan is for users to access our Citrix Metaframe
farm from these devices. Some users will be thin client desktops that will
be connected to our internal network. Others will be thin client notebooks
that will be used by mobile users or those at customer sites. These
notebooks will connect to the Internet to access our Metaframe services but
will have no connectivity to our network (ie: VPN).

For AntiVirus, we areconsidering "Endpoint Protection for Windows XP
embedded" by symantec
(http://www.symantec.com/business/endpoint-protection-for-windows-xp-embedded).
I have done some testing with the client and right off the bat I see that it
appears the Antivirus client cannot update the AV Signature Libraries
(definition files) without being on the LAN with the Policy management
server. There is not "Live update" type functionality to allow the client to
get these updates directly from Symantec without the parent server.

This presents a problem for our remote users who will not be connecting to
the network by VPN and only accessing the Metaframe resources. Does anyone
have any experience in this area that might be able to offer up some advice
on alternative AV solutions to work around this issue?

note: we considered using SEP11 by Symantec but cannot due to the 1GB flash
size limitation of our thin client candidates.

 

[Shawn]

Hi,

The two solutions for antivirus on XPe that I've tested are both free,
and fairly simple to install.

First is ClamAV from portableapps.com

Second is Trend Micro's Sysclean

For some background, I needed standalone AV applications for XP
embedded and this AV package needed to get pushed down to the XPe
boxes without any user interaction. Because of these constraints, I
could not run the installation on each XPe.

What I did is run these as a regular installation on a test XPe system
and determined the files and folders for the installation directory --
the benefit to the ClamAV portableapps version and Trend's Sysclean is
there are no registry entries or changes, and the necessary DLLs and
executables reside in the same directory. After the install on the
test box, I copied the relevant folders to a USB stick, added a simple
batch script to copy from the USB to the XPe hard drive, and voila!

Hope this helps people who are looking for a fast, easy anti-virus
installation for Microsoft XP embedded systems.

Please ping me if you've any questions. My Gmail email account is
easy to find

--scm

Shawn Merdinger
Security Researcher

 

[SA@JB]

Hi,

The two solutions for antivirus on XPe that I've tested are both free,
and fairly simple to install.

First is ClamAV from portableapps.com

Second is Trend Micro's Sysclean

For some background, I needed standalone AV applications for XP
embedded and this AV package needed to get pushed down to the XPe
boxes without any user interaction. Because of these constraints, I
could not run the installation on each XPe.

What I did is run these as a regular installation on a test XPe system
and determined the files and folders for the installation directory --
the benefit to the ClamAV portableapps version and Trend's Sysclean is
there are no registry entries or changes, and the necessary DLLs and
executables reside in the same directory. After the install on the
test box, I copied the relevant folders to a USB stick, added a simple
batch script to copy from the USB to the XPe hard drive, and voila!

Hope this helps people who are looking for a fast, easy anti-virus
installation for Microsoft XP embedded systems.

Please ping me if you've any questions. My Gmail email account is
easy to find

--scm

Shawn Merdinger
Security Researcher

Good to see there is another option to the Symantec, I have tried to put the
Version 11.0 for Embedded XP on 2 systems that do not have network
connectivity and has been a nightmare. Registry edits, making folders to drop
the .jdb files to, uninstall, reinstall multiple times and just appears it
will not work. I will say the Symantec tech support has been very helpful but
not with positive results. I will try the free stuff and see if the results
are better. Thanks for the info.