Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Migrating Anti Virus Software

  1. #1
    Join Date
    Aug 2014
    Beans
    4

    Migrating Anti Virus Software

    Dear all,
    first of all. i would like to apologize if this is not the right place to ask.

    i'm new to Info Security.
    I would like to ask an opinion on migrating anti virus software for an Enterprise (1000 users).
    Let say, i currently used AV from company A, and want to migrate the antivirus software to AV from company B. I have made a study on how we would like to deploy it. We plan to use Microsoft SCCM to uninstall current AV and install the new AV. My concern is on the virus spread if the installation of new AV if unsuccessful. Is there any best practice on changing AV software. What other things that need to put in consideration?

    Anyone to share their experience.
    Thanks in advance.

  2. #2
    Join Date
    Aug 2006
    Beans
    12,963
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Migrating Anti Virus Software

    Try a MS support channel. We only support Ubuntu and derivatives here.

    ...never mind, we support everything here!
    Last edited by mikewhatever; August 27th, 2014 at 12:09 AM.

  3. #3
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Migrating Anti Virus Software

    Although a Microsoft forum might be best, users are quite welcome to post in Other Operating Systems and Projects.

    There are those who use Linux who are also proficient in Windows.
    My Blog
    Ubuntu Help Pages I'm constructing: AMDGPU and AMDGPU-PRO
    Don't let the truth get in the way of a good story!
    This universe is crazy. I'm going back to my own.


  4. #4
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    853
    Distro
    Ubuntu

    Re: Migrating Anti Virus Software

    Do you have a single AV console to manage all the hosts in your environment? Or are you just installing AV independently on each endpoint?

    I presume you have tested the new AV on some systems to ensure it's not going to do something stupid like quarantine Word throughout your enterprise .

    If it were me I would have a weekend change window. One day I would rip out all existing AV. Then once I've confirmed it's completely out of my environment I'd install the new one everywhere. have a script that would do the same on endpoints that were offline during the change.

    Problems ensue generally when you've got a few AVs on one box. They tend to conflict and/or quarantine each other.
    My concern is on the virus spread if the installation of new AV if unsuccessful.
    I hope you're not solely relying on AV to prevent infections. Anyway it's simple to test that AV is installed with an EICAR. Any AV will have an EICAR you can run on a random sampling of endpoints when you're done. Or build it into the deployment script.
    Knock knock.
    Race condition.
    Who's there?

  5. #5
    Join Date
    Aug 2014
    Beans
    4

    Re: Migrating Anti Virus Software

    Hi all,
    Thanks for the reply.

    I have tested the new AV on my testing machine, everything as expected but i think the real environment PC/laptop/server will be different right.
    Multi OS with different hardware spec with min 512MB RAM.

    And yes, i have the centralized AV management for the existing, where i can do uninstalling process from it.
    i plan to go for a pilot testing first, with 100 users, and see what is the success rate from there before roll out to other users in stages (group by group).

    i like the idea using EICAR testing, i can script it to test if the AV is working and at the same time it will communicate to centralized server to report it. End to end testing. =D

    what do you mean by this?
    I hope you're not solely relying on AV to prevent infections
    Did i need to consolidate the network that currently in process of migrating AV software?

  6. #6
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    853
    Distro
    Ubuntu

    Re: Migrating Anti Virus Software

    I prefer to err on the side of caution, so your testing plan sounds solid to me. Make sure you're testing all the different OS's and hardware combinations. Just to be clear, the main concerns are software conflicts, cpu usage, and false positives.
    Knock knock.
    Race condition.
    Who's there?

  7. #7
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    853
    Distro
    Ubuntu

    Re: Migrating Anti Virus Software

    what do you mean by this?
    I mean AV costs more than it's worth generally. http://mobile.techworld.com/news/sec...port-suggests/

    AV is often a requirement by regulations and business partners. I wouldn't get too hung up on which one you're using. Find a reasonably priced one and stick with it (assuming no production issues).

    Spend your time and budget on other things that will actually improve your security posture. EMET is free and is MUCH better at preventing malicious behavior http://support.microsoft.com/kb/2458544
    You could build a squid proxy pretty cheap with OSS.
    Snort is free & is an open source IDS.

    Meh. I tried not to be preachy. FAIL.
    Knock knock.
    Race condition.
    Who's there?

  8. #8
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,329
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Migrating Anti Virus Software

    Like bashiergui, I think the best solution is to keep malware from coming into the organization at all. At a minimum that means virus scanning of all inbound emails, but you should consider pushing all web requests through Squid with SquidClamAV installed as well. I would also disable USB ports on as many machines as possible, and certainly configure your AV software to alert you if someone inserts an infected USB stick. People love to bring in USB drives with photos of their kids and some nice hidden malware as well.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  9. #9
    Join Date
    Aug 2014
    Beans
    4

    Re: Migrating Anti Virus Software

    Hi bashiergui/SeijiSensei,

    Thanks for the input. Just to ask u, did i need to do some sort of benchmark in term of performance / security incident before and after the project?
    Does it really matter?

    For the testing part, i have identified 20 application, that need to avoid any conflicts with the new AV.
    After finish the testing ,then i deploy to first 100 users, for real production testing.

    Let say for example, during the deployment, there is incident of virus spread through network.
    What is the best practice/ SOP to handle this issues. Have any standard to follow?



  10. #10
    Join Date
    Aug 2014
    Beans
    4

    Re: Migrating Anti Virus Software

    Hi SeijiSensei,

    Just additional info, i will set the policy of the AV for device blocking for some user.
    How you disable USB in your environment?

    Last edited by term3; August 26th, 2014 at 05:38 PM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •