Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Migrating Anti Virus Software

  1. #11
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    843
    Distro
    Ubuntu

    Re: Migrating Anti Virus Software

    Let say for example, during the deployment, there is incident of virus spread through network.What is the best practice/ SOP to handle this issues. Have any standard to follow?
    If the only security product you have in the environment is AV, then let AV quarantine and remove the infections. I can't imagine what else you could realistically do.
    Knock knock.
    Race condition.
    Who's there?

  2. #12
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    843
    Distro
    Ubuntu

    Re: Migrating Anti Virus Software

    Quote Originally Posted by term3 View Post
    Hi SeijiSensei,
    Just additional info, i will set the policy of the AV for device blocking for some user.
    How you disable USB in your environment?
    If you're not filtering email attachments at all then I don't really see the point of blocking USB ports. It would just encourage users to email themselves the malware instead of transfer it via USB stick.
    Knock knock.
    Race condition.
    Who's there?

  3. #13
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,069
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Migrating Anti Virus Software

    Quote Originally Posted by bashiergui View Post
    If you're not filtering email attachments at all then I don't really see the point of blocking USB ports. It would just encourage users to email themselves the malware instead of transfer it via USB stick.
    I absolutely agree that you should start by filtering email before you do anything else. Still there is malware that can hide on a USB stick and runs with Autostart. That kind won't be transferred by email.

    I wasn't responsible for managing the USB ports. I believe you can disable them using Active Directory policies.

    To give you a sense of how pervasive infected email remains, the mail filtering software for that organization I mentioned with some 200+ users intercepted 69 infected messages just yesterday alone. We use MailScanner with spamassassin and ClamAV to scan every message when it arrives. Clean items are then forwarded to the organization's Exchange server.
    Last edited by SeijiSensei; August 27th, 2014 at 02:30 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #14
    Join Date
    Dec 2010
    Beans
    Hidden!

    Re: Migrating Anti Virus Software

    In our organization that is seen as highly critical and also very much targeted USB's have been disabled from working on the PC's period. When the IT Dept. needs to do something that can't be done via the network they have to use written CD/DVD's...

  5. #15
    Join Date
    Nov 2013
    Location
    On the edge
    Beans
    843
    Distro
    Ubuntu

    Re: Migrating Anti Virus Software

    Quote Originally Posted by not found View Post
    In our organization that is seen as highly critical and also very much targeted USB's have been disabled from working on the PC's period. When the IT Dept. needs to do something that can't be done via the network they have to use written CD/DVD's...
    I agree it's critical. If the OP isn't going to do anything other than run AV on endpoints then I see it a little bit like filling the door and window in on this castle:
    image.jpg
    Knock knock.
    Race condition.
    Who's there?

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •