Versions Compared

Version Old Version 4 New Version 5
Changes made by

Dennis H. Wiedeman

Dennis H. Wiedeman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Anti-Virus Scan Time Policies -- You can determine what time and what actually gets scanned when you choose the Full Anti-Virus Management model.  At this time, workstations and laptops can be scanned every day, 7 days a week, 365 days a year at any of the following times (assuming the system is left at the time the anti-virus scan is initiated:
    • 2:00 AM
    • 5:00 AM
    • 12:00 PM (noon)
    • 12:00 PM and 7:00PM
    • 4:00 PM
    • 6:00 PM
    • 7:00 PM
    • 8:00 PM
    • 10:00 PM
    • 11:00 PM
  2. Anti-Virus and Host Intrusion Prevention System Policies Components
    • Authorization -- Authorization or denial of applications to run on a system are based upon a number of criteria
    • Messaging -- Messages to the user can be set to go out (or not) through email. 
      • Desktop Messaging -- In order to minimize the need for user to get involved, desktop messaging has been turned off
      • Email Alerting -- This has been enabled, so Desktop Support personnel and Sophos Administrators can be notified of virus problems early in the detection process
      • SNMP Messaging -- Not in use at this time
      • Event Log -- We make extensive use of virus event logs so that follow-up can occur as to what happens during a virus outbreak on campus
    • Sophos Live Protection -- "Live Protection" provides the most up-to-date threat protection through an online lookup service at Sophos.com in real time. We have this enabled and automatically send sample files to Sophos for further forensic analysis.
    • Suspicious Behavior (HIPS) -- The "Host Intrusion Proection System" is setup on the Enterprise Console to detect suspicious behavior and buffer overflows 
    • On-Access Scanning -- On-access scanning is at the heart of what we do to protect computers on campus. 
      • Scanning -- What to scan
        • Check Files Upon . . .  -- The anti-virus system has been set up to check files whenever a user "reads" a file.  We have options to also check them when they write or rename a file, but these are not turned on, currently.
        • Scan For -- The set-up currently provides for Adware and PUAs (Possible Undesirable Applications) and Suspicious Files.  We don't currently scan for Macintosh viruses, as this service currently is only deployed to IBM type PCs on campus.
        • Other Scanning Options -- There are options to allo access to drives with intecte boot sectors and to scan (or not scan) inside archive files (which is not recommended due to its high toll on performance).
      • Extensions -- Files with specific extensions to scan or not scan (i.e. .exe, .pdf, etc.).  We choose not to scan all files for performance reasons, but we do choose to scan files with no extnetions and other executable and/or vulnerable file types
      • Exclusions -- We can choose to select specific file types, application type files (like Thunderbird files), specific files or drive and folder designations.  For obvious reasons, we also choose not to scan remote files.
      • Mac Exclusions -- We can choose the same specific types of exclusions provided to Windows files for Macs
      • Linux/Unix Exclusions -- If we scan Linux/Unix systems, we can choose the same specific types of exclusions provided to Windows files and Mac files
      • Clean-Up -- We can choose what to do (or not do) automatically when viruses, suspicious files, spyware and other malware are found on a system.  Currently, we automatically clean up these items by deleting all viruses and spyware and denying access to suspicous files by moving them to a safe location on the hard drive.
    • Web Protection --
    • Scanning Schedule --
    • Extensions and Exclusions --
    • Scanning Options --
    • Cleanup Options --