Re: Centralized Antivirus Recommendation

[Eme Ejike <eejike () ODU EDU>]

We utilize the Mcafee E-policy Orchestrator.  Mcafee enterprise 8.7 +
antispyware module seems to have made an improvement on client  memory
and background processor usage. In addition, some contracts allow for
student and faculty use
I had deployed this out in 2007 as one of my preliminary centralization
efforts. We still use this with updates and patches of course.  The
logging is quite verbose. we have leveraged the logs in our security
operations manager. it provides outbreak management. Dat update
management with provisions for a local repository --which we use--. AD
domain deployment --- not so pretty because we do not allow SMB across
subnets (exceptions were created for deployment). It however allows for
custom frame package installs and switches.  Those still on Novell can
use snapshots for deployment.


Some of the log information comes to play in daily monitoring reports.

i)   Anti virus shut down events    --- Relevancy? first attempted
normally before  root kit installations
i)   Last check in        ------ Something is wrong
ii)  Non updated clients
iii)  Unresolvable files (per host with whitelist and exceptions )
iv)  Outbreak monitoring
v)   Identifying Notorious web surfers (where do you keep going to get
this junk ?  ---> AUP comes into play)


Eme Ejike
University Systems Security Officer
Old Dominion University
Norfolk, VA, 23508