Educause Security Discussion mailing list archives
Re: Checking for AV software on students' machines
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 9 Jun 2004 15:07:01 -0400
Nathan Hall wrote:
Now that we have found a way to check students' machines for missing patches before they are allowed on the network, we are looking to expand to checking for the presence of updated anti-virus software. This requires access to the students' machines, so we are looking at using a web page with a .NET component to perform the check. A few questions: 1) Is anyone else doing something like this currently? 2) How have you implemented this (web page w/ ActiveX/.Net, downloadable program...)? 3) What do you look for to determine if AV software is present (registry entries, services, running processes...)? 4) How successful has it been? 5) Pitfalls? Any other input would be appreciated too. Thanks in advance.
We're not doing anything now but hope to be by fall. We'd started developing a suite of "StartSafe" HTA/WSH/WMI scripts provided via the web to provide this functionality and lots more. When you can get an agent (login script, ActiveX control, whatever) on the end system, the possibilities (and issues) are limitless. :) Then we started thinking about integrating it with something like Netreg by having the scripts set a cookie that Netreg could read during registration. But now we're looking at running the scripts through Perfigo's CleanMachines. Legacy platforms without WSH/WMI would be done through registry checks. The question of whether to enforce a standard AV product is a good one. It would seem that trying to check for a myriad of products and versions across platforms would be tedious and error-prone. We have a site license for Symantec so operationally we could do it. Scripts could help a user in removing old AV and installing new AV. As for the firewall issue I've seen brought up in several followups, we're considering configuring the firewall so it allows access from our official security scanner machines. We'll have to provide some configuration templates for xpsp2 anyway or we'll have people turning it off when they can't get something working. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Checking for AV software on students' machines, (continued)
- Re: Checking for AV software on students' machines Craig Blaha (Jun 09)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 09)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 09)
- Re: Checking for AV software on students' machines Jeff Bollinger (Jun 09)
- Re: Checking for AV software on students' machines Helms, Sandra (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 09)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 09)
- Re: Checking for AV software on students' machines jack suess (Jun 09)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 09)
- Re: Checking for AV software on students' machines Gary Flynn (Jun 09)
- Re: Checking for AV software on students' machines Robert Ono (Jun 09)
- Re: Checking for AV software on students' machines Stephen Bernard (Jun 09)
- Re: Checking for AV software on students' machines Bill Frazier (Jun 10)
- Re: Checking for AV software on students' machines Nathan Hall (Jun 10)
- Re: Checking for AV software on students' machines Dunker, Mary (Jun 10)
- Re: Checking for AV software on students' machines Gibbs, Aaron M. (Jun 10)
- Re: Checking for AV software on students' machines Shawn Kohrman (Jun 10)
- Re: Checking for AV software on students' machines Ariel Silverstone (Jun 10)
- Re: Checking for AV software on students' machines Brian Eckman (Jun 10)
- Re: Checking for AV software on students' machines Jason S. Cash (Jun 10)
(Thread continues...)