Educause Security Discussion mailing list archives

Re: windows AV policy support

From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Thu, 30 Nov 2006 16:15:09 -0500

There are two tests that I can suggest:

-to check for AV real time detection functionality, use a script to attempt to write the EICAR pattern to a file. An AV 
configured to do real time detection should block this attempt.
-to check for AV up-to-date status, this information is stored in the WMI database. There are tools available to 
retreive this information.

I don't know of any AV products that don't support both of these so we have no AV product restrictions. We use these 
checks in our in-house NAC system.

Mike


Mike Wiseman
Manager - Computer Security Administration
Computing and Networking Services
University of Toronto

Background: we are cosidering a change to our AV policy. In the past we
have required that one provided and supported product be used. We are
thinking it might be better to let the students choose from a long list.
Question: how best to enforce that one of a long list is not only
installed but functioning.
Thank you.
<><Randy



<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY   13244
315-443-5779
rgrimsha () syr edu

Current thread:

windows AV policy support Randy Grimshaw (Nov 30)
- <Possible follow-ups>
- Re: windows AV policy support Scholz, Greg (Nov 30)
- Re: windows AV policy support Mike Wiseman (Nov 30)
- Re: windows AV policy support George C. Russ (Dec 05)