Educause Security Discussion mailing list archives
Re: windows AV policy support
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Thu, 30 Nov 2006 16:15:09 -0500
There are two tests that I can suggest: -to check for AV real time detection functionality, use a script to attempt to write the EICAR pattern to a file. An AV configured to do real time detection should block this attempt. -to check for AV up-to-date status, this information is stored in the WMI database. There are tools available to retreive this information. I don't know of any AV products that don't support both of these so we have no AV product restrictions. We use these checks in our in-house NAC system. Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto
Background: we are cosidering a change to our AV policy. In the past we have required that one provided and supported product be used. We are thinking it might be better to let the students choose from a long list. Question: how best to enforce that one of a long list is not only installed but functioning. Thank you. <><Randy <><Randall Grimshaw Room 203 Machinery Hall Syracuse University Syracuse, NY 13244 315-443-5779 rgrimsha () syr edu
Current thread:
- windows AV policy support Randy Grimshaw (Nov 30)
- <Possible follow-ups>
- Re: windows AV policy support Scholz, Greg (Nov 30)
- Re: windows AV policy support Mike Wiseman (Nov 30)
- Re: windows AV policy support George C. Russ (Dec 05)