Educause Security Discussion mailing list archives
Re: AV - Full scans or On Access Scans
From: "I. W. Woodle" <iwoodle () UTK EDU>
Date: Wed, 9 Apr 2008 16:43:42 -0400
It has been difficult to implement weekly automatic scans from the server. We have used several methods to try to overcome the issue of client system resource utilization during a scan. Our product (mcafee vscan) gives you the ability to reduce the cpu priority and time used by the scan. We have gotten away with it by having that set low, in addition to doing the scan on Wednesday at noon (lunch break), reducing the files scanned to system and other critical areas and avoiding memory scans. Additionally, instead of "hiding" the scan from the user, giving them the ability to stop the scan in the window reduces the moans but almost guarantees that the scan will never complete. Ultimately we must put faith in the on-access scanner and hope that our users will follow recommendations to do the full scans every week at their slow times. Otherwise it would require a hard fast policy that could never meet the needs of the institution and at best be highly intrusive to day to day business activity. Another option I have been pondering is using multiple "small" scans that take place every day to get the whole system once a week. Not sure that would really work well either. Good luck. -Wes I. W. Woodle (Wes) University of Tennessee Antivirus Administrator In the end, we rely on the on-access scan and the user's scheduled full scans to protect. Ken De Cruyenaere wrote:
On Wed, Apr 09, 2008 at 03:58:25PM -0400, David A. Batastini wrote:All, I'm trying to get the pulse of what other educational institutions are doing when it comes to managing AV scans on endpoints. Do you schedule full system scans or do you rely on the "on Access" scans to detect malware? If you run full system scans: how often, and what time are they set to run? If you do not run full system scans, how do you mitigate the security risk of new malware ( malware that AV did not detect during the initial on access scan)? As you can probably guess, I'm getting negative feedback on the intrusive behavior of our complete system scans. In the past year, we've cut the frequency in half (from weekly to bi weekly) and randomized the time to try to lessen the impact. Anyone have any success stories they're willing to share? Thanks in advance, DavidHi We request minimum of weekly AV scans. The day and time is left up to the department computer person. Some choose daily scans. Most choose weekly scans at noon on Wednesday. The scan settings are controlled from the AV master console. Ken
Current thread:
- AV - Full scans or On Access Scans David A. Batastini (Apr 09)
- <Possible follow-ups>
- Re: AV - Full scans or On Access Scans Ken De Cruyenaere (Apr 09)
- Re: AV - Full scans or On Access Scans I. W. Woodle (Apr 09)
- Re: AV - Full scans or On Access Scans Mike Hanson (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 09)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 09)
- Re: AV - Full scans or On Access Scans Charlie Prothero (Apr 09)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 09)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Consolvo, Corbett D (Apr 10)
- Re: AV - Full scans or On Access Scans Zach Jansen (Apr 10)
(Thread continues...)