Educause Security Discussion mailing list archives
Re: AV - Full scans or On Access Scans
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Wed, 9 Apr 2008 14:55:50 -0700
We wake our computers up at night and do a deep file AV scan then,
along with some other routine maintenance like a full spyware scan,
inventory checks, any application updates, and so on.
Before we had wake on lan going, we did only on access scans. Needless
to say, it missed stuff and caused various problems.
~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College
________________________________
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew
Sent: Wednesday, April 09, 2008 2:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] AV - Full scans or On Access Scans
David, you bring up a good point on detecting new malware. That
is a good argument for full system scans on workstations (I need to push
for this again soon). Currently we have our servers configured to do
full system scans on Sunday at midnight. Our workstations currently
rely exclusively on on-access scans; however, we may be switching
products in the near future and I will be pushing for weekly full system
scans. The only drawback is client software that will force the scan if
the schedule is missed. This causes great headaches for users that turn
their computers off, which includes most laptop/tablet users.
Matt
Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
Visit us online at www.fairmontstate.edu
<http://www.fairmontstate.edu/>
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David A. Batastini
Sent: Wednesday, April 09, 2008 3:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] AV - Full scans or On Access Scans
All,
I'm trying to get the pulse of what other
educational institutions are doing when it comes to managing AV scans on
endpoints. Do you schedule full system scans or do you rely on the "on
Access" scans to detect malware? If you run full system scans: how
often, and what time are they set to run? If you do not run full system
scans, how do you mitigate the security risk of new malware ( malware
that AV did not detect during the initial on access scan)?
As you can probably guess, I'm getting negative feedback on the
intrusive behavior of our complete system scans. In the past year,
we've cut the frequency in half (from weekly to bi weekly) and
randomized the time to try to lessen the impact. Anyone have any success
stories they're willing to share?
Thanks in advance,
David
--
David Batastini, GCIH
University of Rhode Island
Information Security
DavidB<at>uri.edu
015 Tyler Hall
p. (401) 874-2663
c. (401) 265-5515
f. (401) 874-7004
Current thread:
- AV - Full scans or On Access Scans David A. Batastini (Apr 09)
- <Possible follow-ups>
- Re: AV - Full scans or On Access Scans Ken De Cruyenaere (Apr 09)
- Re: AV - Full scans or On Access Scans I. W. Woodle (Apr 09)
- Re: AV - Full scans or On Access Scans Mike Hanson (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 09)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 09)
- Re: AV - Full scans or On Access Scans Charlie Prothero (Apr 09)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 09)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Consolvo, Corbett D (Apr 10)
- Re: AV - Full scans or On Access Scans Zach Jansen (Apr 10)
- Re: AV - Full scans or On Access Scans Marc Scarborough (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 10)
(Thread continues...)