Educause Security Discussion mailing list archives
Re: AV - Full scans or On Access Scans
From: Charlie Prothero <Charlie.Prothero () KEYSTONE EDU>
Date: Wed, 9 Apr 2008 21:12:30 -0400
We had the same problem at Keystone College. Theoretical question here: Say a piece of malware gets onto a machine before your AV software has a signature for it. The AV software is subsequently updated to detect that malware. If the malware had managed to install itself, it's gone on the next reboot. Otherwise, it's just sitting on the drive, undetected because it isn't referenced. If it was, the AV software would nab it. Obviously, it's not *desirable* to be storing a virus collection, but how much of a problem would it be, provided the AV on-access scanner is active? ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David A. Batastini Sent: Wednesday, April 09, 2008 3:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] AV - Full scans or On Access Scans All, I'm trying to get the pulse of what other educational institutions are doing when it comes to managing AV scans on endpoints. Do you schedule full system scans or do you rely on the "on Access" scans to detect malware? If you run full system scans: how often, and what time are they set to run? If you do not run full system scans, how do you mitigate the security risk of new malware ( malware that AV did not detect during the initial on access scan)? As you can probably guess, I'm getting negative feedback on the intrusive behavior of our complete system scans. In the past year, we've cut the frequency in half (from weekly to bi weekly) and randomized the time to try to lessen the impact. Anyone have any success stories they're willing to share? Thanks in advance, David -- David Batastini, GCIH University of Rhode Island Information Security DavidB<at>uri.edu 015 Tyler Hall p. (401) 874-2663 c. (401) 265-5515 f. (401) 874-7004
Current thread:
- AV - Full scans or On Access Scans David A. Batastini (Apr 09)
- <Possible follow-ups>
- Re: AV - Full scans or On Access Scans Ken De Cruyenaere (Apr 09)
- Re: AV - Full scans or On Access Scans I. W. Woodle (Apr 09)
- Re: AV - Full scans or On Access Scans Mike Hanson (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 09)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 09)
- Re: AV - Full scans or On Access Scans Charlie Prothero (Apr 09)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 09)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Consolvo, Corbett D (Apr 10)
- Re: AV - Full scans or On Access Scans Zach Jansen (Apr 10)
- Re: AV - Full scans or On Access Scans Marc Scarborough (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 10)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 10)
(Thread continues...)