Re: AV - Full scans or On Access Scans

[Charlie Prothero <Charlie.Prothero () KEYSTONE EDU>]

We had the same problem at Keystone College.  Theoretical question here:
Say a piece of malware gets onto a machine before your AV software has a
signature for it.    The AV software is subsequently updated to detect
that malware.  If the malware had managed to install itself, it's gone
on the next reboot.  Otherwise, it's just sitting on the drive,
undetected because it isn't referenced.  If it was, the AV software
would nab it.  Obviously, it's not *desirable* to be storing a virus
collection, but how much of a problem would it be, provided the AV
on-access scanner is active?

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David A. Batastini
Sent: Wednesday, April 09, 2008 3:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] AV - Full scans or On Access Scans

 

All,

                I'm trying to get the pulse of what other educational
institutions are doing when it comes to managing AV scans on endpoints.
Do you schedule full system scans or do you rely on the "on Access"
scans to detect malware? If you run full system scans: how often, and
what time are they set to run? If you do not run full system scans,  how
do you mitigate the security risk of new malware ( malware that AV did
not detect during the initial on access scan)? 

As you can probably guess, I'm getting negative feedback on the
intrusive behavior  of our complete system scans. In the past year,
we've cut the frequency in half (from weekly to bi weekly) and
randomized the time to try to lessen the impact. Anyone have any success
stories they're willing to share?

 

Thanks in advance,

David

 

-- 

David Batastini, GCIH

University of Rhode Island

Information Security 

 

DavidB<at>uri.edu

015 Tyler Hall

p. (401) 874-2663

c. (401) 265-5515

f. (401) 874-7004