Educause Security Discussion mailing list archives
Re: AV - Full scans or On Access Scans
From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Thu, 10 Apr 2008 15:38:13 -0400
Great thread, Has anyone talked to AV vendors about offline scanning? Newest threats such as rootkits and VM based malware are getting increasingly difficult to detect while the OS is running. I have been asking different AV companies about their plans to implement offline scanning where a PC would reboot, load a lightweight OS over PXE, complete a scan and then reboot from its local disk. So far, I have been unable to spark such interest in the AV companies. IMHO, automating and scheduling such process is something that AV companies should start looking at. Also, given the fact that more and more datacenters are deploying VM's as part of consolidation and green initiatives, a solution that could scan a VM image will also be beneficial. Andrea Di Fabio Information Security Officer High Performance Computing Technology Coordinator Norfolk State University Office of Information Technology Marie V. McDemmond Center for Applied Research, Rm 401F 555 Park Avenue, Suite 401 Norfolk, Virginia 23504 757-823-2896 Office 757-823-2128 Fax -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Thursday, April 10, 2008 2:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] AV - Full scans or On Access Scans On Wed, 09 Apr 2008 15:58:25 EDT, "David A. Batastini" said:
I'm trying to get the pulse of what other educational institutions are doing when it comes to managing AV scans on endpoints. Do you schedule full system scans or do you rely on the "on Access" scans to detect malware? If you run full system scans: how often, and what time are they set to run? If you do not run full system scans, how do you mitigate the security risk of new malware ( malware that AV did not detect during the initial on access scan)?
"An interesting game - the only way to win is not to play" -- War Games If merely checking for "Have I been hacked already?" is itself taking enough resources to cause problems, perhaps you're starting off with the wrong computing platform. There *are* options... Just sayin'. :)
Attachment:
smime.p7s
Description:
Current thread:
- Re: AV - Full scans or On Access Scans, (continued)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Consolvo, Corbett D (Apr 10)
- Re: AV - Full scans or On Access Scans Zach Jansen (Apr 10)
- Re: AV - Full scans or On Access Scans Marc Scarborough (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 10)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 10)
- Re: AV - Full scans or On Access Scans Valdis Kletnieks (Apr 10)
- Re: AV - Full scans or On Access Scans Di Fabio, Andrea (Apr 10)
- Re: AV - Full scans or On Access Scans Gary Flynn (Apr 10)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 10)
- Re: AV - Full scans or On Access Scans Jimmy Kuo (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans I. W. Woodle (Apr 11)
- Re: AV - Full scans or On Access Scans King, Ronald A. (Apr 11)
- Re: AV - Full scans or On Access Scans Koerber, Jeff (Apr 17)