Educause Security Discussion mailing list archives
Re: Antivirus warnings from Windows Security Center
From: "Harry E Flowers (flowers)" <flowers () MEMPHIS EDU>
Date: Tue, 14 Apr 2009 11:29:14 -0500
I think this is the approach you need to take... Symantec AV Corporate Edition has been incredibly weak for the last few years - with version 11, they switched to their consumer product AV engine, and the protection is reportedly much, much better. I'd consider the warnings for running older versions to be real, not a problem with Windows Security Center. The last breach we had here (a few years ago) was *caused* by SAV (they had patched the problem before the exploit hit, but their control center reported that the clients were patched when in fact they were still vulnerable - there was the bug for the managed systems exploit, the bug in pushing out the updates, and the bug in reporting the correct version of the client that combined to hurt us). We'd have been better off running nothing. Needless to say, we haven't been relying on SAV for our servers since then. Even though version 11 brings them back into the game, we'll probably stick with what we're using now on the server side of things. -- Harry Flowers Manager, Systems Software Information Technology Division The University of Memphis From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brenda B Gombosky Sent: Monday, April 13, 2009 11:07 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Antivirus warnings from Windows Security Center We had this problem and had to build an inf file to allow Symantec to get through - we are using version 11 now and it takes care of these issues. Brenda B. Gombosky, CISSP, CGEIT, CISM, CHSP Director, Enterprise Security Information Technology University of Louisville Miller IT Center, Room 109 Louisville, KY 40292 (502)852-5037 (502)419-6689
Gary Flynn <flynngn () JMU EDU> 4/13/2009 11:21 AM >>>
Hi, Our desktop support folks are considering turning off anti-virus monitoring by the Windows Security Center due to false reports of anti-virus problems that confuse computer users. We're running Symantec Corporate Ediction 10.x and when the computers first start the WSC will pop up saying anti-virus isn't operating and/or definitions are out of date. Have you seen similar behavior? Do you have a confirmed explanation? One explanation I saw for the startup message was that the user is allowed to login before all Symantec services are started. http://www.symantec.com/connect/forums/symantec-antivirus-101-corporate-edition Did you take any action such as disabling WSC monitoring of AV software? I kind of like the dual monitoring but I have to admit any malware worth its salt is going to disable both WSC and AV if it runs with privilege. thanks, -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Antivirus warnings from Windows Security Center Gary Flynn (Apr 13)
- <Possible follow-ups>
- Re: Antivirus warnings from Windows Security Center Roger Safian (Apr 13)
- Re: Antivirus warnings from Windows Security Center Brenda B Gombosky (Apr 13)
- Re: Antivirus warnings from Windows Security Center Stanclift, Michael (Apr 13)
- Re: Antivirus warnings from Windows Security Center Harry E Flowers (flowers) (Apr 14)
- Re: Antivirus warnings from Windows Security Center Jeff Kell (Apr 14)