How do you handle Malware at your company?

I'm curious how much time other companies spend in time and resources dealing with malicious software on users computers. How do you combat malware? Do schedule full scans on users machines? Do you scan the machines with multiple different ant-virus's? Did you implemented something like MS SteadyState?

At my job we run an enterprise grade anti-virus and any malware alert, except the very general "Script blocked" warnings, get a complete virus scan using the vendor's latest Beta definitions and using their commandline scanner in safe mode, even if the alert says the file was removed or the exploit was blocked. This takes about 2-3 hours per machine. I'm curious how others handle it.

Tags: antivirus, malware, policy

▶ Reply to This

Replies to This Discussion

Permalink Reply by P13r on July 1, 2008 at 5:57pm: We try to stop any malware before entering into our company. Main source is of course internet. We use different protection -> Web protection - Websense, spam and anti virus protection on exchange, anti virus protection on users machines.

If user machine still get infected we use Hitmanpro for "quick" scan :) But we don't hesitate to ghost infected machine with clean installation. ;) Most times this is quickest solution.; ▶ Reply to This

Permalink Reply by 47_MasoN_47 on July 9, 2008 at 10:06pm: The Watchguard firewall we use at work does a good job of filtering it before it even gets to the computers, but we also have Symantec Endpoint and Spybot S&D setup to run scans every night, starting at 7pm, of each user's PC and the Windows based servers.; ▶ Reply to This

Permalink Reply by Happy-Dude on July 22, 2008 at 2:19am: My school:

Re-image the entire system ... (Yeah ... It's true, something got into our school library computers and all the students who relied on them were left with no other choice for about 2 months.)

The reason why it took so long was the entire update to new drivers, programs, and stuff like that ...; ▶ Reply to This

Permalink Reply by Fa7her on August 11, 2008 at 3:26pm: Let me share just a short due to time. We have both desktop and mobile users. Our desktop users have local firewall and anti-virus loaded. It scans of course daily. But we have implemented an perimeter defense that is fairly strong. The biggers proactive protection though has been education. With the various web and email exploits all the outside protection does no good.

For the mobile users we implemented "Deepfreeze" from Faronics. Works great. Clean machine with each startup and we use "thawed space" for data that must change daily.; ▶ Reply to This

Permalink Reply by Alexander Sverdlov on November 27, 2008 at 12:25pm: P13r, Mobiltel? ;)

I'd say a good malware protection should start at jailing the browser, the user, and his computer into a safe environment. Then proceed with all other protective measures - I've seen companies where every single user has Admin rights on their computers... what kind of malware protection can you use then? I doubt it would be even slightly effecitve...; ▶ Reply to This

Permalink Reply by d@v|d on January 4, 2009 at 11:37pm: Avast Pro has some great management functions built in for silently scanning, deploying updates and even boot time [safe mode like] scans of network machines. [This sounds like your current solution?]

I think a browser sandbox or a VM solution would help mitigate malware threats without being as harsh to the user as Deep Freeze or ghost.
Other thoughts;
I found it helpful to keep the [Windows] OS light by storing user data on a separate partition/device and keeping up to date backup .img of the OS as light as possible so when the inevitable happens the back up .Img can be installed over network as painlessly as possible [rsync etc]; ▶ Reply to This

Permalink Reply by Mani on January 23, 2009 at 10:27am: If you're interested in this topic, in HAKIN9 2/2009 (will be released in March) will be the article "Analyzing Malware". It is kind of introduction to the topic and to the next article, more technical one, which is in progress...; ▶ Reply to This

Permalink Reply by FinalEchelon on February 11, 2009 at 3:55pm: We use a Firebox X by Watchguard with real time packet scanning and extensive IP tables (decent protection, but I hate the interface). From there, for general data, Symantec Endpoint. For email, Mailfoundry appliance, Exchanges Edge Transport, and finally Symantec Endpoint for Exchange.

All remote users have Endpoint and connect via IP Sec style client through an SSL tunnel (Watchguard is weird).

Whether we ghost the machine or not generally depends on the infection.; ▶ Reply to This

Permalink Reply by scorcher821 on June 22, 2009 at 7:03pm: Our Sonicwall has an anti-virus scanning subscription we pay yearly that handles about 90% of it. The rest is handled by our spam filter (reflexion.org). In essence, we just throw money at it and let someone else handle it. For the most part you shouldn't be seeing any malware unless you have an extraneous situation or a user who needs his junk enlarged.

In the event that we recieve malware at our company though, we do the same thing, scan in the background and they eat the processor loss for the time.; ▶ Reply to This

RSS

Welcome to
House of Hackers

Sign Up
or Sign In

About

pdp created this Ning Network.

Badges | Report an Issue | Privacy | Terms of Service