• United States

Anti-virus best practices

Feb 02, 20042 mins

Nutter helps a reader looking for direction on managing anti-virus updates across his network

The past week was really busy with our support folks ensuring everyone had  anti-virus software installed with up-to-date signatures. Is there a best practices document you can recommend for handling this?

– Via the Internet

The only bad thing you can do is not have any anti-virus software or have outdated signatures/scanning engine. At a basic level, my personal preference is to have the servers look for updates on an hourly basis and have the workstations look for updates on a daily basis. Depending on the type of mail server you’re using, there may be a separate anti-virus package specifically for the mail server to scan e-mail and their attachments for viruses.

Depending on the size of your network, manually checking to make sure everyone is using correctly configured anti-virus software can take more time than you have. Network Associates has a package called ePolicy Orchestrator that gives you a console or central view of what protection is installed on what system, the settings each system has and the updates scheduled to occur. One good thing about this kind of approach is that all updates to the anti-virus software will occur locally rather than forcing every machine to hit the Internet to get the updates needed.

This is just an example of a software approach to the solution. There are a growing number of hardware appliances that look at the IP protocols on the network to see what kind of activity is there and what is considered “abnormal”. This solution is priced by the number of users and/or the amount of bandwidth connected to your network.

You can see if your anti-virus vendor has any best practices documents for advice on what settings you should have in place on your system. Even with a central view of the network, you’ll still need to check that everyone has the anti-virus software installed with the latest signatures in place and they’re doing periodic scans. There should be some type of reports available in this type of approach to give you the information you need without having the look at every machine individually.