Protecting your client systems from viruses, worms, and Trojan files
using
VirusScan Enterprise
requires a well-planned strategy: defining threat prevention and detection,
response to threats, and ongoing analysis and tuning.
Prevention — avoiding threats
Define your security needs to ensure that all of your data sources are
protected, then develop an effective strategy to stop intrusions before they
gain access to your environment. Configure these features to prevent
intrusions:
User Interface Security —
Set display and password protection to control access to the
VirusScan Enterprise
user interface.
Access Protection — Use
access protection rules to protect your computer from undesirable behavior with
respect to files, registry, and ports.
Buffer Overflow Protection
— Prevent abnormal programs or threats from overrunning the buffer's boundary
and overwriting adjacent memory while writing data to a buffer. These exploited
buffer overflows can execute arbitrary code on your computer.
Unwanted Program
Protection— Eliminate potentially unwanted programs such as spyware and adware
from your computer.
Detection — finding threats
Develop an effective strategy to detect intrusions when they occur.
Configure these features to detect threats:
Update Task — Get
automatic updates of DAT and scanning engine from the
McAfee download website.
On-Access Scanner— Detect
potential threats from any possible source as files are read from or written to
disk. You can also scan for potentially unwanted cookies in the cookies folder.
On-Demand Scan Tasks —
Detect potential threats using immediate and scheduled scan tasks. You can also
scan for potentially unwanted cookies and spyware-related registry entries that
were not previously cleaned.
On-Delivery and On-Demand
Email Scanner — Detect potential threats on Microsoft Outlook email clients
using on-delivery scanning of messages, attachments, and public folders. Detect
potential threats on Lotus Notes email clients when messages are accessed.
Quarantine Manager Policy
— Specify the quarantine location and the length of time to keep quarantined
items. Restore quarantined items as necessary.
Response — handling threats
Use product log files, automatic actions, and other notification
features to decide the best way to handle detections.
Actions — Configure features to take action on detections.
Log files — Monitor product log files to view a history of
detected items.
Queries and dashboards —
Use
ePolicy Orchestrator queries and dashboards to monitor scanning activity and
detections.
Tuning — monitoring, analyzing, and fine-tuning your protection
After initially configuring
VirusScan Enterprise,
it is always a good practice to monitor and analyze your configuration. This
can improve your system and network performance, plus enhance your level of
virus protection, if needed. For example, the following
VirusScan Enterprise
tools and features can be modified as part of your monitoring, analyzing, and
fine-tuning processes:
Log files (VirusScan Console)
— View a history of detected items. Analyzing this information could tell you
if you need to enhance your protection or change the configuration to improve
system performance.
Queries and dashboards (ePolicy Orchestrator console) — Monitor scanning activity and detections.
Analyzing this information could tell you if you need to enhance your
protection or change the configuration to improve system performance.
Scheduled tasks — Modify tasks (like AutoUpdate) and scan times to
improve performance by running them during off-peak times.
DAT repositories — Reduce network traffic over the enterprise
Internet or intranet by moving these source files closer to the clients needing
the updates.
Modifying the scanning policies — Increase performance or virus
protection depending on your analysis of the log files or queries. For example,
configuring exclusions, when to use high and low risk profile scanning, and
when to disable scan on write can all improve performance.
CAUTION:
Failure to enable
When reading from disk scanning leaves your
system unprotected from numerous malware attacks.