My 1 cent.
I should go back to lurking...but... when choosing your a/v solution
there's something to check on... some of the a/v vendors have
historically needed admin rights to update or have had vulnerabilities
themselves.
Might be something to investigate and consider when chosing an a/v
...especially on a DC.
In my own historical issues with Trend, the OfficeProtect dat file
upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations
and last I heard cost Trend $8 mil in lost sales. They've also had a
security vulnerability patched somewhat recently.
Epo's had their issues as well....
http://xforce.iss.net/xforce/xfdb/21839
ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy
Orchestrator could allow an attacker to obtain MSDE SA password:
http://xforce.iss.net/xforce/xfdb/12787
ISS X-Force Database: epolicy-execute-commands(14166): ePolicy
Orchestrator command execution:
http://xforce.iss.net/xforce/xfdb/14166
Al Garrett wrote:
My 2 cents...
EpO has worked outstanding for us.
Does inventory reports, finds "rogues", demonstrates to pointy-haired
bosses how many infections are avoided and how dangerous it is "out
there."
Combined with CommTouch Anti-Spam solution.
-----Original Message-----
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
*Sent:* Tuesday, October 04, 2005 8:36 AM
*To:* [email protected]
*Subject:* RE: [ActiveDir] Anti-virus protection in domain enviroment
Just to add a little to what Phil says:
When I last used ePO I found that possibly the most useful feature
was the reporting aspect. This allows you (amongst others) to
assess which viruses were found in the environment and therefore
what action if any needs to be taken to prevent further infection.
Most organisations don't have any idea how many infections they
suffer from or how regularly the infections occur. A tool such as
ePO can help in this area quite significantly. [it's also a handy
management tool which helps justify the ongoing AV costs :) ]
neil
*___________________________*
*Neil Ruston*
Global Technology Infrastructure
Nomura International plc
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Phil Renouf
*Sent:* 04 October 2005 16:10
*To:* [email protected]
*Subject:* Re: [ActiveDir] Anti-virus protection in domain enviroment
Take a look at this article, it should give you the information
you need to configure Antivirus on your DC's:
http://support.microsoft.com/default.aspx/kb/822158
I don't have any experience running NOD32 on anything :)
As for clients, most environments I have been in use a product
similar to McAfee's EPO to centrally manage all the AV agents on
the desktop to make sure they are configured to the corporate
standard and that they have up to date scan engines and DAT files.
Phil
On 10/4/05, *Boris Demirov* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Hello everybody,
I got some questions about the anti-virus protection of a
domain controller
and the domain environment:
In my opinion the best AV program for the moment is NOD32 - I
am using it
successfully on many workstations, but I am not quite sure how
it will act on
a DC. What kind of protection do you use on your DCs and have
somebody got a
closer look on the NOD32 installed on a DC?
And something else to ask: what kind of AV protect your
workstations in
domain, do you use a single copy of a normal AV or some
enterprise edition?
All advises on the topic of antivirus protection in domain
controller and the
stations in the domain are welcome.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
<http://www.activedir.org/ListFAQ.aspx>
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and
delete your
copy from your system. You must not copy, distribute or take any
further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious or
disabling
code in, this message or any attachment(s) to it. If verification
of this
email is sought then please request a hard copy. Unless otherwise
stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc; (3) is
intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial instruments.
NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St
Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
