I don't know how kz20fl does that, but in the case of Vipre, for example, it would simply be turning off the on-access scanning, and strictly using the on-demand scan, which can be scheduled or run manually.
I have to agree with Alex and Tammy; there's still plenty of virus vectors out there, and an employee bringing a cd or usb stick, and/or clicking an attachment that's infected can still cream your network. As other's have mentioned, a layered approach including AV, malwarebytes-type scanners, IPS/IDS, firewalls, DNS filtering, and other methodology is still the only way we can hope to catch the bad stuff. Well, I supposed you could disconnect from the internet, and disable floppies, cds, usb sticks, etc, and make the PCs read-only, but that impacts productive work a little. -----Original Message----- From: Harry Singh [mailto:[email protected]] Sent: Sunday, October 09, 2011 1:32 PM To: NT System Admin Issues Subject: Re: AV and malware protection? What's the name of the "sleeping" AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, <[email protected]> wrote: > Reactive AV is being phased out of our XenApp systems next week. We are going > to maintain a "sleeping" AV component and do a deep scan once a week. > Realtime monitoring is being turned off and we will rely entirely on the > application management suite. We are not doing this blithely - currently app > management stops about thirty or forty pieces of malware executing per week, > and our AV catches precisely zero. In this environment, AV is just a waste of > resources. > > Sent from my POS BlackBerry wireless device, which may wipe itself at any > moment > > -----Original Message----- > From: Alex Eckelberry <[email protected]> > Date: Sun, 9 Oct 2011 17:55:58 > To: NT System Admin Issues<[email protected]> > Reply-To: "NT System Admin Issues" > <[email protected]>Subject: RE: AV and malware protection? > > Hmmm.... Take a look at the Wildlist, which is the list of currently > verified viruses. There's still a lot of nasty stuff out there. > > http://www.wildlist.org/WildList/201108.txt > > We see plenty of viruses out there, and relying on a product like > Malwarebytes as your only line of defense is a serious mistake, IMHO. It's > an excellent product (remember we partner with them and are very close to > them, so this is not a slight in the least on their technology) but you > really, really need an AV product as a complement. > > Alex > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Sunday, October 09, 2011 1:27 PM > To: NT System Admin Issue > Subject: Re: AV and malware protection? > > On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry <[email protected]> > wrote: >> It's worth noting that MalwareBytes is not an antivirus product. >> It is, however, an excellent protecter/cleaner against modern Trojans >> and rogue antivirus products. > > And the difference between these two things is...? > > Viruses are largely obsolete anyway. Between ubiquitous network > connectivity and autorun, nobody needs to bother. Today's injection vectors > are exploitable vulnerabilities in networked software and social engineering. > An attacker crafting malware to piggy-back on benign executables exchanged > via sneakernet is like worrying about how to attach a team of horses to your > car. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > DISCLAIMER The information contained in this electronic mail may be > confidential or legally privileged. It is for the intended recipient(s) only. > Should you receive this message in error, please notify the sender by > replying to this mail. Please do not read, copy, forward or store this > message unless you are an intended recipient of it - unauthorized use of > contents is strictly prohibited. Unless expressly stated, opinions in this > message are those of the individual sender and not of GFI. While all care has > been taken, GFI is not responsible for the integrity or the contents of this > electronic mail and any attachments included within. (GFI2011) > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
