I am too as I have to roll out an updated AV engine with connects to a new server soon and would like to hear what is said on this.
Jon On Thu, Aug 28, 2008 at 1:38 PM, David Lum <[EMAIL PROTECTED]> wrote: > "True, but, how did that virus get inside the domain in the first > place? " They had no clue. One conceivable method would be a compromised > laptop that was outside the LAN for a while and not updated until hitting > the LAN again – DOH! Hit the LAN, infect some servers, then find out the > laptop was infected…. We have plenty of laptops that float around (and yes I > know with SCCM I can adopt a desired config to keep things off my LAN until > they meet x requirements, but we are nowhere near that yet). > > > > Good points and yes, I for one am interested in what you guys decide. > > > > Dave > > PS I agree ePO is a major pain in the arse…. > > > > *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, August 28, 2008 10:12 AM > > *To:* NT System Admin Issues > *Subject:* Re: AV on *all* servers...or no? > > > > True, but, how did that virus get inside the domain in the first place? We > scan email in multiple places (gateway, Exchange) with mutliple virus > scanning engines, workstations have virus scan that scan's on access, on > read, on write etc, then it shouldn't ever get in. > > I'm not necessarily advocating removing virus scan from all servers all the > time, I just think that this idea (I'm talking about my local setup) of > every server having the same setup/configuration needs to be re-evaluated. > > I'll let ya'll know what we decide in our meeting this afternoon. > > On 8/28/08, *David Lum* <[EMAIL PROTECTED]> wrote: > > What about viruses (viruii?) that spread via network share? Taking the > gateway out won't stop those kind (W32/Sircam, etc). Textron had an issue > when as soon as they'd bring up a new server it would get infected as soon > as it joined the domain because some other had the virus… > > > > Dave > > > > *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, August 28, 2008 9:27 AM > *To:* NT System Admin Issues > *Subject:* Re: AV on *all* servers...or no? > > > > Ok, this is something that I've been dealing with/battling the powers that > be for the last several weeks. Unfortunately, I'm stuck with McAfee Virus > Scan Enterprise using EPO to manage it. Over the last several weeks I've > had a problem with my backups to various servers failing (Backup Exec v11d) > with an error that it cannot connect to the remote agent on the specified > server. Then the next day or a day or so later, it's fine for several days, > so I KNOW it's not a failure of Backup Exec or the remote agent. In > researching the problem, I can pinpoint when it is failing in the BE job > log, and pinpoint that McAfee on-demand scan is happening at the same time > on the server. Problem goes away when I finally manage to get EPO to stop > the on demand scan on the server (don't get me started on EPO, it's a royal > pain in the ocola). My argument is that not all servers need to have virus > scan on them, and that they can be further secured by removing their > gateway. I firmly believe that servers such as file and print that users > can write data to absolutely must have a virus scan application on them, > regardless of performance hit. Users just can't be trusted. But most > servers that are not directly touched by users saving files to it, not > surfing the internet (IMNSHO, no servers should ever be used to surf the > internet from), have their gateway removed and no or minimal virus scanning > on them should be a reasonable approach. BTW, we are having a group meeting > this afternoon at 1PM to discuss this subject. I guess I've been a squeaky > wheel ;) > > On 8/28/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > IMHO, it isn't needed on all servers, or even the majority of them, *IF* > your clients are up to date with AV software. I sometimes don't want the > extra overhead on my servers of having AV installed, management of the > software, patching of software, the all-too-often conflict of AV with other > software, etc. > > But, OTOH, I don't necessarily think it's a bad thing to have AV installed > on all servers in certain circumstances when done right. Just not > NEEDED.... (IMHO). > > JR > > > Original Message: > ----------------- > From: David Lum [EMAIL PROTECTED] > Date: Thu, 28 Aug 2008 08:53:12 -0700 > To: [email protected] > Subject: AV on *all* servers...or no? > > > > [Cross posted here and on the Vipre Enterprise list] > > There is some debate among my fellow IS staff here weather AV should be on > all 200+ of our servers. From my standpoint my question would be "Why not?" > - put it on all servers and exclude what's necessary We are "SQL heavy" and > I'm sure performance is the primary concern , but is there any compelling > reason to completely leave it off of some servers? > > Dave Lum - Systems Engineer > 971-222-1025 > Northwest Evaluation Association - www.nwea.org > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > -------------------------------------------------------------------- > mail2web LIVE – Free email based on Microsoft(R) Exchange technology - > http://link.mail2web.com/LIVE > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
