I have my managed clients both send an email and alert the user. That way the user is aware that the actions they perform online have repercussions. I also then forward them a copy of the email I receive from the AV server, and ask them what they were doing to cause this. (Unless it's an obvious false positive). It keeps them in line and shows that we take security seriously. -Sam
________________________________ From: Erik Goldoff [mailto:[email protected]] Sent: Friday, January 29, 2010 8:38 AM To: NT System Admin Issues Subject: RE: Anti-virus notices depending on the situation ( I have some small clients with no on site IT staff ) I would have the AV popup an alert message to the user, stating a virus was detected, please email (lead user name here, so they can contact me) .... Server itself is setup to alert and smtp ... but in a hands-on managed site, probably don't need end users panicking and/or creating excessive help desk tickets every time their antivirus product does it's job. *most* times, the malware is properly dealt with and no further actions are needed. Any IT staff should be monitoring the AV console at least periodically and can gather ALL the alerts' information from the console logs anyway. And reviewing the logs all in one place makes it easier to determine if an outbreak is occuring ( same malware showing up in multiple places ) or if a workstation has been compromised ( same station repeating alerts ) Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' ________________________________ From: David Lum [mailto:[email protected]] Sent: Friday, January 29, 2010 9:15 AM To: NT System Admin Issues Subject: Anti-virus notices Does anyone here have their AV program set up to notify when a virus is detected on a PC? My real question is who does the notification go to and what process is in place around it? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
