We're using McAfee and EPo with over 5000 desktop systems. Primarily Windows XP with a few hundred Windows 7 systems with Trend Micro on our Exchange servers. We do not whitelist/blacklist apps, we have a mix of desktop and thin client apps.
We have not seen a rise in malware infections. We have seen a rise in phishing emails. We have published compliance reports for bith the server and the desktop environments. Anything out of compliance more then a few days get a ticket opened for a visit. Steven On Wed, Jul 13, 2011 at 8:12 PM, Harry Singh <[email protected]> wrote: > It could just be late here on the east coast, but could you explain > what do you mean by "non-local areas"? > > Also, how are you preventing any .exe from running? GPO? > > > > On Wednesday, July 13, 2011, <[email protected]> wrote: > > We redirect AppData, and any exes in non-local areas aren't allowed to > run. As is anything not owned by Administrators. > > Sent from my POS BlackBerry wireless device, which may wipe itself at > any momentFrom: Micheal Espinola Jr <[email protected]> > > Date: Wed, 13 Jul 2011 14:04:17 -0700To: NT System Admin Issues< > [email protected]>ReplyTo: "NT System Admin Issues" < > [email protected]> > > Subject: Re: Thought on malware cleaning > > I'm all for leaving it open. But it should be checked by AV software and > related tools. its just common sense. there is almost always infection > there. There and some other common locations should be checked. Any apps > present should be checked if they are signed. Or have any company detail > (most/all are null). And depending, then that should be scanned against the > registry. > > > > Its not rocket science, and its not that resource intensive. Especially > if we are talking about using an AV/AM app performing a system sweep. > > -- > > Espi > > > > > > > > > > > > > > > > On Wed, Jul 13, 2011 at 1:55 PM, Crawford, Scott <[email protected]> > wrote: > > > > > > > > > > > > > > > > > > > > > > I’m not referring to whitelisting, which has its own set of issues. > > > > I’m talking about your suggestion of disallowing any .exe files in the > root of AppData. > > > > From: Micheal Espinola Jr [mailto:[email protected]] > > > > Sent: Wednesday, July 13, 2011 3:50 PM > > To: NT System Admin Issues > > Subject: Re: Thought on malware cleaning > > > > While I agree with whitelisting, and I believe its a reasonable solution > at this point. The original intent of this post and what I am proposing > dont involve whitelisting. > > > > -- > > Espi > > > > > > > > > > > > > > On Wed, Jul 13, 2011 at 1:40 PM, Crawford, Scott <[email protected]> > wrote: > > > > > > My point is that it’s common simply because its allowed. Disallowing > .exes to be stored would make it rare, but the .exes would just > > have moved with no net gain. Or maybe I’m misunderstanding what you’re > suggesting. > > > > From: Micheal Espinola Jr [mailto:[email protected]] > > > > Sent: Wednesday, July 13, 2011 2:52 PM > > > > > > To: NT System Admin Issues > > Subject: Re: Thought on malware cleaning > > > > > > Thats not my solution. my solution is to check these types of folders > and match against the registry. > > > > > > > > > > Its a very common occurance in my experience, and would add lots of value > when they are found. > > > > -- > > Espi > > > > > > > > > > > > > > > > > > On Wed, Jul 13, 2011 at 12:34 PM, Crawford, Scott <[email protected]> > wrote: > > > > > > > > > > > > > > If the OS blocked .exe from the root of AppData, malware would just put > it in a subfolder. Your simple solution is only simple because > > that’s how windows is designed. The overhead to block .exe in AppData > would take resources to code and test and would add virtually no value. > > > > From: Micheal Espinola Jr [mailto: > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
