Pablo Di Noto: > It is clear that despite ticking the check boxes from the auditor point of > view with this idea, I would be willingly violating the internal rules they > have setup, and maybe risking the company certification in case of a deeper > review after an incident. Despite the overall lack of consideration for > specific (and arguably better) security setups, doing this hack will have > me connecting to our internal networks and avoiding the endpoint security > scan the applications really using them.
The auditors might be satisfied if you are able to explain how Qubes itself is a compensating control on the limited file scanning ability of your AV, but doing so could be a challenge. For a really ugly hack, you might be able to readonly loop mount -pool00 (and -root?) into a network connected AppVM running your AV, so it could scan them as large files. This breaks the Qubes security model pretty thoroughly, but would make auditors happy I guess. You'd at least have the benefit of continuing to use Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cb2cb03-6b0f-c966-8a87-590eb1773aac%40danwin1210.me.
