nkulsh
asked on
SEPM - Are built-in Antivirus and Antispyware Policies any good?
There are 3 built-in Antivirus and Antispyware Policies in SEPM 11. I find them rather quirky in many respects. Here are my questions about them in general:
1. Is once a week admin scan enough? I am used to doing them daily during lunch hour.
2. Is there need to scan files inside compressed files -- to 3 levels? I rather have no scaning within zipped files.
3. Warn when virus definitions are outdated by 30 days? Is that not too long? How about 3 days?
4. Why should we ask passwords for mapped drive? Why make scanning so interactive? If a drive is mapped, logged on user must have authenticated.
5. Why just log, and not clean, when boot virus is detected?
6. Why Auto-protect is not set to Enable itself, after say 5 minutes of disable state, by default?
7. What is Windows Security center mentioned in Misc. tab of SEP AV policies?
And two other, but similar, questions about SEPM:
A. Is "Admin > Client Install package" feature most useful to upgrade and modify installation on computers which are already in a client group in SEPM? (See related question below.) Otherwise Migration and Deployment Wizard would be redundant?
B. What is the buzz on AD sync feature? Our deployment is working OK without it. Is it worth bothering with? Probably it will make Deployment Wizard unnecessary, right?
Thanks for sharing your knowledge.
Jay
1. Is once a week admin scan enough? I am used to doing them daily during lunch hour.
2. Is there need to scan files inside compressed files -- to 3 levels? I rather have no scaning within zipped files.
3. Warn when virus definitions are outdated by 30 days? Is that not too long? How about 3 days?
4. Why should we ask passwords for mapped drive? Why make scanning so interactive? If a drive is mapped, logged on user must have authenticated.
5. Why just log, and not clean, when boot virus is detected?
6. Why Auto-protect is not set to Enable itself, after say 5 minutes of disable state, by default?
7. What is Windows Security center mentioned in Misc. tab of SEP AV policies?
And two other, but similar, questions about SEPM:
A. Is "Admin > Client Install package" feature most useful to upgrade and modify installation on computers which are already in a client group in SEPM? (See related question below.) Otherwise Migration and Deployment Wizard would be redundant?
B. What is the buzz on AD sync feature? Our deployment is working OK without it. Is it worth bothering with? Probably it will make Deployment Wizard unnecessary, right?
Thanks for sharing your knowledge.
Jay
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(2) our users sometimes send executables within zipped file. How can they do this if such files are blocked? By renaming the extensions?
Can you be more specific, you mean sending attachments by e-mails ? It depends on your antispam product configuration. Endpoint will scan outlook/lotus notes for malicious attachments and take an action (Delete/quarantine).
(4) the mapped drives are there from logon script and don't ask for password each time you access them. So will the enabling of this feature prompt users?
No, it shouldn't
You're welcome :)
Can you be more specific, you mean sending attachments by e-mails ? It depends on your antispam product configuration. Endpoint will scan outlook/lotus notes for malicious attachments and take an action (Delete/quarantine).
(4) the mapped drives are there from logon script and don't ask for password each time you access them. So will the enabling of this feature prompt users?
No, it shouldn't
You're welcome :)
ASKER
(2) Yes, of course, I meant as email attachments in Outlook. SEP would quarantine those attachments if I enable compressed file scanning. So how can these files be sent -- by renaming extensions?
Jay
Jay
ASKER
(4) On further investigation, I will have to disagree with you on this. It seems that this setting wants you to specify one password that will be used to access any mapped network drive.
One password for all? I rather not enable this. I think default is blank.
Jay
One password for all? I rather not enable this. I think default is blank.
Jay
(4) From Symantec Knowledge base:
Ask for a password before scanning a mapped network drive:
Specifies whether or not clients prompt users for a password when the client scans network drives.
The default password is symantec. You can change the password by clicking Change Password and setting the password.
Ask for a password before scanning a mapped network drive:
Specifies whether or not clients prompt users for a password when the client scans network drives.
The default password is symantec. You can change the password by clicking Change Password and setting the password.
ASKER
Quite Helpful.
ASKER
Your responses are very good. I thank you sincerely. However, I will let the question remain open for a while as other experts may offer somewhat different opinions about the first few questions.
About (2), our users sometimes send executables within zipped file. How can they do this if such files are blocked? By renaming the extensions?
About (4), the mapped drives are there from logon script and don't ask for password each time you access them. So will the enabling of this feature prompt users?
Of course, I am familiar with Windows Security center interface. I missed to make the connection.
Thanks again.
Jay