AV Audit

pma111
pma111 used Ask the Experts™
on
What should/could be included in a corporate anti-virus audit? If you have audited your AV compliance/configuration/policy, what steps did you review, what can/does go wrong with AV configurations. How common are these issues? I keep reading how vulnerable AV software itself is these days.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
I'd have your audit check the following:
-Installed Version
-Definitions date
-Verification that real-time scanning services are running
-Last system scan date
-Detection log

Author

Commented:
Thanks moonie42, would you be willing to go into a litle more detail on each of your 5 points to cover the risk if these procedures/tasks arent being done? In laymans / management speak if poss

Commented:
Installed version - you'll want to make sure that your clients are running the most recent version of the AV software and scan engines.

Definitions date - you'll want to make sure that your clients have the latest definitions.  You should be checking to ensure that no client has definitions that are more than a couple of days out of date.

Verification of real time scanning services - You'll want to ensure that services associated with your AV solution are in fact running.  AV can't detect threats if it's not running.

Last system scan date - you'll want to check that clients are routinely running a fully system scan, this is also a good indication that the software is working properly.

Detection log - you'll want to review threat detection logs as users may not see or may ignore warnings and not do anything to get assistance or attempt to clean themselves.

Author

Commented:
Thanks.

What different 'types' of AV will be in a typical network/envrionment.

As I assume whats on a clients dektop wouldnt be the same as an email gateway, are there any other devices where there may be exections, or the requirement of a different tool.

Are there any parts of the IT environment that tend to be overlooked when it comes to AV?

Commented:
Types of AV can vary from company to company.  Symantec and McAfee are common options, each with multiple products available.  There are also many other AV solutions out there.

What's installed on each machine can also vary depending on who installed/configured, and why.  From a management perspective, it's far easier to provide support for a single package.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial