Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

AV Audit

What should/could be included in a corporate anti-virus audit? If you have audited your AV compliance/configuration/policy, what steps did you review, what can/does go wrong with AV configurations. How common are these issues? I keep reading how vulnerable AV software itself is these days.
ASKER CERTIFIED SOLUTION
Avatar of Dan Muzrall
Dan Muzrall
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

Thanks moonie42, would you be willing to go into a litle more detail on each of your 5 points to cover the risk if these procedures/tasks arent being done? In laymans / management speak if poss
Installed version - you'll want to make sure that your clients are running the most recent version of the AV software and scan engines.

Definitions date - you'll want to make sure that your clients have the latest definitions.  You should be checking to ensure that no client has definitions that are more than a couple of days out of date.

Verification of real time scanning services - You'll want to ensure that services associated with your AV solution are in fact running.  AV can't detect threats if it's not running.

Last system scan date - you'll want to check that clients are routinely running a fully system scan, this is also a good indication that the software is working properly.

Detection log - you'll want to review threat detection logs as users may not see or may ignore warnings and not do anything to get assistance or attempt to clean themselves.
Avatar of Pau Lo

ASKER

Thanks.

What different 'types' of AV will be in a typical network/envrionment.

As I assume whats on a clients dektop wouldnt be the same as an email gateway, are there any other devices where there may be exections, or the requirement of a different tool.

Are there any parts of the IT environment that tend to be overlooked when it comes to AV?
Types of AV can vary from company to company.  Symantec and McAfee are common options, each with multiple products available.  There are also many other AV solutions out there.

What's installed on each machine can also vary depending on who installed/configured, and why.  From a management perspective, it's far easier to provide support for a single package.