Solved

Virus softwares

Posted on 2016-07-29
11
64 Views
Last Modified: 2016-08-10
We have Kaspersky installed and we have a security audit. Our IT is outsourced by a company and they have installed kaspersky and have access to console

The security auditor had a test virus link, the virus downloaded the software and then the software quarantined it. When i spoke to the MSP they said its normal to download first then scan/quarantine

is that correct?
0
Comment
Question by:Sundeep V
11 Comments
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 41734723
Yes that is normal. Typically pc installed virus software cannot test a file on the fly, and must wait until it has been downloaded to do so.
0
 
LVL 4

Expert Comment

by:Alexandre Michel
ID: 41734749
If you want an additional level of protection, you can get a UTM. It is a device that sits between your router and your network. It uses rules and insect inspects internet traffic. It can stop viruses on the fly or even stops users from accessing websites that are known to be bad...

We use a brand called Cyberoam, but there are many different brands available out there
0
 
LVL 61

Expert Comment

by:btan
ID: 41734837
AV do not inspect for malicious link unlike the content filter gateway whcih may have reputation checks against the URL before actual website or webpage access. For AV in general, it will download the file and scan it and of course during the download the file or page will already be inspected by web app FW, NG-FW, NIPS or web filter - these depends whether you have it on your subscribed architecture infrastructure protection, an Enterprise setup will have those to protect end user and intranet systems.

However, the above is for traditional AV but there are more AV with internet security suite and in Kaspersky case, it has Kaspersky Internet Security suite. It has the URL scanning module, which is called Kaspersky URL Advisor, is managed by its Web Anti-Virus component. The URL is inspected before download e.g. this module checks if links located on the web page belong to the list of suspicious and phishing web addresses. - Here is one past for their 2012 version, I believe their latest version will similarly have it - http://support.kaspersky.com/6323
Using data from the reputation services, Kaspersky Internet Security 2012 marks links in the web browser, thereby informing you about the possible dangers of this or that website even before you follow the link in question.
http://support.kaspersky.com/6322
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 41735007
You may know this or do it already, but best practices for security is a layered approach. AV software is great, but you should also have a firewall in place and potentially email/Spam filtering, web filtering and even perhaps  Intrusion detection/prevention. The size and risk profile of your company will determine the best course of action.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41735120
Multi-layered security both at the perimeter and at the endpoint is your best bet.  Some companies are even claiming 100% success rate with preventing ransomware.  And then there is Sentinel-One with their anti-ransomware guarantee.

See my article on multilayered security:

https://www.experts-exchange.com/articles/18444/Multilayered-Computer-Security.html
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 61

Expert Comment

by:btan
ID: 41735428
Do not over reliant on one measures show to audit the control adequately can address kbown threat like AV and FW in host. They do no cover whole threats hence the layer of defence shared. It is not a deficiency but do suggest going for a breadth of control on top of AV only.

Consider anti malware and anti ransomware software but note it should not be the case of having multiple AV as they can self conflict causing the machine unexpected crashes or similar events.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41735721
I have been successful with multiple av as long as only one does on-access scanning.
0
 
LVL 61

Expert Comment

by:btan
ID: 41735743
Thanks Thomas for sharing, no problem installation and doing on demand scan but on access scan did faced challenges and conflict. To reap AV full capability typically it will be good to keep them enabled. Some used AV's CLI version but it is still manual user trigger scan http://multi-av.thespykiller.co.uk/help.htm
To have the best in "all" AV, maybe it is to adopt a balance approach for e.g. using a single primary AV as your main background protection and running another AV occasionally – say, once a week – for a second opinion. There are also online multi-AV scanner  if you really need to scan a suspicious file in multiple AV for higher assurance, I will consider using the VirusTotal website
0
 

Author Closing Comment

by:Sundeep V
ID: 41747128
Thanks, that helped, dont thnk we plan to do any upgrades yet except roll out mcafee in future.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41750183
Note that a recent test of 12 suites by SE Labs in UK found only 2 companies that received their highest rating of AAA in all three categories of consumer/ SMB/Enterprise endpoint suites.  They were Kaspersky and Symantec came in a close second (only Kaspersky stopped 100% of the malware thrown at it.  This included ransomware. ).

They did not test Malwarebytes Antimalware.  McAfee was rated as the worst of the 12 tested suites (it received a C rating).
0
 
LVL 61

Expert Comment

by:btan
ID: 41750527
For info to add on to thomas post for the SELab reports (need registration). Kaspersky Lab handled these samples best, scoring 100% in the 'total accuracy' result. Microsoft System Center Endpoint Protection fared worst, scoring just 77%.

Large businesses/ enterprises
https://selabs.uk/download/enterprise/april-june-2016-enterprise.pdf

Small to medium businesses
https://selabs.uk/download/small_business/april-june-2016-smb.pdf

Home users/ consumers
https://selabs.uk/download/consumers/april-june-2016-consumer.pdf
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

As more computers now shipped with 64-bit version of Windows, more users are now using this Operating System.  So it's important to be aware how some 32-bit diagnostic tool works on these systems, so we know what to expect when analyzing the logs an…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now