Virus softwares

Posted on 2016-07-29
Last Modified: 2016-08-10
We have Kaspersky installed and we have a security audit. Our IT is outsourced by a company and they have installed kaspersky and have access to console

The security auditor had a test virus link, the virus downloaded the software and then the software quarantined it. When i spoke to the MSP they said its normal to download first then scan/quarantine

is that correct?
Question by:Sundeep V
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 20

Accepted Solution

carlmd earned 500 total points
ID: 41734723
Yes that is normal. Typically pc installed virus software cannot test a file on the fly, and must wait until it has been downloaded to do so.

Expert Comment

by:Alexandre Michel
ID: 41734749
If you want an additional level of protection, you can get a UTM. It is a device that sits between your router and your network. It uses rules and insect inspects internet traffic. It can stop viruses on the fly or even stops users from accessing websites that are known to be bad...

We use a brand called Cyberoam, but there are many different brands available out there
LVL 63

Expert Comment

ID: 41734837
AV do not inspect for malicious link unlike the content filter gateway whcih may have reputation checks against the URL before actual website or webpage access. For AV in general, it will download the file and scan it and of course during the download the file or page will already be inspected by web app FW, NG-FW, NIPS or web filter - these depends whether you have it on your subscribed architecture infrastructure protection, an Enterprise setup will have those to protect end user and intranet systems.

However, the above is for traditional AV but there are more AV with internet security suite and in Kaspersky case, it has Kaspersky Internet Security suite. It has the URL scanning module, which is called Kaspersky URL Advisor, is managed by its Web Anti-Virus component. The URL is inspected before download e.g. this module checks if links located on the web page belong to the list of suspicious and phishing web addresses. - Here is one past for their 2012 version, I believe their latest version will similarly have it -
Using data from the reputation services, Kaspersky Internet Security 2012 marks links in the web browser, thereby informing you about the possible dangers of this or that website even before you follow the link in question.
Scamming the Scammers!

Have you ever heard of Scam Baiting?
It's a highly entertaining sport that you can participate in.
Introduction to beating scammers at their own game and how you can help
Share your thoughts, ideas and experiences on the topic.
Links to top Anti-Scam resources provided.

LVL 28

Expert Comment

ID: 41735007
You may know this or do it already, but best practices for security is a layered approach. AV software is great, but you should also have a firewall in place and potentially email/Spam filtering, web filtering and even perhaps  Intrusion detection/prevention. The size and risk profile of your company will determine the best course of action.
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41735120
Multi-layered security both at the perimeter and at the endpoint is your best bet.  Some companies are even claiming 100% success rate with preventing ransomware.  And then there is Sentinel-One with their anti-ransomware guarantee.

See my article on multilayered security:
LVL 63

Expert Comment

ID: 41735428
Do not over reliant on one measures show to audit the control adequately can address kbown threat like AV and FW in host. They do no cover whole threats hence the layer of defence shared. It is not a deficiency but do suggest going for a breadth of control on top of AV only.

Consider anti malware and anti ransomware software but note it should not be the case of having multiple AV as they can self conflict causing the machine unexpected crashes or similar events.
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41735721
I have been successful with multiple av as long as only one does on-access scanning.
LVL 63

Expert Comment

ID: 41735743
Thanks Thomas for sharing, no problem installation and doing on demand scan but on access scan did faced challenges and conflict. To reap AV full capability typically it will be good to keep them enabled. Some used AV's CLI version but it is still manual user trigger scan
To have the best in "all" AV, maybe it is to adopt a balance approach for e.g. using a single primary AV as your main background protection and running another AV occasionally – say, once a week – for a second opinion. There are also online multi-AV scanner  if you really need to scan a suspicious file in multiple AV for higher assurance, I will consider using the VirusTotal website

Author Closing Comment

by:Sundeep V
ID: 41747128
Thanks, that helped, dont thnk we plan to do any upgrades yet except roll out mcafee in future.
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41750183
Note that a recent test of 12 suites by SE Labs in UK found only 2 companies that received their highest rating of AAA in all three categories of consumer/ SMB/Enterprise endpoint suites.  They were Kaspersky and Symantec came in a close second (only Kaspersky stopped 100% of the malware thrown at it.  This included ransomware. ).

They did not test Malwarebytes Antimalware.  McAfee was rated as the worst of the 12 tested suites (it received a C rating).
LVL 63

Expert Comment

ID: 41750527
For info to add on to thomas post for the SELab reports (need registration). Kaspersky Lab handled these samples best, scoring 100% in the 'total accuracy' result. Microsoft System Center Endpoint Protection fared worst, scoring just 77%.

Large businesses/ enterprises

Small to medium businesses

Home users/ consumers

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
latest list of viruses / malware signatures for F-Secure 5 108
Restoring files from Windows Server Backup 7 98
Twitching screen 11 143
SMTP log file for IMSVA 5 74
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (, the Zone Advisor for the Virus and …
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question