Virus softwares

We have Kaspersky installed and we have a security audit. Our IT is outsourced by a company and they have installed kaspersky and have access to console

The security auditor had a test virus link, the virus downloaded the software and then the software quarantined it. When i spoke to the MSP they said its normal to download first then scan/quarantine

is that correct?
Sundeep VAsked:
Who is Participating?
 
carlmdConnect With a Mentor Commented:
Yes that is normal. Typically pc installed virus software cannot test a file on the fly, and must wait until it has been downloaded to do so.
0
 
Alexandre MichelManager; IT ConsultantCommented:
If you want an additional level of protection, you can get a UTM. It is a device that sits between your router and your network. It uses rules and insect inspects internet traffic. It can stop viruses on the fly or even stops users from accessing websites that are known to be bad...

We use a brand called Cyberoam, but there are many different brands available out there
0
 
btanExec ConsultantCommented:
AV do not inspect for malicious link unlike the content filter gateway whcih may have reputation checks against the URL before actual website or webpage access. For AV in general, it will download the file and scan it and of course during the download the file or page will already be inspected by web app FW, NG-FW, NIPS or web filter - these depends whether you have it on your subscribed architecture infrastructure protection, an Enterprise setup will have those to protect end user and intranet systems.

However, the above is for traditional AV but there are more AV with internet security suite and in Kaspersky case, it has Kaspersky Internet Security suite. It has the URL scanning module, which is called Kaspersky URL Advisor, is managed by its Web Anti-Virus component. The URL is inspected before download e.g. this module checks if links located on the web page belong to the list of suspicious and phishing web addresses. - Here is one past for their 2012 version, I believe their latest version will similarly have it - http://support.kaspersky.com/6323
Using data from the reputation services, Kaspersky Internet Security 2012 marks links in the web browser, thereby informing you about the possible dangers of this or that website even before you follow the link in question.
http://support.kaspersky.com/6322
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
jhyieslaCommented:
You may know this or do it already, but best practices for security is a layered approach. AV software is great, but you should also have a firewall in place and potentially email/Spam filtering, web filtering and even perhaps  Intrusion detection/prevention. The size and risk profile of your company will determine the best course of action.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Multi-layered security both at the perimeter and at the endpoint is your best bet.  Some companies are even claiming 100% success rate with preventing ransomware.  And then there is Sentinel-One with their anti-ransomware guarantee.

See my article on multilayered security:

https://www.experts-exchange.com/articles/18444/Multilayered-Computer-Security.html
0
 
btanExec ConsultantCommented:
Do not over reliant on one measures show to audit the control adequately can address kbown threat like AV and FW in host. They do no cover whole threats hence the layer of defence shared. It is not a deficiency but do suggest going for a breadth of control on top of AV only.

Consider anti malware and anti ransomware software but note it should not be the case of having multiple AV as they can self conflict causing the machine unexpected crashes or similar events.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I have been successful with multiple av as long as only one does on-access scanning.
0
 
btanExec ConsultantCommented:
Thanks Thomas for sharing, no problem installation and doing on demand scan but on access scan did faced challenges and conflict. To reap AV full capability typically it will be good to keep them enabled. Some used AV's CLI version but it is still manual user trigger scan http://multi-av.thespykiller.co.uk/help.htm
To have the best in "all" AV, maybe it is to adopt a balance approach for e.g. using a single primary AV as your main background protection and running another AV occasionally – say, once a week – for a second opinion. There are also online multi-AV scanner  if you really need to scan a suspicious file in multiple AV for higher assurance, I will consider using the VirusTotal website
0
 
Sundeep VAuthor Commented:
Thanks, that helped, dont thnk we plan to do any upgrades yet except roll out mcafee in future.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Note that a recent test of 12 suites by SE Labs in UK found only 2 companies that received their highest rating of AAA in all three categories of consumer/ SMB/Enterprise endpoint suites.  They were Kaspersky and Symantec came in a close second (only Kaspersky stopped 100% of the malware thrown at it.  This included ransomware. ).

They did not test Malwarebytes Antimalware.  McAfee was rated as the worst of the 12 tested suites (it received a C rating).
0
 
btanExec ConsultantCommented:
For info to add on to thomas post for the SELab reports (need registration). Kaspersky Lab handled these samples best, scoring 100% in the 'total accuracy' result. Microsoft System Center Endpoint Protection fared worst, scoring just 77%.

Large businesses/ enterprises
https://selabs.uk/download/enterprise/april-june-2016-enterprise.pdf

Small to medium businesses
https://selabs.uk/download/small_business/april-june-2016-smb.pdf

Home users/ consumers
https://selabs.uk/download/consumers/april-june-2016-consumer.pdf
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.