Link to home
Start Free TrialLog in
Avatar of Sundeep V
Sundeep V

asked on

Virus softwares

We have Kaspersky installed and we have a security audit. Our IT is outsourced by a company and they have installed kaspersky and have access to console

The security auditor had a test virus link, the virus downloaded the software and then the software quarantined it. When i spoke to the MSP they said its normal to download first then scan/quarantine

is that correct?
ASKER CERTIFIED SOLUTION
Avatar of Carl Dula
Carl Dula
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If you want an additional level of protection, you can get a UTM. It is a device that sits between your router and your network. It uses rules and insect inspects internet traffic. It can stop viruses on the fly or even stops users from accessing websites that are known to be bad...

We use a brand called Cyberoam, but there are many different brands available out there
Avatar of btan
btan

AV do not inspect for malicious link unlike the content filter gateway whcih may have reputation checks against the URL before actual website or webpage access. For AV in general, it will download the file and scan it and of course during the download the file or page will already be inspected by web app FW, NG-FW, NIPS or web filter - these depends whether you have it on your subscribed architecture infrastructure protection, an Enterprise setup will have those to protect end user and intranet systems.

However, the above is for traditional AV but there are more AV with internet security suite and in Kaspersky case, it has Kaspersky Internet Security suite. It has the URL scanning module, which is called Kaspersky URL Advisor, is managed by its Web Anti-Virus component. The URL is inspected before download e.g. this module checks if links located on the web page belong to the list of suspicious and phishing web addresses. - Here is one past for their 2012 version, I believe their latest version will similarly have it - http://support.kaspersky.com/6323
Using data from the reputation services, Kaspersky Internet Security 2012 marks links in the web browser, thereby informing you about the possible dangers of this or that website even before you follow the link in question.
http://support.kaspersky.com/6322
You may know this or do it already, but best practices for security is a layered approach. AV software is great, but you should also have a firewall in place and potentially email/Spam filtering, web filtering and even perhaps  Intrusion detection/prevention. The size and risk profile of your company will determine the best course of action.
Multi-layered security both at the perimeter and at the endpoint is your best bet.  Some companies are even claiming 100% success rate with preventing ransomware.  And then there is Sentinel-One with their anti-ransomware guarantee.

See my article on multilayered security:

https://www.experts-exchange.com/articles/18444/Multilayered-Computer-Security.html
Do not over reliant on one measures show to audit the control adequately can address kbown threat like AV and FW in host. They do no cover whole threats hence the layer of defence shared. It is not a deficiency but do suggest going for a breadth of control on top of AV only.

Consider anti malware and anti ransomware software but note it should not be the case of having multiple AV as they can self conflict causing the machine unexpected crashes or similar events.
I have been successful with multiple av as long as only one does on-access scanning.
Thanks Thomas for sharing, no problem installation and doing on demand scan but on access scan did faced challenges and conflict. To reap AV full capability typically it will be good to keep them enabled. Some used AV's CLI version but it is still manual user trigger scan http://multi-av.thespykiller.co.uk/help.htm
To have the best in "all" AV, maybe it is to adopt a balance approach for e.g. using a single primary AV as your main background protection and running another AV occasionally – say, once a week – for a second opinion. There are also online multi-AV scanner  if you really need to scan a suspicious file in multiple AV for higher assurance, I will consider using the VirusTotal website
Avatar of Sundeep V

ASKER

Thanks, that helped, dont thnk we plan to do any upgrades yet except roll out mcafee in future.
Note that a recent test of 12 suites by SE Labs in UK found only 2 companies that received their highest rating of AAA in all three categories of consumer/ SMB/Enterprise endpoint suites.  They were Kaspersky and Symantec came in a close second (only Kaspersky stopped 100% of the malware thrown at it.  This included ransomware. ).

They did not test Malwarebytes Antimalware.  McAfee was rated as the worst of the 12 tested suites (it received a C rating).
For info to add on to thomas post for the SELab reports (need registration). Kaspersky Lab handled these samples best, scoring 100% in the 'total accuracy' result. Microsoft System Center Endpoint Protection fared worst, scoring just 77%.

Large businesses/ enterprises
https://selabs.uk/download/enterprise/april-june-2016-enterprise.pdf

Small to medium businesses
https://selabs.uk/download/small_business/april-june-2016-smb.pdf

Home users/ consumers
https://selabs.uk/download/consumers/april-june-2016-consumer.pdf