Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 4120 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Preventing Sophos potential false positive

Sophos_User

I wanted to get some ideas on how we can prevent a potential issue like that recently discovered with MacAfee’’’’s false positive.

I will list below what I am doing and would like to get feedback on what others are doing. 

1)  I have multiple groups within the Sophos console containing pilot and production machines. 

2)  I have multiple polices that I keep in sync except for AV version. 

3)  I keep the pilot machines on the "recommended" setting in the policy. 

4)  The production machines stay 1 version behind which at this time is 9.0.5 VDL4.52 for at least 1 week.  

5)   If nothing happens to my pilot machines, nothing is reported in the news  and there is nothing in posted in this user community I rollout the latest version to production.

Can anybody post their processes or comment on my processes?

thanks

:2590


This thread was automatically locked due to age.
Parents
  • 0

    Welcome barnet,

    In certain cases I can think of,  the damage done by a false positive may well be significantly greater than that of a virus

    Yup, but that's not the point. In certain cases the damage done by taking a drug may well be greater than that of a disease. But damage is only one factor to consider. The simplistic model is:  Risk = Damage * Likelihood. Otherwise only a few of us would ever board a plane or even think of crossing the street.

    Of course you could apply a different AV- and AU-policy to select computers where the likelihood of infection is significantly lower than in other parts of your network iff your network and (most) clients are protected.  

    Christian

    :2640
Reply
  • 0

    Welcome barnet,

    In certain cases I can think of,  the damage done by a false positive may well be significantly greater than that of a virus

    Yup, but that's not the point. In certain cases the damage done by taking a drug may well be greater than that of a disease. But damage is only one factor to consider. The simplistic model is:  Risk = Damage * Likelihood. Otherwise only a few of us would ever board a plane or even think of crossing the street.

    Of course you could apply a different AV- and AU-policy to select computers where the likelihood of infection is significantly lower than in other parts of your network iff your network and (most) clients are protected.  

    Christian

    :2640
Children
No Data
Unfiltered HTML