This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reviewing my anti-virus setup

Used sophos for about 5 years now upgrading consoles etc, still on version 3 intending to upgrade during summer hols to version 4.

Recently had some spare time (at last!) to review my setup. Junior school with one server and approx 70 workstations/laptops

I have on access scanning read and write on everything including server with automatically cleanup virus, suspicious files do nothing. HIPS alert only.

Application control - on access scanning do not block.

I have weekly scans set up for pupil workstations, but not staff laptops as lunchtime isn't long enough for a scan and I'm concerned the laptops, which are quite old, would be unusable if a scan was running during a lesson.

I have on access scanning both read and write set up on the server, the only time the server accesses the internet is for windows updates. I don't run a scan on the server not sure wether I would have to exclude anything.

Am I sufficiently covered? Any suggestions welcome.

This thread was automatically locked due to age.

0 A_K over 14 years ago

Hello Chrbb,
Firstly get HIPs turned on properly and remove the alert only tick, this is a massive step in reducing unknown malware from being able to infect your machines. This could cause HIP triggers on legitimate software that you have only previously been altered too now not running. You will need to authorize these processes however this will be reduced massively by upgrading to 9.5 when it comes out soon.
Secondly alter the on-access scanner to read only, there are a few circumstances when setting this to write is a good idea but this is normally when you know you have a machine with an issue and you want to stop a spread over the network. However as you now have HIPs on you are a lot safer anyhow. You will also notice with write off that your clients will perform a bit better.
:3362
Cancel
Vote Up 0 Vote Down

Cancel