Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Antivirus - Compliance Control

Hybrid View

  1. #1

    Antivirus - Compliance Control

    I've just been given a task to figure out the best way to verify that all our virus repositories are current.

    Currently my company (we're in a 3 company merge) uses McAfee which I already have a procedure in place where a script checks the version of the dat files in each repository.

    Another company (the largest) does it manually, as they have the man power to task some fool with checking the web and having him enter the info into a spreadsheet and create a ticket if there is a problem.

    The 3rd company use Symantec and has no procedure for doing this and nobody tasked with making sure they are up2date.
    Well now that I'm being involved, I found out yesterday that their repositories have not been updating since 8/15 and I'm the first to find out. I have fixed the problem, but I'm trying to figure out the best way for doing the check manually until I script it.

    So if you go to http://securityresponse.symantec.com.../download.html you see what the numbers are for the latest version. When I look in the folder that LiveUpdate Administration Utility stores the files in, I don't see anything that has a number like on the website.

    If any of you currently work with Symantec, can you point me in the right direction? Late last night was my first exposure to SAV.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I suggest you make a logical review of your processes.

    All corporate AVs offer automatic update........... what the hell are you doing checking repositories for?

    I would suggest something like:

    Labrat...>repository.....>client

    Let the AV automatically update the labrat(S) then test it then distribute to the repositories?

    After that, all you need is a random audit to ensure that the system is functioning correctly?

  3. #3
    Quote Originally Posted by nihil
    I suggest you make a logical review of your processes.

    All corporate AVs offer automatic update........... what the hell are you doing checking repositories for?

    I would suggest something like:

    Labrat...>repository.....>client

    Let the AV automatically update the labrat(S) then test it then distribute to the repositories?

    After that, all you need is a random audit to ensure that the system is functioning correctly?
    All 3 companies (different AV products) have 1 main repository, then other repositories that update from the main one. We're being required to verify that the automatic process is working properly. Mainly looking for what I found yesterday, that one of the companies is a month behind on updates while the other two are just fine.
    The controlling company want this to have a manual process of somebody reviewing the versions and submitting evidence that they checked. This way if somebody doesn't check, there is somebody to blame.

    We have Symantec System Center, but I have no way to script checking the updates using Symantec System Center. I'm guessing SSC uses some kind of database, but I'm not sure what kind of backend its using or where it is located.

  4. #4
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    What versions of the products are you using? Assuming you are using a remotely current version, why not leverage the functionality built in. McAfee has ePO and Symantec has System Center. In either event, the clients should automatically be reporting that information to the server and it should be as simple as calling up the current reports.

  5. #5
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I detailed the issue in another post and am reluctant to belabor it
    anymore, except to say we are very much unstaffed onsite (two
    people onsite handling support for almost 400 PC's and over 100
    remote users). When the SAV server got upgraded remotely (sans
    testing!), many clients weren't reporting. On top of that, there
    were software conflicts that caused numerous problems and workarounds.
    We're actually running three different versions of SAV right now,
    managed (onsite) and unmanaged (offsite and workarounds). The
    different offsite teams, haven't spent the time to learn the environment
    and expect everything to work remotely. And when it doesn't, it
    ends up in our laps onsite. It's a tough scene and one very much
    in transition.

    Yes, Symantec's control center works great if all the computers, onsite
    and off, are managed (they're not!) and the environment is stable (it's
    not!).
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Install the Symantec System Center on your computer, discover all your servers and manage them from there. This will tell you what versions are installed, the last scan, and the definition dates.
    You will have to download the System Center from the support site (I assume you have a support agreement).

    Cheers:
    DjM

  7. #7
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I'm sure Nagios could be set up to set an alarm out if a node does not have the lated dat file.

    McAfee ePo orchestrator can produce a report about the state of all the nodes it is installed on.

    Cant help with the symantic stuff as I would not let a symantic disk in the bulding, much less let it near one of my computers...

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Nokia,

    You are a liar!

    Can't help with the symantec stuff as I would not let a symantec disk in the building, much less let it near one of my computers...
    That is how you stop coffee rings on top of your kit..............?


  9. #9
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Go with AVG Network edition - works best with my companies.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    We use Symantec. Our users were the proverbial canaries in the coal
    mine. They always let us know when our SAV server isn't pushing out
    updates, until we got upgraded to 10.1.6 (what a nightmare). We here
    from users constantly about the current state of AV defs, but then a
    lot of them are engineers and very technically oriented. A couple even
    did support in their past lives. And that can be a bad thing. Some users
    have full admin rights, and one hardened his laptop so there's no remote
    admin'ing the thing. Ugh, makes it tough for control freaks like me...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 09:33 AM
  3. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  4. Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 25th, 2004, 03:06 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •