-
September 13th, 2007, 08:12 PM
#1
Antivirus - Compliance Control
I've just been given a task to figure out the best way to verify that all our virus repositories are current.
Currently my company (we're in a 3 company merge) uses McAfee which I already have a procedure in place where a script checks the version of the dat files in each repository.
Another company (the largest) does it manually, as they have the man power to task some fool with checking the web and having him enter the info into a spreadsheet and create a ticket if there is a problem.
The 3rd company use Symantec and has no procedure for doing this and nobody tasked with making sure they are up2date.
Well now that I'm being involved, I found out yesterday that their repositories have not been updating since 8/15 and I'm the first to find out. I have fixed the problem, but I'm trying to figure out the best way for doing the check manually until I script it.
So if you go to http://securityresponse.symantec.com.../download.html you see what the numbers are for the latest version. When I look in the folder that LiveUpdate Administration Utility stores the files in, I don't see anything that has a number like on the website.
If any of you currently work with Symantec, can you point me in the right direction? Late last night was my first exposure to SAV.
-
September 13th, 2007, 08:23 PM
#2
I suggest you make a logical review of your processes.
All corporate AVs offer automatic update........... what the hell are you doing checking repositories for?
I would suggest something like:
Labrat...>repository.....>client
Let the AV automatically update the labrat(S) then test it then distribute to the repositories?
After that, all you need is a random audit to ensure that the system is functioning correctly?
-
September 13th, 2007, 08:27 PM
#3
Install the Symantec System Center on your computer, discover all your servers and manage them from there. This will tell you what versions are installed, the last scan, and the definition dates.
You will have to download the System Center from the support site (I assume you have a support agreement).
Cheers:
-
September 13th, 2007, 08:49 PM
#4
Originally Posted by nihil
I suggest you make a logical review of your processes.
All corporate AVs offer automatic update........... what the hell are you doing checking repositories for?
I would suggest something like:
Labrat...>repository.....>client
Let the AV automatically update the labrat(S) then test it then distribute to the repositories?
After that, all you need is a random audit to ensure that the system is functioning correctly?
All 3 companies (different AV products) have 1 main repository, then other repositories that update from the main one. We're being required to verify that the automatic process is working properly. Mainly looking for what I found yesterday, that one of the companies is a month behind on updates while the other two are just fine.
The controlling company want this to have a manual process of somebody reviewing the versions and submitting evidence that they checked. This way if somebody doesn't check, there is somebody to blame.
We have Symantec System Center, but I have no way to script checking the updates using Symantec System Center. I'm guessing SSC uses some kind of database, but I'm not sure what kind of backend its using or where it is located.
-
September 13th, 2007, 10:36 PM
#5
I'm sure Nagios could be set up to set an alarm out if a node does not have the lated dat file.
McAfee ePo orchestrator can produce a report about the state of all the nodes it is installed on.
Cant help with the symantic stuff as I would not let a symantic disk in the bulding, much less let it near one of my computers...
-
September 13th, 2007, 11:11 PM
#6
Nokia,
You are a liar!
Can't help with the symantec stuff as I would not let a symantec disk in the building, much less let it near one of my computers...
That is how you stop coffee rings on top of your kit..............?
-
September 13th, 2007, 11:52 PM
#7
Go with AVG Network edition - works best with my companies.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
September 14th, 2007, 03:41 AM
#8
We use Symantec. Our users were the proverbial canaries in the coal
mine. They always let us know when our SAV server isn't pushing out
updates, until we got upgraded to 10.1.6 (what a nightmare). We here
from users constantly about the current state of AV defs, but then a
lot of them are engineers and very technically oriented. A couple even
did support in their past lives. And that can be a bad thing. Some users
have full admin rights, and one hardened his laptop so there's no remote
admin'ing the thing. Ugh, makes it tough for control freaks like me...
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
September 14th, 2007, 05:41 AM
#9
What versions of the products are you using? Assuming you are using a remotely current version, why not leverage the functionality built in. McAfee has ePO and Symantec has System Center. In either event, the clients should automatically be reporting that information to the server and it should be as simple as calling up the current reports.
-
September 14th, 2007, 07:36 AM
#10
I detailed the issue in another post and am reluctant to belabor it
anymore, except to say we are very much unstaffed onsite (two
people onsite handling support for almost 400 PC's and over 100
remote users). When the SAV server got upgraded remotely (sans
testing!), many clients weren't reporting. On top of that, there
were software conflicts that caused numerous problems and workarounds.
We're actually running three different versions of SAV right now,
managed (onsite) and unmanaged (offsite and workarounds). The
different offsite teams, haven't spent the time to learn the environment
and expect everything to work remotely. And when it doesn't, it
ends up in our laps onsite. It's a tough scene and one very much
in transition.
Yes, Symantec's control center works great if all the computers, onsite
and off, are managed (they're not!) and the environment is stable (it's
not!).
“Everybody is ignorant, only on different subjects.” — Will Rogers
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By GbinaryR in forum AntiVirus Discussions
Replies: 11
Last Post: October 30th, 2008, 09:33 AM
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: May 25th, 2004, 03:06 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|