Hey all
When using a microsoft domain environment and i want to secure and scan all the systems for spyware and other malware. What are the steps to follow. Its a small network. Do i login locally or??
Appreciated
Printable View
Hey all
When using a microsoft domain environment and i want to secure and scan all the systems for spyware and other malware. What are the steps to follow. Its a small network. Do i login locally or??
Appreciated
What software are you using? What AV and What Antispyware? and what versions?
Do you have Domain admin priviliges? (I am assuming you do)
I am afraid that you don't say what the circumstances are? Is this a one-off exercise because you think you have been compromised, or a regular event you want to set up.
If it is a serious compromise situation then the classic wisdom would be to rebuild the lot. It all depends on the particular circumstances. I would at the very least be inclined to clean each machine individually in safe mode. That may well be adequate if it is just annoying adware and such.
Hard to say without more details.:)
coderecycle,
You did kind of leave out some important information (like Cabby80 posted). It would help alot if you told us what software you have or plan on using. If you have some kind of administrative anti-spyware software, it would propably involve installing it on the server and all the connecting clients then just do all your scanning from a centralized server.
If it's a stand-alone anti-spyware, your options vary:
- You can install it on each client machine and scan
- You can install the anti-spyware program on a flash drive (provided you have a big enough flash drive) and scan each client (this still involves going to each machine)
- You can install the anti-spyware on each client and use a program like PsExec to open up remote command shells and run the program remotely. However, not all anti-spyware software supports command line execution so you'll have to do some research.
I would recomend getting the enterprise edition of webroot spysweeper. I'v had companys that have been getting totally hosed by spyware and once i implimented this I have had no problems at all. You can push it out from any system on the domain to all the clients on the domain so you don't actually have to put it on a domain controller. Also in the past i have made a PE boot disk that runs its own version of windows off a cd that i have then had anti-spyware/virus software on and ran from the cd, this has also been very effective.
Dear All,
Sorry for not replying earlier had some issues to deal with. What i need is to have a centralized management host, that will be able to manage, monitor, update, scan etc any of the hosts on the network.
Suggestions on software for antispyware, antivirus, antiadware, patch management (windows envior), deployment and securing that machine or anything that you find related would be appreciated.
Thanks
For central management of AV I have used both Symatec and Panda with success (make sure you use the latest versions) :)
We have not done any central management of AS yet. Most of our spy-ware is caught either through our email relays (using Brightmail and Tumbleweed), Websense for browsing, and Tipping Point for the rest.
It depends on how big of an environment we're talking about and how much you can afford.
Before you read this take a look @ this article to see the effectiveness of IE7's reset function.
I will tell you what I did notice and I hope it gleans some empirical evidence.
Real-world scenario: The 5000+ workstation environment I work at
The biggest thing that helped us were web and email filtering appliances. Sure, cleaning is great but that is a passive response.
Before we locked down unmonitored communications we were spinning our wheels and constantly cleaning PCs at the HelpDesk. I MEAN I WAS. Then I moved to the Desktop team and suddenly the Help Desk didn't do that any more- because I was that guy. After I left the Help Desk everyone on the Desktop team bitched about spyware- as if they hadn't seen it before (hmmm...). After I moved, I literally saw it become an enterprise issue and others on the Desktop team noticed the coincidence as well.
We had McAfee ePO for AV mgmt, yet I still spent a good 3 hrs/day cleaning up pc's... with cleaning software. Once we upped our email and Internet filtering it cut off the heads of what was getting us.
I remember, after turning on the switch on mail filtering, we were catching100,000+ quarantined emails a day.
Later we bought spyware cleaning pieces but it had minimal results after content filtering.
Now, the only stuff we see is when our firewall admin notices spikes to specific IPs that are eating up bandwidth.
If it is a small environment I'd definitely research and test with local pc permissions. See what they need to operate the pc. And have a standard image that is patched.
Thank you for the input. The organization is investing in a UTM Appliance. Which reduces the threats. What I wanted to find out is what solutions, tools, software are out there that will help an administrator with managing the security of the network centrally. The network is small about 100 hosts. All windows (AD).
Things that will save the administrators time to do other things.
Regards
what is Brightmail Tracker?Quote:
Originally Posted by mmelby
Hi Thager, your question on Brightmail has already been answered by dalek in your thread about it.
There are several approaches to spam filtering:
1. Filter for illegal words in the header and/or content. Things like "penis", "viagra", "loan" and so on.
2. Use a Bayesian filter. This rates individual words and uses some sort of algorithm to calculate a value, then accept or reject an item. At its crudest this would be to just divide by the total number of words to give you a "raw score" You might have seen really weird spam mails with apparently random sentences.............that is to cheat the Bayesian scoring system ;)
3. Use a Blacklist/Whitelist system. This blocks IP addresses that are associated with spam. Brightmail works like this.
4. Block ISPs and regions. Like if you never do business with Nigeria, you don't want e-mail from them do you? :eek:
Hope that helps