The importance of creating a security strategy

Protecting your client systems from viruses, worms, and Trojan files using VirusScan Enterprise requires a well-planned strategy: defining threat prevention and detection, response to threats, and ongoing analysis and tuning.

Prevention — avoiding threats

Define your security needs to ensure that all of your data sources are protected, then develop an effective strategy to stop intrusions before they gain access to your environment. Configure these features to prevent intrusions:
  • User Interface Security — Set display and password protection to control access to the VirusScan Enterprise user interface.
  • Access Protection — Use access protection rules to protect your computer from undesirable behavior with respect to files, registry, and ports.
  • Buffer Overflow Protection — Prevent abnormal programs or threats from overrunning the buffer’s boundary and overwriting adjacent memory while writing data to a buffer. These exploited buffer overflows can execute arbitrary code on your computer.
  • Unwanted Program Protection— Eliminate potentially unwanted programs such as spyware and adware from your computer.

Detection — finding threats

Develop an effective strategy to detect intrusions when they occur. Configure these features to detect threats:
  • Update Task — Get automatic updates of DAT and scanning engine from the McAfee download website.
  • On-Access Scanner— Detect potential threats from any possible source as files are read from or written to disk. You can also scan for potentially unwanted cookies in the cookies folder.
  • On-Demand Scan Tasks — Detect potential threats using immediate and scheduled scan tasks. You can also scan for potentially unwanted cookies and spyware-related registry entries that were not previously cleaned.
  • On-Delivery and On-Demand Email Scanner — Detect potential threats on Microsoft Outlook email clients using on-delivery scanning of messages, attachments, and public folders. Detect potential threats on Lotus Notes email clients when messages are accessed.
  • Quarantine Manager Policy — Specify the quarantine location and the length of time to keep quarantined items. Restore quarantined items as necessary.

Response — handling threats

Use product log files, automatic actions, and other notification features to decide the best way to handle detections.
  • Actions — Configure features to take action on detections.
  • Log files — Monitor product log files to view a history of detected items.

  • Queries and dashboards — Use ePolicy Orchestrator queries and dashboards to monitor scanning activity and detections.

Tuning — monitoring, analyzing, and fine-tuning your protection

After initially configuring VirusScan Enterprise, it is always a good practice to monitor
and analyze your configuration. This can improve your system and network performance, plus enhance your level of virus protection, if needed. For example, the following VirusScan Enterprise tools and features can be modified as part of your monitoring, analyzing, and fine-tuning processes:
  • Log files (VirusScan Console) — View a history of detected items. Analyzing this information could tell you if you need to enhance your protection or change the configuration to improve system performance.
  • Queries and dashboards (ePolicy Orchestrator console) — Monitor scanning activity and detections. Analyzing this information could tell you if you need to enhance your protection or change the configuration to improve system performance.
  • Scheduled tasks — Modify tasks (like AutoUpdate) and scan times to improve performance by running them during off-peak times.
  • DAT repositories — Reduce network traffic over the enterprise Internet or intranet by moving these source files closer to the clients needing the updates.
  • Modifying the scanning policies — Increase performance or virus protection depending on your analysis of the log files or queries. For example, configuring exclusions, when to use high and low risk profile scanning, and when to disable scan on write can all improve performance.
    Failure to enable When reading from disk scanning leaves your system unprotected from numerous malware attacks.

The importance of creating a security strategy