In this section, I will treat about configurations that should be adopted. First, don't be afraid to play a bit with the software, learn its many options and on the different ways that they could help you do your job. Also, don't be cheap on security: today's oldest machines used in most Windows networks are Pentium 133 MHz at worst. This is still more than enough power to handle the strictest security settings, so there's no reason not doing it. If you have something like a P3 processor running at 750Mhz and you're afraid to slow down your machine too much, you should be ashamed.
In the setup I have described earlier, here are the options I implemented through the various configuration files:
All scanning tasks present in the AntiVirus Console are set like this:
Scan files on: Run, Create, Copy, Rename
Scan floppies on: Access, Shutdown //scanning floppy on shutdown helps preventing to accidently boot with a boot-sector infected diskette
Scan: All files, Compressed files
Action: Clean automatically //viruses are so common these days, there's no need to collect them all if you still want to take a look at it, then configure one machine that can accept it, and ask the originator if he could send it back to you . Make sure not to activate it and infect your own network.
Network alert: \\servername\alert\
Log: \\servername\logs\
Log options: Virus detection, Virus cleaning, Infected file deletion, Infected file move, Date and Time, username
Autoupdate was configured like this:
Copy files from UNC server, at \\servername\update //Antivirus companies websites are flooded when new outbreaks happen. It is more effective to download one copy that you make available internally than have all your computer site trying to connect to an already overloaded site
Log update activity: Local
Backup existing DAT files //Why not?
Autoupgrade was configured like this (with ISeamLess script enhancements)
Copy files from UNC server, at \\servername\upgrade //Same as above
Log upgrading activity: local
Have a live process scanner load at startup (like VShield for example), and have it also configured with strict settings. It is a good idea to schedule one scan job per week, and the same frequency should be made for file downloads. Plan these activities on separate days (i.e.: upgrade if necessary on Mondays, update if necessary on Tuesdays, and Local drives scan on Wednesdays. If the business hours of your site are in the type 9-5, try to make it happen when you expect the most downtime, during lunchtime (around 12:30 is the quietest). One could put the update task on the same day as the upgrade, 15 minutes later, and save a day in the process. I would advise against it: you never know what the result of an install will be, even more so if this is multi-remote installs.
But then again, software evolves and current versions are more stable while upgrading themselves, and require fewer (if none at all) reboot processes than older versions. Still, this is the kind of things you want to find out before implementing rather than after realizing too late the potential problems you have with a particular bug.
7. My Web
9. Real-life crisis case study
Table of contents