The importance of creating a security strategy

Protecting your client systems from viruses, worms, and Trojan files using VirusScan Enterprise requires performing the steps described in this section.

Prevention — avoiding threats

Define your security needs to ensure that all of your data sources are protected, then develop an effective strategy to stop intrusions before they gain access to your environment. Configure these features to prevent intrusions:
  • User Interface Security — Set display and password protection to control access to the VirusScan Enterprise user interface.
  • Access Protection — Use access protection rules to protect your computer from undesirable behavior with respect to files, registry, and ports.
  • Buffer Overflow Protection — Prevent exploited buffer overflows from executing arbitrary code on your computer.
  • Unwanted Program Protection — Eliminate potentially unwanted programs such as spyware and adware from your computer.

Detection — finding threats

Develop an effective strategy to detect intrusions when they occur. Configure these features to detect threats:
  • Update Task — Get automatic updates of detection definitions and scanning engine from the McAfee download website.
  • On-Access Scanning — Detect potential threats from any possible source as files are read from or written to disk. You can also scan for potentially unwanted cookies in the cookies folder.
  • On-Demand Scan Tasks — Detect potential threats using immediate and scheduled scan tasks. You can also scan for potentially unwanted cookies and spyware-related registry entries that were not previously cleaned.
  • On-Delivery and On-Demand Email Scanning — Detect potential threats on Microsoft Outlook email clients using on-delivery scanning of messages, attachments, and public folders. Detect potential threats on Lotus Notes email clients when messages are accessed.
  • Quarantine Manager Policy — Specify the quarantine location and the length of time to keep quarantined items. Restore quarantined items as necessary.

Response — handling threats

Use product log files, automatic actions, and other notification features to decide the best way to handle detections.
  • Log files — Monitor product log files to view a history of detected items.

  • Queries and Dashboards — Use ePolicy Orchestrator queries and dashboards to monitor scanning activity and detections.
  • Actions — Configure features to take action on detections.

Tuning — monitoring, analyzing, and fine-tuning your protection

Once VirusScan Enterprise is running correctly it is always a good practice to monitor and analyze your configuration. This can improve your system and network performance, plus enhance your level of virus protection, if needed. For example, the following VirusScan Enterprise tools and features can be modified as part of your monitoring, analyzing, and fine-tuning processes:
  • Log files, from the VirusScan Console can be used to view a history of detected items. Analyzing this information could tell you if you need to enhance your protection or change the configuration to improve system performance.
  • Queries and Dashboards, from ePolicy Orchestrator, can be used to monitor scanning activity and detections. Analyzing this information could tell you if you need to enhance your protection or change the configuration to improve system performance.
  • Scheduled tasks, such as AutoUpdate and scan times can be modified to improve performance by running them during off-peak network use times.
  • DAT repositories can be used to reduce network traffic over the enterprise internet or Intranet by moving these source files closer to the clients needing the updates.
  • Modifying the scanning policies can increase performance or virus protection depending on your analysis of the log files or queries. For example, configuring exclusions, when to use high and low risk profile scanning, and when to disable scan on write can all improve performance.
    CAUTION:
    Failure to enable When reading from disk scanning leaves your system unprotected from numerous malware attacks.