LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

May 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS May 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	How do you handle AV/Windows updates?
From:	ResNet-Info <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Fri, 12 May 2006 14:18:18 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (45 lines)

We're going to start recommending, then requiring AV software on Clean
Access and are a bit stuck at what to do with the AV definition update
part of the check.  Currently we check for Windows Updates and that
Automatic Updates is configured.

We have a site license for McAfee VirusScan Enterprise, and with that we
provide an AutoUpdate location on campus so it doesn't suck up off-campus
network traffic.  We update this site and post the SuperDATs to a forum
our users look for on Monday's, even though McAfee now releases SuperDATs
Mon-Fri.  Of course if outbreaks happen we update the site as needed.  We
do this partly because some of the updates aren't always the best, and
also because we don't want to make users more wary of viruses than they
already are - the posting defs once a week thing is pretty historical
here, and changing something like that to every day would really annoy
people, even if their computers AutoUpdate behind the scenes most of the
time.  Also we're not sure if users have their VirusScan set to AutoUpdate
daily, weekly, or what.  We don't manange it with ePo.

With Windows Updates, students were getting prompted to install updates
before Automatic Updates installed them, which is still happening due to
Microsoft's gradual rollout of updates and Cisco requiring them as soon as
they're released.   We're afraid that this might happen to students with
VirusScan (or Symantec) AV defs, but this time we won't be able to tell
them to just update as we only push out updates once a week.

I don't have control over the servers, but I've heard its possible to copy
the Cisco rules and then update the copy (or recreate) the rules as Cisco
updates them for new Windows Updates, etc. 

Do you do this rule copy and update as needed and if so, what rules do you
do it with?  What's your experience been with it?  If you do AV checks
based on the automatic Cisco rules, have you heard any complaints or
anything about it always requiring updates?

It seems like there should be some kind of 'delay rule updates from Cisco
for x days/hours' option somewhere, is there?  I don't get to see that
part of the servers, so I just rely on what our Systems and Networks group
says.

Thanks!

Doug Chudzik
ResNet Manager
Wellesley College

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU