Great to see people using the likes of AppSense, it's very powerful if done right. I'd like to see some layered defences in addition, which you may well have .. wouldn't rely on AppSense and weekly AV on its own. Web, email and direct file (eg. USB) threat vectors need appreciating individually, as does the concept of code running only in memory, rather than just files.
a -----Original Message----- From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: 09 October 2011 19:37 To: NT System Admin Issues Subject: Re: AV and malware protection? We are just going to continue using Trend, just with realtime monitoring disabled. It will just do a scan once a week. But we could use any AV for that (personally I would not have chosen Trend). The heavy work is going to be done by AppSense Application Manager. Its "greylisting" technique means we get the power of a whitelist without the inflexibility. We've studied the two running together for months now and Trend is doing absolutely nothing, the AM component picks everything off first. Sent from my POS BlackBerry wireless device, which may wipe itself at any moment -----Original Message----- From: Harry Singh <hbo...@gmail.com> Date: Sun, 9 Oct 2011 14:32:16 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> Reply-To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com>Subject: Re: AV and malware protection? What's the name of the "sleeping" AV component? This thread is of particular interest since I'm plannning to pilot a VDI deployment and a few engineers have mentioned the need to not have local AV protection any longer. I tend to err on the side of caution, but it's a persuading assertion; either from a cost and technical perspective. On Sunday, October 9, 2011, <kz2...@googlemail.com> wrote: > Reactive AV is being phased out of our XenApp systems next week. We are going > to maintain a "sleeping" AV component and do a deep scan once a week. > Realtime monitoring is being turned off and we will rely entirely on the > application management suite. We are not doing this blithely - currently app > management stops about thirty or forty pieces of malware executing per week, > and our AV catches precisely zero. In this environment, AV is just a waste of > resources. > > Sent from my POS BlackBerry wireless device, which may wipe itself at > any moment > > -----Original Message----- > From: Alex Eckelberry <alex.eckelbe...@gfi.com> > Date: Sun, 9 Oct 2011 17:55:58 > To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> > Reply-To: "NT System Admin Issues" > <ntsysadmin@lyris.sunbelt-software.com>Subject: RE: AV and malware protection? > > Hmmm.... Take a look at the Wildlist, which is the list of currently > verified viruses. There's still a lot of nasty stuff out there. > > http://www.wildlist.org/WildList/201108.txt > > We see plenty of viruses out there, and relying on a product like > Malwarebytes as your only line of defense is a serious mistake, IMHO. It's > an excellent product (remember we partner with them and are very close to > them, so this is not a slight in the least on their technology) but you > really, really need an AV product as a complement. > > Alex > > > -----Original Message----- > From: Ben Scott [mailto:mailvor...@gmail.com] > Sent: Sunday, October 09, 2011 1:27 PM > To: NT System Admin Issue > Subject: Re: AV and malware protection? > > On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry <alex.eckelbe...@gfi.com> > wrote: >> It's worth noting that MalwareBytes is not an antivirus product. >> It is, however, an excellent protecter/cleaner against modern Trojans >> and rogue antivirus products. > > And the difference between these two things is...? > > Viruses are largely obsolete anyway. Between ubiquitous network > connectivity and autorun, nobody needs to bother. Today's injection vectors > are exploitable vulnerabilities in networked software and social engineering. > An attacker crafting malware to piggy-back on benign executables exchanged > via sneakernet is like worrying about how to attach a team of horses to your > car. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > DISCLAIMER The information contained in this electronic mail may be > confidential or legally privileged. It is for the intended > recipient(s) only. Should you receive this message in error, please > notify the sender by replying to this mail. Please do not read, copy, > forward or store this message unless you are an intended recipient of > it - unauthorized use of contents is strictly prohibited. Unless > expressly stated, opinions in this message are those of the individual > sender and not of GFI. While all care has been taken, GFI is not > responsible for the integrity or the contents of this electronic mail > and any attachments included within. (GFI2011) > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
