RE: User who doesn't like logging off / shutting down
So what? If it's been a long time, and it's now detected, what *harm* is prevented by a scheduled scan that a realtime scan won't also prevent? If the file is never accessed, it's not doing any harm. If it is accessed after it's detectable, it get blocked by the realtime scanner, and it does no harm. As I explained to ASB, scheduled scan's only benefit under a specific sequence of events is to give notice that you're screwed. And more often than not, if the AV system hasn't been totally disabled, the realtime scanner will sound off before the next scheduled scan. There is simply NO prevention benefit from scheduled scans, assuming a competent AV system. Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:55 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Error in your logic, here... AV software is *never* perfectly up-to-date on all bits of malware all the time. Something is always missed, and sometimes for a very long time, no matter how good the AV software is. Kurt On Thu, Oct 22, 2009 at 19:52, Carl Houseman c.house...@gmail.com wrote: Try to employ some logic here. Q: Why does a realtime scan not find something? A: Because the file is never accessed. If the answer above is NOT the answer, then the realtime scanner is broken and that AV product should be abandoned. Q: When does a realtime scanner identify malware? A: When it's accessed by the operating system. Q: What does a malware file that's never accessed do to a system? A: Use up free space on the hard drive. Nothing more. Scheduled scans are limited to signature-based identification, and as we all know, signature detection has largely been defeated of late. The name of the game is preventing dangerous execution behaviors, and that kind of detection and prevention is part of realtime detection mechanisms. As realtime scanners evolve and improve, they will find malware that scheduled scans miss. Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:31 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On Thu, Oct 22, 2009 at 19:21, Carl Houseman c.house...@gmail.com wrote: What's the answer to my question? (highlighted below in case you missed it) The answer is: I don't know, but the VIPRE realtime scans aren't catching what the scheduled scans are catching. Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? As dangerous as the next click or carriage return, or File/Open operation. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
If a deep scan looks for modifications to the hosts file, I can see that as some benefit for after-the-fact notification. Now you're talking about a threat that is otherwise undetectable except for the changes it makes to files or registry areas that aren't monitored by realtime scanning. But again, a scheduled scan doesn't do anything to *prevent* an infection that a realtime scan wouldn't also accomplish. The holy grail we're after is prevention. Signature-based detection is on the way out, and when it's gone, it will be because real-time detection of harmful behavior has finally been implemented effectively. Carl -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Friday, October 23, 2009 1:51 AM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On 22 Oct 2009 at 21:30, Carl Houseman wrote: All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? Stuff that has slipped under the radar that is new in the signature files that wasn't there when the malware was infecting the machine. Some stuff that might be significant here might be a file which writes to the HOSTS file. It has already done its work, but the deep scan might find it and alert the sysadmin to its presence. Scheduled scans are about as useful as software firewalls... For careful folks, I agree. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
I'm going to have to disagree with you (rare occurrence) because I've had both scenarios you describe occur. Sometimes the RT scan gets it later, and sometimes it's the scheduled scan that gets it first. And a not-so-effectively-written-virus can prove as annoying as its better written brethren, so it's good to get those alerts before local file access has occurred. Sent from my Verizon Wireless BlackBerry -Original Message- From: Carl Houseman c.house...@gmail.com Date: Fri, 23 Oct 2009 01:56:56 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Subject: RE: User who doesn't like logging off / shutting down No, that's not the only way a threat is eliminated before being activated. After signatures are updated, the realtime scanner will sound off as soon as something or someone tries to activate or copy it. If nothing tries to activate it or copy it then there's no harm. It's just occupying disk space. The only case I can make for a scheduled scan is when the undetected malware is already active on the system, then the signatures are updated to detect it, but the machine is not rebooted. Since the malware is already active, there might not be a file access for the realtime scanner to check. So a scheduled scan can provide the notice that you're screwed. But any malware worth its salt is more likely to defeat the AV signature updates or hide behind a rootkit and get missed by all scan methods. Conclusion: There is no way that a scheduled scan prevents infection that the realtime scanner wouldn't also prevent, assuming both scheduled and real-time scans are equally effective at detection. Carl From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, October 22, 2009 10:55 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down If a zero-day malware lands on your system but didn't get triggered right away, and a signature became available in a few days, the only way to eliminate the threat before it gets activated by time or by user is with a scheduled scan.I've had the scheduled scans catch things that no sig was available for when then originally landed. ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Providing Competitive Advantage through Effective IT Leadership On Thu, Oct 22, 2009 at 10:21 PM, Carl Houseman c.house...@gmail.com wrote: What's the answer to my question? (highlighted below in case you missed it) And if you correctly answer the question, how do scheduled scans prevent an infection that real-time scanning wouldn't prevent? Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:01 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down I'd believe you, except that I get reports from every scan of new bits of infestation, on at least 2 or three machines. Um, perhaps 'infestation' is not the right word. Let's say 'unwanted software' instead. Once in a while it's truly nasty, but more often is adware or some other silliness like the popcaploader crap from online games. Now, once we get to the point of eliminating admin rights for users on their desktops, I'll be more likely to agree with you. Kurt On Thu, Oct 22, 2009 at 18:30, Carl Houseman c.house...@gmail.com wrote: v All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? ^ Scheduled scans are about as useful as software firewalls... Carl ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Prevention is definitely important, but risk management relies on logging and forensics as well, and those address post-incident activity. You don't always get to prevent. Sent from my Verizon Wireless BlackBerry -Original Message- From: Carl Houseman c.house...@gmail.com Date: Fri, 23 Oct 2009 02:24:19 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Subject: RE: User who doesn't like logging off / shutting down If a deep scan looks for modifications to the hosts file, I can see that as some benefit for after-the-fact notification. Now you're talking about a threat that is otherwise undetectable except for the changes it makes to files or registry areas that aren't monitored by realtime scanning. But again, a scheduled scan doesn't do anything to *prevent* an infection that a realtime scan wouldn't also accomplish. The holy grail we're after is prevention. Signature-based detection is on the way out, and when it's gone, it will be because real-time detection of harmful behavior has finally been implemented effectively. Carl -Original Message- From: Angus Scott-Fleming [mailto:angu...@geoapps.com] Sent: Friday, October 23, 2009 1:51 AM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On 22 Oct 2009 at 21:30, Carl Houseman wrote: All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? Stuff that has slipped under the radar that is new in the signature files that wasn't there when the malware was infecting the machine. Some stuff that might be significant here might be a file which writes to the HOSTS file. It has already done its work, but the deep scan might find it and alert the sysadmin to its presence. Scheduled scans are about as useful as software firewalls... For careful folks, I agree. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 9:30 PM, Carl Houseman c.house...@gmail.com wrote: what do scheduled scans find that real-time scanning won't catch? Threat comes in before signatures are updated. (Remember, anti-malware is an entirely reactive game.) While it is true that a real-time scan *should* intercept that threat on the next access, I'd like to know about it ASAP. That way *I* can be proactive, rather than reactive. I'd much rather tend to something at my leisure than wait until the users call. There's also the important concept of defense-in-depth. If, somehow, someway, the real-time scan doesn't catch something, maybe the scheduled scan will. They do use different APIs to the OS, so this isn't entirely superstition. Even better would be to do full scans with a *different* AV product. But we have limited resources as it is. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 22:50, Angus Scott-Fleming angu...@geoapps.com wrote: On 22 Oct 2009 at 18:04, Kurt Buff wrote: We schedule quick AV scans at noon on Wednesday, full AV scans on Monday at 8pm, and Microsoft patching (via WSUS) with a deadline of 05:00 Tuesday. We schedule a test group for WSUS patching the Monday evening after patch Tuesday, and the rest of the workstations the You leave the Patch Tuesday patches uninstalled for 7 days? Interesting. It doesn't usually take that long for exploits to appear. It's what we could negotiate with the users. I'd prefer to do it the day after. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 22:50, Angus Scott-Fleming angu...@geoapps.com wrote: On 22 Oct 2009 at 18:04, Kurt Buff wrote: We schedule quick AV scans at noon on Wednesday, full AV scans on Monday at 8pm, and Microsoft patching (via WSUS) with a deadline of 05:00 Tuesday. We schedule a test group for WSUS patching the Monday evening after patch Tuesday, and the rest of the workstations the You leave the Patch Tuesday patches uninstalled for 7 days? Interesting. It doesn't usually take that long for exploits to appear. One other thing about that: It's a balance - MSFT has been known to issue a bad patch now and then. Waiting a week gives us a chance to evaluate the feedback from the community. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On 23 Oct 2009 at 10:57, Kurt Buff wrote: It's a balance - MSFT has been known to issue a bad patch now and then. Waiting a week gives us a chance to evaluate the feedback from the community. I usually update my own systems quickly, then wait a day or two before advising clients to go ahead with updates. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
User who doesn't like logging off / shutting down
Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Put some pron on his desktop and complain to HR.. :) John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Can they hit the Windows key and L at the same time? If not, you can do it for them using Group Policy. From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
He or she is in HR! 2009/10/22 John Cook john.c...@pfsf.org Put some pron on his desktop and complain to HR…… J *John W. Cook* *Systems Administrator* *Partnership For Strong Families* *315 SE 2nd Ave* *Gainesville, Fl 32601* *Office (352) 393-2741 x320* *Cell (352) 215-6944* *Fax (352) 393-2746* *MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4* *From:* Andrew Levicki [mailto:and...@levicki.me.uk] *Sent:* Thursday, October 22, 2009 4:30 PM *To:* NT System Admin Issues *Subject:* User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew -- CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Set the timeout to at least lock the workstation? From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 3:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
I ASSume you push patches. He/she may lose whatever they were working on when a patch session forces a reboot. Dunno what you mean by ticket expiration as Kerberos will renew tickets automatically. From: Andrew Levicki [and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:29 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Industrial espionage? Don't know your industry or circumstances, but if they're important enough that you can't force them to do so then they are important enough to have access to critical and sensitive information that they leave accessible for anyone whenever they're out of the office. At the minimum he should be locking the computer when he leaves, or configure the screen saver via GPO to lock the workstation. On Thu, Oct 22, 2009 at 4:29 PM, Andrew Levicki and...@levicki.me.ukwrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Ah a misunderstanding on my part, I didn't realise that Kerberos renewed tickets automatically. So my only real point is the power consumption. I just want them to do what everyone else manages to do which is turn off at night. 2009/10/22 Michael B. Smith mich...@owa.smithcons.com I ASSume you push patches. He/she may lose whatever they were working on when a patch session forces a reboot. Dunno what you mean by ticket expiration as Kerberos will renew tickets automatically. -- *From:* Andrew Levicki [and...@levicki.me.uk] *Sent:* Thursday, October 22, 2009 4:29 PM *To:* NT System Admin Issues *Subject:* User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Password expiration can be a problem, however (at least, that's what I've seen on XP... especially if the person uses multiple computers at any point.) From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, October 22, 2009 1:33 PM To: NT System Admin Issues Subject: RE: User who doesn't like logging off / shutting down I ASSume you push patches. He/she may lose whatever they were working on when a patch session forces a reboot. Dunno what you mean by ticket expiration as Kerberos will renew tickets automatically. From: Andrew Levicki [and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:29 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Then skip the complain part! He or She will get the idea.. or just send out a list of everyones salary from their email account. I'm just feeling evil today John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:34 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down He or she is in HR! 2009/10/22 John Cook john.c...@pfsf.orgmailto:john.c...@pfsf.org Put some pron on his desktop and complain to HR.. :) John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Andrew Levicki [mailto:and...@levicki.me.ukmailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
I assume they also don't lock it? As was pointed out, that's easy enough to configure. _ From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.16/2435 - Release Date: 10/22/09 08:51:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 4:29 PM, Andrew Levicki and...@levicki.me.uk wrote: They claim that it takes too long and they haven't got time to wait to log on again or start up. So let them stay logged in. That's what I normally do. I've often got over a dozen windows open, some with dozens of documents/tabs. I don't want to have to shut all that stuff down every day. The only detrimental effects that I can think of are added power consumption ... Power consumption can be easily addressed with power management. Have the computer shut off monitor and hard disks when idle. That alone will save big power, and wake up is still nearly instantaneous. If you want to save more, have it go into standby (suspend-to-RAM) after like two idle hours. That will still wake up fairly quickly, while using very little power. ... ticket expiration. ??? You mean Kerberos? The computer should automatically renew tickets as needed. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? If you're depending on roaming profile sync to protect user data, profiles only get sync'ed at logoff. If there was nothing else going on, I'd script something to force a logoff/reboot periodically. But thanks to Microsoft's monthly updates, I figure that takes care of it for me. ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 4:37 PM, Andrew Levicki and...@levicki.me.uk wrote: I just want them to do what everyone else manages to do which is turn off at night. Why are you so dead set on shutting down the PC at night? Do you have a reason? Just curious... :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Or... from their email account... Dear insert name of CEO here, Let me tell you how I believe this company needs to be run From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, October 22, 2009 3:38 PM To: NT System Admin Issues Subject: RE: User who doesn't like logging off / shutting down Then skip the complain part! He or She will get the idea.. or just send out a list of everyones salary from their email account. I'm just feeling evil today John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:34 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down He or she is in HR! 2009/10/22 John Cook john.c...@pfsf.org Put some pron on his desktop and complain to HR.. J John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I, A+, N+, VSP4, VTSP4 From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Locking the workstation doesn't address software updates or deployments being missed, among other things. Andrew should look into why it takes the computer so long to log in that someone would complain. My 3+ year old Dell desktop takes 5 seconds or a little more to be at a useable desktop in Vista. He could also tell her she at least needs to log out on the weekends, or restart the computer as she leaves on Friday. Find some middle ground. -- Mike Gill From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, October 22, 2009 1:33 PM To: NT System Admin Issues Subject: RE: User who doesn't like logging off / shutting down Can they hit the Windows key and L at the same time? If not, you can do it for them using Group Policy. From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
shutdown -s -m \\computer-namefile://\\computer-name -f -t 0 done. From: Andrew Levicki [and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:37 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Ah a misunderstanding on my part, I didn't realise that Kerberos renewed tickets automatically. So my only real point is the power consumption. I just want them to do what everyone else manages to do which is turn off at night. 2009/10/22 Michael B. Smith mich...@owa.smithcons.commailto:mich...@owa.smithcons.com I ASSume you push patches. He/she may lose whatever they were working on when a patch session forces a reboot. Dunno what you mean by ticket expiration as Kerberos will renew tickets automatically. From: Andrew Levicki [and...@levicki.me.ukmailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:29 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Determine what the issue is with takes too long to start up From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 1:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
What about policies that don't get applied except at boot time, managed software installs, changes that are made by login scripts. We have many staff who just step away from their PCs at the end of the day. I have the machines lock after 15 minutes of idle time. All the time I'll get a ticket stating that an icon on their desktop isn't working anymore or that they don't have a certain software, and I will ask them when the last time they logged in was. Most will say that morning but I tell them to restart their PC and low and behold their issue is resolved. James - Original Message - From: Mike Gill To: NT System Admin Issues Sent: Thursday, October 22, 2009 4:45 PM Subject: RE: User who doesn't like logging off / shutting down Locking the workstation doesn't address software updates or deployments being missed, among other things. Andrew should look into why it takes the computer so long to log in that someone would complain. My 3+ year old Dell desktop takes 5 seconds or a little more to be at a useable desktop in Vista. He could also tell her she at least needs to log out on the weekends, or restart the computer as she leaves on Friday. Find some middle ground. -- Mike Gill From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, October 22, 2009 1:33 PM To: NT System Admin Issues Subject: RE: User who doesn't like logging off / shutting down Can they hit the Windows key and L at the same time? If not, you can do it for them using Group Policy. From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:30 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Sleep mode? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, October 22, 2009 1:42 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On Thu, Oct 22, 2009 at 4:29 PM, Andrew Levicki and...@levicki.me.uk wrote: They claim that it takes too long and they haven't got time to wait to log on again or start up. So let them stay logged in. That's what I normally do. I've often got over a dozen windows open, some with dozens of documents/tabs. I don't want to have to shut all that stuff down every day. The only detrimental effects that I can think of are added power consumption ... Power consumption can be easily addressed with power management. Have the computer shut off monitor and hard disks when idle. That alone will save big power, and wake up is still nearly instantaneous. If you want to save more, have it go into standby (suspend-to-RAM) after like two idle hours. That will still wake up fairly quickly, while using very little power. ... ticket expiration. ??? You mean Kerberos? The computer should automatically renew tickets as needed. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? If you're depending on roaming profile sync to protect user data, profiles only get sync'ed at logoff. If there was nothing else going on, I'd script something to force a logoff/reboot periodically. But thanks to Microsoft's monthly updates, I figure that takes care of it for me. ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Thanks for all the input, serious or otherwise. Good point about power management, that will address the power consumption issue. I will look into that. So, I'm still left with the software updates and deployments, which require restarts. They do lock their workstation, luckily. Maybe you're right, Ben, maybe I've got better things to worry about. Anyway, case closed. I'll look into power management and I won't be forcing shutdowns / installing pron / sending emails to the CEO! Thanks guys, Andrew 2009/10/22 Mike Gill lis...@canbyfoursquare.com Locking the workstation doesn’t address software updates or deployments being missed, among other things. Andrew should look into why it takes the computer so long to log in that someone would complain. My 3+ year old Dell desktop takes 5 seconds or a little more to be at a useable desktop in Vista. He could also tell her she at least needs to log out on the weekends, or restart the computer as she leaves on Friday. Find some middle ground. -- Mike Gill *From:* Richard Stovall [mailto:richard.stov...@researchdata.com] *Sent:* Thursday, October 22, 2009 1:33 PM *To:* NT System Admin Issues *Subject:* RE: User who doesn't like logging off / shutting down Can they hit the Windows key and L at the same time? If not, you can do it for them using Group Policy. *From:* Andrew Levicki [mailto:and...@levicki.me.uk] *Sent:* Thursday, October 22, 2009 4:30 PM *To:* NT System Admin Issues *Subject:* User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
You can setup in GPO to lock the computer after a certain amount of time and then setup a scheduled task to use the shutdown.exe command to turn the computer off. _ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021Fax: 847-255-1896 ccoo...@aurico.com From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, October 22, 2009 3:35 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Industrial espionage? Don't know your industry or circumstances, but if they're important enough that you can't force them to do so then they are important enough to have access to critical and sensitive information that they leave accessible for anyone whenever they're out of the office. At the minimum he should be locking the computer when he leaves, or configure the screen saver via GPO to lock the workstation. On Thu, Oct 22, 2009 at 4:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 4:55 PM, Andrew Levicki and...@levicki.me.uk wrote: So, I'm still left with the software updates and deployments, which require restarts. When I have to force updates via startup scripts, I have a batch file called reboot_the_world.CMD that I use to reboot any running workstations. I run it after hours, and get anyone who leaves their PC on overnight. Anything that's turned off will, of course, run during next startup. I don't always use it; some updates aren't critical and can wait. Microsoft Updates come via WSUS and have their own auto-reboot stuff. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Set it up to reboot every night and tell him/her it's because of patching. From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, October 22, 2009 4:33 PM To: NT System Admin Issues Subject: RE: User who doesn't like logging off / shutting down I ASSume you push patches. He/she may lose whatever they were working on when a patch session forces a reboot. Dunno what you mean by ticket expiration as Kerberos will renew tickets automatically. From: Andrew Levicki [and...@levicki.me.uk] Sent: Thursday, October 22, 2009 4:29 PM To: NT System Admin Issues Subject: User who doesn't like logging off / shutting down Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 5:21 PM, Scot Parsons spars...@scetv.org wrote: Set it up to reboot every night and tell him/her it’s because of patching. The BOFH is strong in you. /me is impressed -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.ukwrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.comwrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.ukwrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 7:47 PM, Jonathan Link jonathan.l...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. Or go to Vipre... This isn't a brand X vs Y issue, it's a lack-of-clue issue. The time to do a full AV scan is not at user logon. It's at night, at 3 AM, when nobody's using the PC anyway. Even if one must cater to clueless demands to not let an unscanned PC on to the network, then it should happen during computer startup, not user logon. The PC can sit there all day long infecting other machines without anyone logging on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.comwrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.ukwrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 17:03, Ben Scott mailvor...@gmail.com wrote: On Thu, Oct 22, 2009 at 7:47 PM, Jonathan Link jonathan.l...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. Or go to Vipre... This isn't a brand X vs Y issue, it's a lack-of-clue issue. The time to do a full AV scan is not at user logon. It's at night, at 3 AM, when nobody's using the PC anyway. Even if one must cater to clueless demands to not let an unscanned PC on to the network, then it should happen during computer startup, not user logon. The PC can sit there all day long infecting other machines without anyone logging on. -- Ben We schedule quick AV scans at noon on Wednesday, full AV scans on Monday at 8pm, and Microsoft patching (via WSUS) with a deadline of 05:00 Tuesday. We schedule a test group for WSUS patching the Monday evening after patch Tuesday, and the rest of the workstations the Monday evening after that - again with a deadline of 05:00 Tuesday. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
You have a better machine than most of our folks, I suppose. We have noticeable slowdowns on many of our machines. Still, it's *FAR* better than McAfee. On Thu, Oct 22, 2009 at 17:52, Sherry Abercrombie saber...@gmail.com wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
I have to agree with Tom. I've got Vipre installed at probably a dozen customers, and while a quick-scan is OK during the day, a full scan is VERY noticeable. At all my clients I've had to schedule that for off-hours, changing the default. I don't notice it on my laptops and PCs, but they are significantly higher-performing than my average customer's desktop. From: Sherry Abercrombie [saber...@gmail.com] Sent: Thursday, October 22, 2009 8:52 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.orgmailto:tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.commailto:ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.ukmailto:and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
A three year old Dell laptopnot anything special at all. On Thu, Oct 22, 2009 at 7:06 PM, Kurt Buff kurt.b...@gmail.com wrote: You have a better machine than most of our folks, I suppose. We have noticeable slowdowns on many of our machines. Still, it's *FAR* better than McAfee. On Thu, Oct 22, 2009 at 17:52, Sherry Abercrombie saber...@gmail.com wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke Sent from Hurst, TX, United States ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Most of our machines are about that old, but we tend to under-resource our machines - I finally had to put my foot down to get our engineers to 1gb of RAM, and in a few cases 2gb. I get complaints from those who stay late on Monday night, and I finally told them to get in the office earlier and go home before it starts. I get some complaints about the Wednesday scan, too, and tell those folks to go to lunch, like normal people. Kurt On Thu, Oct 22, 2009 at 18:20, Sherry Abercrombie saber...@gmail.com wrote: A three year old Dell laptopnot anything special at all. On Thu, Oct 22, 2009 at 7:06 PM, Kurt Buff kurt.b...@gmail.com wrote: You have a better machine than most of our folks, I suppose. We have noticeable slowdowns on many of our machines. Still, it's *FAR* better than McAfee. On Thu, Oct 22, 2009 at 17:52, Sherry Abercrombie saber...@gmail.com wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke Sent from Hurst, TX, United States ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? Scheduled scans are about as useful as software firewalls... Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 9:26 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Most of our machines are about that old, but we tend to under-resource our machines - I finally had to put my foot down to get our engineers to 1gb of RAM, and in a few cases 2gb. I get complaints from those who stay late on Monday night, and I finally told them to get in the office earlier and go home before it starts. I get some complaints about the Wednesday scan, too, and tell those folks to go to lunch, like normal people. Kurt On Thu, Oct 22, 2009 at 18:20, Sherry Abercrombie saber...@gmail.com wrote: A three year old Dell laptopnot anything special at all. On Thu, Oct 22, 2009 at 7:06 PM, Kurt Buff kurt.b...@gmail.com wrote: You have a better machine than most of our folks, I suppose. We have noticeable slowdowns on many of our machines. Still, it's *FAR* better than McAfee. On Thu, Oct 22, 2009 at 17:52, Sherry Abercrombie saber...@gmail.com wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
I'd believe you, except that I get reports from every scan of new bits of infestation, on at least 2 or three machines. Um, perhaps 'infestation' is not the right word. Let's say 'unwanted software' instead. Once in a while it's truly nasty, but more often is adware or some other silliness like the popcaploader crap from online games. Now, once we get to the point of eliminating admin rights for users on their desktops, I'll be more likely to agree with you. Kurt On Thu, Oct 22, 2009 at 18:30, Carl Houseman c.house...@gmail.com wrote: All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? Scheduled scans are about as useful as software firewalls... Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 9:26 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Most of our machines are about that old, but we tend to under-resource our machines - I finally had to put my foot down to get our engineers to 1gb of RAM, and in a few cases 2gb. I get complaints from those who stay late on Monday night, and I finally told them to get in the office earlier and go home before it starts. I get some complaints about the Wednesday scan, too, and tell those folks to go to lunch, like normal people. Kurt On Thu, Oct 22, 2009 at 18:20, Sherry Abercrombie saber...@gmail.com wrote: A three year old Dell laptopnot anything special at all. On Thu, Oct 22, 2009 at 7:06 PM, Kurt Buff kurt.b...@gmail.com wrote: You have a better machine than most of our folks, I suppose. We have noticeable slowdowns on many of our machines. Still, it's *FAR* better than McAfee. On Thu, Oct 22, 2009 at 17:52, Sherry Abercrombie saber...@gmail.com wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
What's the answer to my question? (highlighted below in case you missed it) And if you correctly answer the question, how do scheduled scans prevent an infection that real-time scanning wouldn't prevent? Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:01 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down I'd believe you, except that I get reports from every scan of new bits of infestation, on at least 2 or three machines. Um, perhaps 'infestation' is not the right word. Let's say 'unwanted software' instead. Once in a while it's truly nasty, but more often is adware or some other silliness like the popcaploader crap from online games. Now, once we get to the point of eliminating admin rights for users on their desktops, I'll be more likely to agree with you. Kurt On Thu, Oct 22, 2009 at 18:30, Carl Houseman c.house...@gmail.com wrote: v All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? ^ Scheduled scans are about as useful as software firewalls... Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 9:26 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down Most of our machines are about that old, but we tend to under-resource our machines - I finally had to put my foot down to get our engineers to 1gb of RAM, and in a few cases 2gb. I get complaints from those who stay late on Monday night, and I finally told them to get in the office earlier and go home before it starts. I get some complaints about the Wednesday scan, too, and tell those folks to go to lunch, like normal people. Kurt On Thu, Oct 22, 2009 at 18:20, Sherry Abercrombie saber...@gmail.com wrote: A three year old Dell laptopnot anything special at all. On Thu, Oct 22, 2009 at 7:06 PM, Kurt Buff kurt.b...@gmail.com wrote: You have a better machine than most of our folks, I suppose. We have noticeable slowdowns on many of our machines. Still, it's *FAR* better than McAfee. On Thu, Oct 22, 2009 at 17:52, Sherry Abercrombie saber...@gmail.com wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. On Thu, Oct 22, 2009 at 5:57 PM, Tom Miller tmil...@hnncsb.org wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Jonathan Link jonathan.l...@gmail.com 10/22/2009 7:47 PM Or go to Vipre... On Thu, Oct 22, 2009 at 7:01 PM, Eric Woodford ericwoodf...@gmail.com wrote: Sorry, can't help. I hate to logoff my pc because the security team has our AV do a full scan each time I logon. It takes a good 2 hours of 100% processing on my machine. The easy fix is to disable the AV, but... Maybe they just need to remove a few apps out of their startup, so it boots faster. On Thu, Oct 22, 2009 at 1:29 PM, Andrew Levicki and...@levicki.me.uk wrote: Hi, I've got a user who doesn't want to log off let alone shut down their computer. They claim that it takes too long and they haven't got time to wait to log on again or start up. They're important enough that I can't force them to do so, but I'm worried about possible problems. The only detrimental effects that I can think of are added power consumption and ticket expiration. Can anybody else think of any other pitfalls or even have any experience of this and how did you deal with it? Thanks, Andrew ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On Thu, Oct 22, 2009 at 19:21, Carl Houseman c.house...@gmail.com wrote: What's the answer to my question? (highlighted below in case you missed it) The answer is: I don't know, but the VIPRE realtime scans aren't catching what the scheduled scans are catching. Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? As dangerous as the next click or carriage return, or File/Open operation. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
Try to employ some logic here. Q: Why does a realtime scan not find something? A: Because the file is never accessed. If the answer above is NOT the answer, then the realtime scanner is broken and that AV product should be abandoned. Q: When does a realtime scanner identify malware? A: When it's accessed by the operating system. Q: What does a malware file that's never accessed do to a system? A: Use up free space on the hard drive. Nothing more. Scheduled scans are limited to signature-based identification, and as we all know, signature detection has largely been defeated of late. The name of the game is preventing dangerous execution behaviors, and that kind of detection and prevention is part of realtime detection mechanisms. As realtime scanners evolve and improve, they will find malware that scheduled scans miss. Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:31 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On Thu, Oct 22, 2009 at 19:21, Carl Houseman c.house...@gmail.com wrote: What's the answer to my question? (highlighted below in case you missed it) The answer is: I don't know, but the VIPRE realtime scans aren't catching what the scheduled scans are catching. Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? As dangerous as the next click or carriage return, or File/Open operation. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
If a zero-day malware lands on your system but didn't get triggered right away, and a signature became available in a few days, the only way to eliminate the threat before it gets activated by time or by user is with a scheduled scan.I've had the scheduled scans catch things that no sig was available for when then originally landed. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Providing Competitive Advantage through Effective IT Leadership* On Thu, Oct 22, 2009 at 10:21 PM, Carl Houseman c.house...@gmail.comwrote: What's the answer to my question? (highlighted below in case you missed it) And if you correctly answer the question, how do scheduled scans prevent an infection that real-time scanning wouldn't prevent? Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:01 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down I'd believe you, except that I get reports from every scan of new bits of infestation, on at least 2 or three machines. Um, perhaps 'infestation' is not the right word. Let's say 'unwanted software' instead. Once in a while it's truly nasty, but more often is adware or some other silliness like the popcaploader crap from online games. Now, once we get to the point of eliminating admin rights for users on their desktops, I'll be more likely to agree with you. Kurt On Thu, Oct 22, 2009 at 18:30, Carl Houseman c.house...@gmail.com wrote: v All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? ^ Scheduled scans are about as useful as software firewalls... Carl ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
Error in your logic, here... AV software is *never* perfectly up-to-date on all bits of malware all the time. Something is always missed, and sometimes for a very long time, no matter how good the AV software is. Kurt On Thu, Oct 22, 2009 at 19:52, Carl Houseman c.house...@gmail.com wrote: Try to employ some logic here. Q: Why does a realtime scan not find something? A: Because the file is never accessed. If the answer above is NOT the answer, then the realtime scanner is broken and that AV product should be abandoned. Q: When does a realtime scanner identify malware? A: When it's accessed by the operating system. Q: What does a malware file that's never accessed do to a system? A: Use up free space on the hard drive. Nothing more. Scheduled scans are limited to signature-based identification, and as we all know, signature detection has largely been defeated of late. The name of the game is preventing dangerous execution behaviors, and that kind of detection and prevention is part of realtime detection mechanisms. As realtime scanners evolve and improve, they will find malware that scheduled scans miss. Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:31 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down On Thu, Oct 22, 2009 at 19:21, Carl Houseman c.house...@gmail.com wrote: What's the answer to my question? (highlighted below in case you missed it) The answer is: I don't know, but the VIPRE realtime scans aren't catching what the scheduled scans are catching. Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? As dangerous as the next click or carriage return, or File/Open operation. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On 22 Oct 2009 at 18:04, Kurt Buff wrote: We schedule quick AV scans at noon on Wednesday, full AV scans on Monday at 8pm, and Microsoft patching (via WSUS) with a deadline of 05:00 Tuesday. We schedule a test group for WSUS patching the Monday evening after patch Tuesday, and the rest of the workstations the You leave the Patch Tuesday patches uninstalled for 7 days? Interesting. It doesn't usually take that long for exploits to appear. Monday evening after that - again with a deadline of 05:00 Tuesday. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On 22 Oct 2009 at 18:52, Sherry Abercrombie wrote: You can't be serious.I installed Vipre on my pc and started a deep scan right as my lunch hour started. Played a FPS game at lunch and never noticed a performance hit at all. What CPU? How much RAM is installed? -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On 22 Oct 2009 at 19:57, Tom Miller wrote: Wel, Vipre still bogs down our PCs here when the weekly deep scan is running. We get the same complaints we had when we used Symantec. The quick scans are not noticed, but I'm bummed that the deep scan causes a very noticeable performance loss. It's set at low priority, but still the vipre process is first/second in memory/cpu usage during the deep scans. Anything that uses those sort of resources is *not* running at low priority. Right there is a reason to leave the computers on at night -- let the scans happen at night when they don't interfere with the users's work. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +---+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: User who doesn't like logging off / shutting down
On 22 Oct 2009 at 21:30, Carl Houseman wrote: All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? Stuff that has slipped under the radar that is new in the signature files that wasn't there when the malware was infecting the machine. Some stuff that might be significant here might be a file which writes to the HOSTS file. It has already done its work, but the deep scan might find it and alert the sysadmin to its presence. Scheduled scans are about as useful as software firewalls... For careful folks, I agree. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: User who doesn't like logging off / shutting down
No, that's not the only way a threat is eliminated before being activated. After signatures are updated, the realtime scanner will sound off as soon as something or someone tries to activate or copy it. If nothing tries to activate it or copy it then there's no harm. It's just occupying disk space. The only case I can make for a scheduled scan is when the undetected malware is already active on the system, then the signatures are updated to detect it, but the machine is not rebooted. Since the malware is already active, there might not be a file access for the realtime scanner to check. So a scheduled scan can provide the notice that you're screwed. But any malware worth its salt is more likely to defeat the AV signature updates or hide behind a rootkit and get missed by all scan methods. Conclusion: There is no way that a scheduled scan prevents infection that the realtime scanner wouldn't also prevent, assuming both scheduled and real-time scans are equally effective at detection. Carl From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, October 22, 2009 10:55 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down If a zero-day malware lands on your system but didn't get triggered right away, and a signature became available in a few days, the only way to eliminate the threat before it gets activated by time or by user is with a scheduled scan.I've had the scheduled scans catch things that no sig was available for when then originally landed. ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Providing Competitive Advantage through Effective IT Leadership On Thu, Oct 22, 2009 at 10:21 PM, Carl Houseman c.house...@gmail.com wrote: What's the answer to my question? (highlighted below in case you missed it) And if you correctly answer the question, how do scheduled scans prevent an infection that real-time scanning wouldn't prevent? Here's another: How dangerous is a malware file that resides on a hard drive and is never accessed? Carl -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, October 22, 2009 10:01 PM To: NT System Admin Issues Subject: Re: User who doesn't like logging off / shutting down I'd believe you, except that I get reports from every scan of new bits of infestation, on at least 2 or three machines. Um, perhaps 'infestation' is not the right word. Let's say 'unwanted software' instead. Once in a while it's truly nasty, but more often is adware or some other silliness like the popcaploader crap from online games. Now, once we get to the point of eliminating admin rights for users on their desktops, I'll be more likely to agree with you. Kurt On Thu, Oct 22, 2009 at 18:30, Carl Houseman c.house...@gmail.com wrote: v All this turmoil over scheduled scans... tell me, what do scheduled scans find that real-time scanning won't catch? ^ Scheduled scans are about as useful as software firewalls... Carl ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~