![]() The file name of an infected file is included in these status messages, but no contents of files are made available by this system. When a virus is detected on a machine, this will be logged centrally and the local computing support provider will receive this informatiom. It does not provide any other level of access to the client. This arrangement will only allow computing staff to manage the antivirus software itself, and to receive status messages from this software. What sort of access to my machine does it provide? If a machine is turned off, it will simply check in with the server when it is next booted up and will obtain any needed updates and configuration changes at that time. Most communication is client initiated, but configuration changes can be sent from the server to the client as well. This allows the desktop client to communicate with the management server. ![]() When the SAV and SEP software is installed in managed mode, a management component (based on Intel's LANDesk remote management product) is also installed. In addition, the virus detection reporting features available in managed mode allow computing staff to monitor the presence of viruses on managed machines. This is a hige advantage if a virus outbreak starts, as all managed machines can be updated easily after new defintions are released. ![]() Use of managed mode helps to ensure that the antivirus protection is active and properly configured on the managed machines, that virus definitions on these machines are up to date, and allow virus definition updates to be applied automatically without user intervention. This document provides more information regarding the use of SAV and SEP in managed mode and SAS Computing's implementation of this system. It is the default for all new Windows machines installed by SAS Computing staff. SAS Computing implements SAV and SEP in managed mode for all supported Windows machines which are continuously connected to the ethernet network when in use. ![]() SAS Computing has found the use of SAV and SEP in managed mode on Windows machines to be a major advance in the provision of protection from viruses, in that up-to-date protection can be maintained with far less intervention and monitoring being required on the part of the user. This option is only available for Windows machines. SAS Computing will run such a server and it will also be used to provide program and virus definition updates automatically. What this means is that the software installed on a desktop machine can be configured to allow its settings to be managed and monitored from a central server. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.(This information is for Windows users only)įor Windows machines, where new viruses and virus outbreaks are most common, one of the main advantages of Symantec AntiVirus (SAV) or Symentec Endpoint Protection (SEP) is the ability for the software to be "managed" remotely. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. Symantec antivirus products use common unpackers to extract malware binaries when scanning a system.Symantec Antivirus multiple remote memory corruption unpacking RAR
0 Comments
Leave a Reply. |