cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SergeM
Level 10
Report Inappropriate Content
Message 1 of 5

Any reason to deactivate VSE (any AV) ?

Jump to solution

Hi everyone

(this could be a poll if I knew how to create one)

I am part of the security team in our company. We manage security, security audits, policies etc.

Since I manage our ePO, I am quite often asked (requested, demanded) by sysadmins on remote locations to deactivate the antivirus on one or the other machine "in order to enable installation of some software".  The phrasing may vary, but ultimately it is usually because the software editor (or a consultant) indicates that "in some cases" the AV (epoch undefined, brand undefined, version unspecified) interfered with the installation, so as a precaution (??) software editors "recommend that any antivirus be deactivates or if necessary uninstalled" for the installation of (their) software...

In my experience in the past +10 years, I'd say I haven't had a situation where this was actually really necessary.  I have found it difficult having to fight (argue) with some colleagues trying to convince them that it wasn't necessary and getting them to at least try to do the installation without deactivating the AV once.

I'd like to know how you react to this?

What is your company security policy regarding deactivation of the AV?

Do you feel it is OK to deactivate the AV in order to allow installation of some (any) other software?

Have you ever had a case where it was actually (really) necessary to do so?

Any comments more than welcome.

Serge

1 Solution

Accepted Solutions
SergeM
Level 10
Report Inappropriate Content
Message 4 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

ansarias wrote:



And I have made a policy for Server team for such requests > Get an approval from CISO or Someone from Client side to done installation activity without AV under a change process so if something goes wrong you will be safe


Yep... except/expect when you are the CISO (or close enough)?

OK, I am not exactly the CISO, but I'm the person in the team who deals with AV stuff...  So it's down to me to find diplomatic phrasing to explain this to people...

In my question, I guess I'm more trying to find out if there are "other opinions" (i.e. who'd disagree with me, that "disabling the AV is a no-no") and also trying to find out if someone has quotable sources (white paper, best practices, public policies) that'd help me add "power" to what I'm going to write to the "esteemed requester"...  (And I didn't want to send this on /. )

Thanks to everyone for your help & answers.

Sergio

View solution in original post

4 Replies

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

Hi there,

I would not disabled the AV to install any other 3rd party. You can create exclusions if you 100% that file is legitime or you can submit the files in case you doubt about the file.

Best regards,

Jose Maria

ansarias
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

Well I am completely agree with Jose, I faced same issues from server team and only 1 case I disable AV during WIN 2008 feature enable.

Apart from that you have to review McAfee logs so you can do exclusion.

And I have made a policy for Server team for such requests > Get an approval from CISO or Someone from Client side to done installation activity without AV under a change process so if something goes wrong you will be safe

SergeM
Level 10
Report Inappropriate Content
Message 4 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

ansarias wrote:



And I have made a policy for Server team for such requests > Get an approval from CISO or Someone from Client side to done installation activity without AV under a change process so if something goes wrong you will be safe


Yep... except/expect when you are the CISO (or close enough)?

OK, I am not exactly the CISO, but I'm the person in the team who deals with AV stuff...  So it's down to me to find diplomatic phrasing to explain this to people...

In my question, I guess I'm more trying to find out if there are "other opinions" (i.e. who'd disagree with me, that "disabling the AV is a no-no") and also trying to find out if someone has quotable sources (white paper, best practices, public policies) that'd help me add "power" to what I'm going to write to the "esteemed requester"...  (And I didn't want to send this on /. )

Thanks to everyone for your help & answers.

Sergio

View solution in original post

pierce
Level 13
Report Inappropriate Content
Message 5 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

Same as above, the answer here is 'install it and if it fails then come back to me' you will never hear from most users again. Of course there will be 1 or 2, but then you will find you probably need exceptions to get it running properly anyway.

Disabling AV is always a last resort action, and the users should hopefully understand that!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community