cancel
Showing results for 
Search instead for 
Did you mean: 
SergeM
Level 9
Report Inappropriate Content
Message 1 of 5

Any reason to deactivate VSE (any AV) ?

Jump to solution

Hi everyone

(this could be a poll if I knew how to create one)

I am part of the security team in our company. We manage security, security audits, policies etc.

Since I manage our ePO, I am quite often asked (requested, demanded) by sysadmins on remote locations to deactivate the antivirus on one or the other machine "in order to enable installation of some software".  The phrasing may vary, but ultimately it is usually because the software editor (or a consultant) indicates that "in some cases" the AV (epoch undefined, brand undefined, version unspecified) interfered with the installation, so as a precaution (??) software editors "recommend that any antivirus be deactivates or if necessary uninstalled" for the installation of (their) software...

In my experience in the past +10 years, I'd say I haven't had a situation where this was actually really necessary.  I have found it difficult having to fight (argue) with some colleagues trying to convince them that it wasn't necessary and getting them to at least try to do the installation without deactivating the AV once.

I'd like to know how you react to this?

What is your company security policy regarding deactivation of the AV?

Do you feel it is OK to deactivate the AV in order to allow installation of some (any) other software?

Have you ever had a case where it was actually (really) necessary to do so?

Any comments more than welcome.

Serge

1 Solution

Accepted Solutions
SergeM
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

ansarias wrote:



And I have made a policy for Server team for such requests > Get an approval from CISO or Someone from Client side to done installation activity without AV under a change process so if something goes wrong you will be safe


Yep... except/expect when you are the CISO (or close enough)?

OK, I am not exactly the CISO, but I'm the person in the team who deals with AV stuff...  So it's down to me to find diplomatic phrasing to explain this to people...

In my question, I guess I'm more trying to find out if there are "other opinions" (i.e. who'd disagree with me, that "disabling the AV is a no-no") and also trying to find out if someone has quotable sources (white paper, best practices, public policies) that'd help me add "power" to what I'm going to write to the "esteemed requester"...  (And I didn't want to send this on /. )

Thanks to everyone for your help & answers.

Sergio

4 Replies

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

Hi there,

I would not disabled the AV to install any other 3rd party. You can create exclusions if you 100% that file is legitime or you can submit the files in case you doubt about the file.

Best regards,

Jose Maria

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

Well I am completely agree with Jose, I faced same issues from server team and only 1 case I disable AV during WIN 2008 feature enable.

Apart from that you have to review McAfee logs so you can do exclusion.

And I have made a policy for Server team for such requests > Get an approval from CISO or Someone from Client side to done installation activity without AV under a change process so if something goes wrong you will be safe

SergeM
Level 9
Report Inappropriate Content
Message 4 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

ansarias wrote:



And I have made a policy for Server team for such requests > Get an approval from CISO or Someone from Client side to done installation activity without AV under a change process so if something goes wrong you will be safe


Yep... except/expect when you are the CISO (or close enough)?

OK, I am not exactly the CISO, but I'm the person in the team who deals with AV stuff...  So it's down to me to find diplomatic phrasing to explain this to people...

In my question, I guess I'm more trying to find out if there are "other opinions" (i.e. who'd disagree with me, that "disabling the AV is a no-no") and also trying to find out if someone has quotable sources (white paper, best practices, public policies) that'd help me add "power" to what I'm going to write to the "esteemed requester"...  (And I didn't want to send this on /. )

Thanks to everyone for your help & answers.

Sergio

pierce
Level 13
Report Inappropriate Content
Message 5 of 5

Re: Any reason to deactivate VSE (any AV) ?

Jump to solution

Same as above, the answer here is 'install it and if it fails then come back to me' you will never hear from most users again. Of course there will be 1 or 2, but then you will find you probably need exceptions to get it running properly anyway.

Disabling AV is always a last resort action, and the users should hopefully understand that!