I have browsed this Forum and found several discussions about this topic but all of them are a few years old with no real updates on them so here I am with a new posting.
My company and I are planning to roll out workstations that are specifically configured for 1 purpose and that is to scrub or scan and clean removable devices. The workstation will be as biasic as it gets with C drive, DVD Drive, network connection for system OS patches and updates and Mcafee. No email, internet is proxy controlled and will mostly not be used.
The purpose of this workstation is for personnel, including outside vendors, to insert their removable drive containing firmware, patches or updates, have that scanned and then they can proceed to the production systems or machines to perform their tasks.
is there a way to create a group that contains only these special workstations and have a policy for it to scan upon insertion of anything? is there something i can add the Virus Scan Console on the workstations?