I have been tasked to design and document a POA document on how to deal with a Virus Outbreak. Things like when to notify the helpdesk. How should the local admins react locally? What is the ideal notification design? Right now we have roughly 15000 workstations and about 500 servers. I usually am right around 90+% on workstation coverage and 95+% on servers.
I am looking for some guidance either from McAfee or from elsewhere that would give insites to best practices in dealing with virus security. I scanned the McAfee documentation, but didn't find much. I also googled it but am still sorting through the 124,000,000 hits. =)
to answer the part about notifications, you may well have to apply business continuity planning that is relevant to your business.
ie, setting ePO to sound the alarm on one email that is infected, and then declaring a lockdown of the exchange server may well contain the threat, but also take out a critical section of your business.
i speak from experience when i say that this should be lead from the highest technical authority within your business, CTO/CIO if you will, and involve all the technology stakeholders, laying out "if an infection hits, and i do this, then you wont be able to do a, b, c until it is resolved"
this then prevents bun fights, when they ask you why you killed email and they have 3000 helpdesk tickets logged per hr...
but then on the other hand, if you are a business that trades on reputation ( as all businesses do to a greater or lesser extent) then a single infected email sent to a customer will leave a very bitter taste..