5 Replies Latest reply: Mar 25, 2013 12:17 PM by rmetzger RSS

    Open file scanning with McAfee VirusScan Enterprise 8.8

    sixes

      Small office environment, roughly 20 PCs, all have "on-access scanning" turned on. Once a week a full scan of all PCs is scheduled to run. Is there any reason one would need to make sure all users are logged off of their PC before this scan runs? Many users like to leave for the night and simply "lock" their work station so that in the morning all of their applications from the night before are still up and running. Since forcing everyone to log off is intrusive, I'm wondering if this is still necessary like it might have been many years ago when software wasn't as mature as it is today.

       

      Most importantly, is there some McAfee documentation that suggests a possible best practice in this situation? I need to make my case to management so if someone could provide a link that would be great!

       

      Thanks!

       

      Message was edited by: sixes on 3/22/13 6:24:24 AM CDT

       

      Message was edited by: sixes on 3/22/13 6:26:41 AM CDT

       

      Message was edited by: sixes on 3/22/13 6:27:07 AM CDT
        • 1. Re: Open file scanning with McAfee VirusScan Enterprise 8.8
          petersimmons

          There is no need to force a logoff to scan a computer with an On Demand Scan. Not sure where the idea of forcing a logoff for a scan came from but I'd definitely say that's a myth.

          • 2. Re: Open file scanning with McAfee VirusScan Enterprise 8.8
            sixes

            Thank you. That's what I thought.

            • 3. Re: Open file scanning with McAfee VirusScan Enterprise 8.8
              rmetzger

              I agree with Peter Simmons comments completely.

               

              That said, I do not like leaving systems 'Logged In' under a users login while they are not there, as this may give access to data and information to others not authorized to have that information. The 'Cleaning crew's kids' or other disgruntled employee, could be getting at far more than you wish.

               

              So, for basic security, I do not recommend leaving systems Logged on solely for security reasons, not for anything related to AV Scanning.

               

              Now to really confuse things :

              see http://support.microsoft.com/kb/2695805

              quote

              How to troubleshoot performance issues in Outlook 2010

              Did you install Windows Desktop Search on a Windows XP-based computer or install Outlook on a Windows Vista-based computer or on a Windows 7-based computer?

              Windows Desktop Search (WDS) indexes all data in .ost files and .pst files. However, the indexing of Outlook data occurs only when Outlook is running. Therefore, you may have to leave Outlook running overnight to determine whether performance issues are related to the building of your search indexes.

              /quote

               

              So, in this case, leaving Outlook running, say overnight, may allow large .ost and .pst files to be fully indexed during off-hours.

               

              I have clients where the Accounting software on the client PC, leaves files Open on the server, causing backup problems. So, as a rule, this software needs to shut down at night. The Accounting Department finds it easiest to simply Log Off at night as they leave.

               

              As you can see, there is no One right answer. Each environment or department, will have different needs.

               

              In case your upper management decides that leaving people logged on overnight, I would suggest a screen-saver or other lock that requires a user re-enter login id/password to gain access to the system. This is just minimal good security.

               

              Good luck. I hope this is helpful.

              Ron Metzger

              • 4. Re: Open file scanning with McAfee VirusScan Enterprise 8.8
                sixes

                When a workstation is locked you still need a password to unlock it. If you have the user's password then you can also log on when the user is "logged off." So absolutely no difference in terms of "security."

                • 5. Re: Open file scanning with McAfee VirusScan Enterprise 8.8
                  rmetzger

                  However, backing up files with applications open (screen saver lock, unlocked) may lock Files on a server, creating problems on networks. A problem that may not be noticed until you try to restore the locked files (missing, corrupted, or out-of-date). Logging out typically forces the closing of applications, unlocking network files. If backup is done at night, it makes sense to make people log off overnight.

                   

                  Many people fail to Lock the system when they leave the PC, say for lunch. Anyone could walk up to the PC and have full user rights to access whatever the user has rights to and when they return would be none the wiser to the unauthorized access. Imagine a HR system where the info on employees pay may be available, when the system is not Locked. How about the accounting/finance department? Then there is the Engineering department (if you have one) that may hold info on trade secrets.

                   

                  My suggestion is to Force Locking with whatever easy method so that a Screen Saver or Logoff forces Authentication prior to access. From this perspective Locked and Logoff are the same.

                   

                  My point was to Enforce Authentication prior to use, and to cover many scenarios where the workstation is left unattended. Additionally, close files on the network to allow clean and reliable backups to occur. From that perspective Logoff is preferred.

                   

                  If you are Sharing passwords (have the user's password?), then there is a much bigger problem with security that needs to be addressed. This is basic security, and not a technological problem. Accountability?

                   

                  Ron Metzger

                   

                  Message was edited by: rmetzger on 3/25/13 1:17:49 PM EDT