Small office environment, roughly 20 PCs, all have "on-access scanning" turned on. Once a week a full scan of all PCs is scheduled to run. Is there any reason one would need to make sure all users are logged off of their PC before this scan runs? Many users like to leave for the night and simply "lock" their work station so that in the morning all of their applications from the night before are still up and running. Since forcing everyone to log off is intrusive, I'm wondering if this is still necessary like it might have been many years ago when software wasn't as mature as it is today.
Most importantly, is there some McAfee documentation that suggests a possible best practice in this situation? I need to make my case to management so if someone could provide a link that would be great!
Message was edited by: sixes on 3/22/13 6:24:24 AM CDT
Message was edited by: sixes on 3/22/13 6:26:41 AM CDT
Message was edited by: sixes on 3/22/13 6:27:07 AM CDT
There is no need to force a logoff to scan a computer with an On Demand Scan. Not sure where the idea of forcing a logoff for a scan came from but I'd definitely say that's a myth.
Thank you. That's what I thought.
I agree with Peter Simmons comments completely.
That said, I do not like leaving systems 'Logged In' under a users login while they are not there, as this may give access to data and information to others not authorized to have that information. The 'Cleaning crew's kids' or other disgruntled employee, could be getting at far more than you wish.
So, for basic security, I do not recommend leaving systems Logged on solely for security reasons, not for anything related to AV Scanning.
Now to really confuse things :
Windows Desktop Search (WDS) indexes all data in .ost files and .pst files. However, the indexing of Outlook data occurs only when Outlook is running. Therefore, you may have to leave Outlook running overnight to determine whether performance issues are related to the building of your search indexes.
So, in this case, leaving Outlook running, say overnight, may allow large .ost and .pst files to be fully indexed during off-hours.
I have clients where the Accounting software on the client PC, leaves files Open on the server, causing backup problems. So, as a rule, this software needs to shut down at night. The Accounting Department finds it easiest to simply Log Off at night as they leave.
As you can see, there is no One right answer. Each environment or department, will have different needs.
In case your upper management decides that leaving people logged on overnight, I would suggest a screen-saver or other lock that requires a user re-enter login id/password to gain access to the system. This is just minimal good security.
Good luck. I hope this is helpful.
When a workstation is locked you still need a password to unlock it. If you have the user's password then you can also log on when the user is "logged off." So absolutely no difference in terms of "security."
However, backing up files with applications open (screen saver lock, unlocked) may lock Files on a server, creating problems on networks. A problem that may not be noticed until you try to restore the locked files (missing, corrupted, or out-of-date). Logging out typically forces the closing of applications, unlocking network files. If backup is done at night, it makes sense to make people log off overnight.
Many people fail to Lock the system when they leave the PC, say for lunch. Anyone could walk up to the PC and have full user rights to access whatever the user has rights to and when they return would be none the wiser to the unauthorized access. Imagine a HR system where the info on employees pay may be available, when the system is not Locked. How about the accounting/finance department? Then there is the Engineering department (if you have one) that may hold info on trade secrets.
My suggestion is to Force Locking with whatever easy method so that a Screen Saver or Logoff forces Authentication prior to access. From this perspective Locked and Logoff are the same.
My point was to Enforce Authentication prior to use, and to cover many scenarios where the workstation is left unattended. Additionally, close files on the network to allow clean and reliable backups to occur. From that perspective Logoff is preferred.
If you are Sharing passwords (have the user's password?), then there is a much bigger problem with security that needs to be addressed. This is basic security, and not a technological problem. Accountability?
Message was edited by: rmetzger on 3/25/13 1:17:49 PM EDT