Can you advise exactly what McAfee product & version is being used please so I can move this to the appropriate section?
McAfee VirusScan enterprise +AntiSpyware Enterprise
Version Number: 8.8.0 (220.127.116.119)
Build date: 9/14/2011
Thank for your reply
I moved this provisionally to VSE in the Business section for better attention.
Generally speaking, check that your browser plugins are up to date (foremost Adobe and Java stuff), check that your pdf reader is up to date (some Acrobat Reader 11.x is best, as it has some additional protections built in) and check that all your machines run updated DAT files for Mcafee.
Also you should keep your Operating System updated and also your Office Suite.
That would protect you from most viruses.
Then your users should not have Administrator rights by default, so they can't install a malicious software. Also check that your mailservers block "evil" files, like pdf's, executables and maybe compressed files.
Most of this should already in place and probably can't be changed in a short term, but this would greatly raise your protection level.
Oh and don't forget to do security teachings for your stuff, like what is social engineering and how to protect from it...
What Pato has mentioned about social engineering is one of the security risks that often gets overlooked (in my opinion) so raising awareness about that is important.
On top of that I'd add also the following as risks:
- company employees using company notebooks at home for private purpose (private email, social networking, etc. - where unverified content can be transferred and where peopel can click on link unprotected)
- company employees visiting public websites such as school's, community's, etc using company notebooks (these websites can be hacked).
Apart from keeping operating systems and applications patch level to the latest and antivirus signatures and engine getting kept up to date I'd also advise making sure of the following about Access Protection module:
- Access Protection module is enabled
- Prevent McAfee services from being stopped checkbox is set
Regarding Access Protection rules - make sure these rules are set to block and report:
- Anti-spyware standard protection - Protect Internet Explorer favourites and settings
- Anit-virus standard protection - Prevent Task Manager and Registry Editor from being disabled
- Prevent remote creation of autorun files
- Common Standard Protection - (The first 3 rules should be all set to block and report)
- Protect Internet Explorer settings
- Prevent Installation of Browser Helper objects and Shell Extensions (!! trojan entry points are browser plugin installations)
- Prevent hooking of McAfee processes (!!)
- Common Maximum Protection - Prevent programs registering to autorun (!! not just the Run key)
I've worked in the oil and gas business for many years and these rules have been used without problems for many years. They do need tuning (adding exclusions, mostly), however but when security is a priority, these rules are just indispensable.