I am planning to disable McAfee Script Scan option in ePO for all the work stations. I have 42K desktop machines reporting to ePO which has ScriptScan enabled. I would like to conduct a Security Impact Analysis before disabling the ScriptScan. Can some one help me figure out the pros and cons of Script Scan and what are the risks associated with disabling it. ?
Moved from Consumer products to Business > ePO for better support.
Message was edited by: Ex_Brit on 29/11/13 12:03:07 EST PM
Thanks, I wasn't absolutely certain it belonged there anyway. ;-)
Message was edited by: Ex_Brit on 29/11/13 12:03:52 EST PM
Risk is difficult to quantify.
Some easy questions to help though -
1. Have you been receiving any events from ScriptScan detections? If yes, consider Risk as very high for your starting point.
2. Have you a means to enforce/restrict Users to only use Internet Explorer as the browser? If no, the value of ScriptScan to you has shrunk significantly; at which point you'd probably ask "Why use it?".
Usually it's IE and MS Outlook that are the entry points, running these types of scripts.
The protection ScriptScan adds is that these applications can run scripts WITHOUT THE SCRIPT TOUCHING DISK. Which means, the script can run without the On-Access Scanner "seeing" it, since OAS needs file activity for there to be a scan. So if you're in an environment where Users are prone to visiting sites or receiving emails in HTML format with scripts being rendered on the fly, you either need ScriptScan or some other solution that is scanning web content (at a gateway or inline between the gateway and your Users, for example) before it reaches your users.
But, back to Question 1, if you don't have any such events you probably have sensibly safe surfers on your network.
To expand a tad bit on William's explanation, you should NOT disable this feature unless you have a highly specific problem with this feature. If you haven't had enough issues that you have opened a support ticket and attempted to resolve it then you haven't tried enough.
In my experience this is a bad thing to turn off for workstations. It will catch things that cannot be caught any other way.