AntiVirus Solutions Review and Discussion February 19 th, 2013
Outline What do you use? Vendors Comparisons Effectiveness/Features SEP 12.X Demo Web Filtering Post Infection Tools Questions
What Do You Use? Strengths/Weaknesses Ease of Use (Management) Reliability (Rate of Infections) Resource Intensive False Positives Overall Experience Good or Bad
Vendors Trend Micro Symantec McAfee Microsoft Security Essentials Kaspersky ClamAV AVG Webroot
Comparisons Effectiveness/Features
SEP 12.X Demo Symantec Endpoint Protection 12.x Demo
Cloud vs. Traditional Comparison May not protect while disconnected from the internet Malware may cripple internet connection rendering Cloud AV useless Light weight Small disk footprint ot_SecureAnywhere_vs_antivirus_competi tors_19Sep2012.pdfhttp:// ot_SecureAnywhere_vs_antivirus_competi tors_19Sep2012.pdf
Web/ Filtering Barracuda McAfee SaaS Symantec Security.Cloud Cisco IronPort Cisco IPS Untangle
Post Infection Tools Malwarebytes Symantec Power Eraser Norton Power Eraser McAfee Stinger McAfee Rootkit Combofix Kaspersky TDSSKiller UBCD/Ubuntu
RKL Tips and Tricks MalwareBytes netstat –ano Stop system restore kill Explorer History kill temp files hosts Regedit hklm/sw/ms/win/current/run hklm/sw/ms/winnt/current/winlogon/userinit hkcu/sw/ms/win/current/run hkcu/sw/ms/Win/Current/policies/Explorer/NoDriveTypeAutorun Value: FF hku/[sid]/sw/ms/win/cv/run
RKL Tips and Tricks Hijackthis Dates in windows and system32 and drivers (right click and clean with MB) discache.sys in drivers directory atapi.sys in drivers directory – verify there is a version number other copies available in backup directory updates Symantec combofix (will disconnect you twice if remote) Temp file cleaner - This may disconnect youTemp file cleaner Tweaking.com (ReimageRepair.exe on fob)
Questions?