1. AntiVirus Solutions Review and Discussion February 19 th, 2013

2. Outline What do you use? Vendors Comparisons Effectiveness/Features SEP 12.X Demo Web Filtering Post Infection Tools Questions

3. What Do You Use? Strengths/Weaknesses Ease of Use (Management) Reliability (Rate of Infections) Resource Intensive False Positives Overall Experience Good or Bad

4. Vendors Trend Micro Symantec McAfee Microsoft Security Essentials Kaspersky ClamAV AVG Webroot

5. Comparisons Effectiveness/Features http://chart.av-comparatives.org/chart1.php

6. SEP 12.X Demo Symantec Endpoint Protection 12.x Demo

7. Cloud vs. Traditional Comparison May not protect while disconnected from the internet Malware may cripple internet connection rendering Cloud AV useless Light weight Small disk footprint http://www.webroot.com/shared/pdf/Webro ot_SecureAnywhere_vs_antivirus_competi tors_19Sep2012.pdfhttp://www.webroot.com/shared/pdf/Webro ot_SecureAnywhere_vs_antivirus_competi tors_19Sep2012.pdf

8. Web/Email Filtering Barracuda McAfee SaaS Symantec Security.Cloud Cisco IronPort Cisco IPS Untangle

9. Post Infection Tools Malwarebytes Symantec Power Eraser Norton Power Eraser McAfee Stinger McAfee Rootkit Combofix Kaspersky TDSSKiller UBCD/Ubuntu

10. RKL Tips and Tricks MalwareBytes netstat –ano Stop system restore kill Explorer History kill temp files hosts Regedit hklm/sw/ms/win/current/run hklm/sw/ms/winnt/current/winlogon/userinit hkcu/sw/ms/win/current/run hkcu/sw/ms/Win/Current/policies/Explorer/NoDriveTypeAutorun Value: FF hku/[sid]/sw/ms/win/cv/run

11. RKL Tips and Tricks Hijackthis Dates in windows and system32 and drivers (right click and clean with MB) discache.sys in drivers directory atapi.sys in drivers directory – verify there is a version number other copies available in backup directory updates Symantec combofix (will disconnect you twice if remote) Temp file cleaner - This may disconnect youTemp file cleaner Tweaking.com (ReimageRepair.exe on fob)

12. Questions?