cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Eli
Newcomer II

Anti-Virus full scan best practice for file server.

Hello folks,

 

 

I have a file server and it takes 6 days to finish AV full scan on the file server. In this case, what is the best practice to do AV scan? Weekly full scan? just real-time scan?

 

Please share your experience. Thanks

 

Regards,

Eli

6 Replies
TonyVizza
ISC2 Team

Hi Eli,

 

Im sure you will get a variety of responses here, but my preferred course of action:

 

1) full file scan at initial setup of file server or installation of AV. 

2) real time scan at all times 

3) a smart file scan performed weekly in the early hours of the morning when usage is minimal. 

 

Hope this helps. 

rslade
Influencer II

> Eli (Newcomer I) posted a new topic in Tech Talk on 10-04-2018 01:32 AM in the

>     I have a file server and it takes 6 days to finish AV full
> scan on the file server. In this case, what is the best practice to do AV scan?
> Weekly full scan? just real-time scan?

You should probably do both: having an infection go undetected for almost a week
is probably not good, but real time detection usually takes shortcuts that may miss
some.

However, you post is short on details. Does the full scan degrade performance
while it's running? Are there options you can set? Have you tried another
product? Can you leave the full scan running on a dedicated machine? Etc, etc,
etc ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Rock journalism is people who can't write interviewing people who
can't talk for people who can't read. - Frank Zappa
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Eli
Newcomer II

Hi Tony,

 

Thank you for your reply.

it is very helpful.

 

Regards,

Eli

Eli
Newcomer II

Hello rslade,

 

Thank you for the reply and please see my answers below:

 

1. Performance doesn't matter. 

2. SEP is running so there are many scanning options.

3. We haven't tried another product, but we assume it will be the same.

4. Yes, we can. Like I said, it takes 6 days for full scanning.

 

Regards,

Eli

rslade
Influencer II

> Eli (Newcomer I) posted a new reply in Tech Talk on 10-04-2018 11:24 PM in the

> 1. Performance doesn't matter.

Then I'd suggest running the full scan weekly, as well as turning the real time
scanning on.

>  2. SEP is running so there are many scanning
> options.

Symantec is definitely not one of my recommended products: never has been.

> 3. We haven't tried another product, but we assume it will be the same.

Definitely a bad assumption. There are a whole lot that are better, and a number
that are faster as well. (Faster and better do not always go hand in hand:
sometimes they are opposites.)

> 4. Yes, we can. Like I said, it takes 6 days for full scanning.

Again, that means you can run both real time and full, with full as often as you can.

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
http://www.infosecbc.org/links http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CISOScott
Community Champion

Another thing to take into consideration, especially with "file servers". I would look at file types to ensure they are all business related.

 I have run across several instances where our file servers were nearing capacity, roaming accounts took "forever" to load, etc. When we did a quick search of file types we found that people were using the file servers for their own repository of music files, video files and yes, even some movies. When we went in and removed all of these "extra" files it seems our performance improved.