Spyware/malware control
|
From: John on 27 May 2010 15:00 Hi sbs 2003 standard. form time to time one the client machines get infected with spyware/malware and sometimes it gets serious when malware send spam and our ip is blocked for sending spam. We are using Trend wfbs Advanced. What more can we do to avoid spyware/malware on pcs? All pcs are win xp. Many Thanks Regards
From: Russ SBITS.Biz [SBS-MVP] on 27 May 2010 15:52 You are using Trend on all PCs? And they are still getting infected? Do you have your Trend set up to check for dll Changes? AKA Enable Behavior Monitoring You can also Implement the trend firewall and block Port 25 out.. But if you configure the Trend to check for DLL changes Behavior Monitoring. You shouldn't be getting this :( Russ -- Russell Grover - SBITS.Biz [SBS-MVP] MCP, MCPS, MCNPS, SBSC Remote Small Business Server/Computer Support - www.SBITS.Biz BPOS - Microsoft Online Services - www.Microsoft-Online-Services.com "John" <info(a)nospam.infovis.co.uk> wrote in message news:eYZNv7c$KHA.5916(a)TK2MSFTNGP04.phx.gbl... > Hi > > sbs 2003 standard. form time to time one the client machines get infected > with spyware/malware and sometimes it gets serious when malware send spam > and our ip is blocked for sending spam. We are using Trend wfbs Advanced. > What more can we do to avoid spyware/malware on pcs? All pcs are win xp. > > Many Thanks > > Regards >
From: Leythos on 27 May 2010 21:37 In article <eYZNv7c$KHA.5916(a)TK2MSFTNGP04.phx.gbl>, info(a)nospam.infovis.co.uk says... > > Hi > > sbs 2003 standard. form time to time one the client machines get infected > with spyware/malware and sometimes it gets serious when malware send spam > and our ip is blocked for sending spam. We are using Trend wfbs Advanced. > What more can we do to avoid spyware/malware on pcs? All pcs are win xp. Protecting your network and computers is far more than just having a anti-malware program - since no single anti-malware program can completely protect you. In order to be reasonably safe you have to adopt multiple layers and paths of protection: 1) Web content blocking - block access to any/all websites that are not needed for business reasons 2) Web content blocking - block the actual content within a website that is not needed, make exceptions for things like *.microsoft.com or *.yourantivirusprovider.com, *.adobe.com. Block all exe, com, scr, etc files from all users workstations. If you're doing things right you will download windows updates and applications using the IT managers system and he's smart enough (we hope) to not do bad things 3) Block outbound ports that are not needed by your business - not everyone needs FTP, block if if you don't need it - it's actually best to block ALL PORTS and then open only the ones you need. 4) Use proxy services at the firewall to AV scan your services, like HTTP, SMTP, etc... remove any malware from them before they reach your users computers/servers 5) Install a quality antivirus product on the server, it's best to have a managed solution where the server controls the AV on the workstations, but, I've been using SEPP 1.x on servers and Avira on workstations. 6) Enforce a policy that no users are local Admins, which just happens to break all the initialization scripts that run when a users logons on and SBS tries to configure the computer/outlook for them, but, the networks for SBS are small enough that you can do it once and then reset the permission. 7) Don't allow outbound SMTP from anything other than the server 8) Don't allow POP3 ports (see #3 above) from desktops 9) Ban the use if any IM tool as they also allow file transfers 10) Disable CD/DVD drives and block thumb drives from initializing by Group Policy settings (there are also free tools that do this) - you can remotely unblock/enable them if needed, but the default should be disabled so that people can't bring things in from home. 11) Policy to ban the use of personal computer, network devices on the company network Most all of this can be done with a quality firewall appliance that provides UTM services, quality AV software, and group-policy changes and then a strong company policy document. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
|
Pages: 1 Prev: Small Business Server Forum now live Next: SBS Virtualized license keys |