|
|
 |
 |
|
DISTRIBUTED TECHNOLOGY SERVICES |
What McAfee AntiVirus Does
McAfee anti-virus protection
The McAfee anti-virus scan engine stops every type of virus and malicious code threat, including macro viruses, Trojans, Internet worms, advanced 32-bit viruses, and even hostile ActiveX and Java objects. Using technology that drills down into compressed data, VirusScan is also able to find hidden threats buried in .zip and other compressed file types. Proactive protection is delivered through advanced heuristics and generic detection, which allow VirusScan to protect—in advance—against new, unseen viruses and other threats.
Potentially unwanted program security
Automatic detection of potentially unwanted programs helps keep businesses and users safe from hidden programs that track Internet usage, access personal data such as passwords and account information, or open security holes. Users or administrators can select one of several responses (Alert, Clean, Remove, and Quarantine) for VirusScan to take when it detects a potentially unwanted program. Administrators can even define a custom list of company-specific unwanted programs such as adware, dialers, or joke programs to help keep company end-point systems COE compliant.
Buffer overflow prevention (IPS feature)
VirusScan 8.5i protects against buffer overflows for approximately 20 of the most commonly used and exploited software applications and Microsoft® Windows® OS services, including Microsoft Word, Excel, Internet Explorer, Outlook, and SQL Server. Administrators have the ability to create exceptions by process when necessary.
Outbreak response
The built-in outbreak response features in VirusScan 8.5i provide protection from new viruses before DAT files are available, enabling administrators to take action in the crucial vulnerability window that exists after a virus is identified but before a DAT has been released. Outbreak response functionality includes:
- Port blocking/lockdown (firewall feature)
Allows the administrator or user to "turn off" (block) specified ports from either outbound or inbound network traffic (for example, for MyDoom port #3196 should have been blocked; Bagel.n was port #2556)
- Application monitoring: email engines (firewall feature)
Allows administrators to block outbound ports, but set rules that allow certain processes to communicate through a closed port. For example, administrators could block port 25 to outbound traffic but allow outlook.exe to communicate outbound through the port. NetSky and MyDoom would not have gotten out of the system with this feature turned on. ITS blocks port 25 for all email clients except for Microsoft Outlook/Entourage, Netscape Mail, and Eudora.
- File blocking, directory lockdown, folder/share blocking (IPS feature)
Creation of a policy (or policies) that controls the permitted actions that can occur to a specified file, directory, or folder/share (or group of files, folders, etc., with matching name pattern composed of text and wildcard symbols) by system or incoming network processes. For example, the policy for the Sasser worm would have blocked avserve*.exe, skynetave.exe, lsasss.exe, napatch.exe, *_up.exe, cmd.ftp, ftplog.txt, winlog2.*, and win*.log.
- Infection trace and block
VirusScan can discover and trace the IP address of the end-point system (infection source) that sent malicious code to a system running VirusScan Enterprise 8.5i, reporting the infection source information back to the management console. Optionally, it can block further communications from the infection source end-point system for a specified time period (configurable) or indefinitely (until reset).
Memory scanning
VirusScan 8.5i has enhanced scanning functionality to include on-demand and scheduled in-memory scanning for viruses, worms, and Trojans. This protects your systems from threats such as CodeRed and SQLSlammer, which don’t write their code to disk, by removing the process from memory.
Centralized management and reporting
VirusScan 8.5i integrates with McAfee ePolicy Orchestrator for policy management, detailed graphical reporting, and software deployment. ePolicy Orchestrator is a centralized authority to enforce protection compliance, providing a single console for managing McAfee AntiVirus.
Email scanning
VirusScan 8.5i can scan all email coming to the desktop—both HTML text and attachments.
Protection from threats that use scripts
VirusScan 8.5i prevents infection from occurring by detecting and preventing the execution of malicious code that leverages JavaScript and/or Visual Basic (VB) scripts (for example, Nimda or LoveLetter).
Optimized for mobile users
Geographical server routing allows field updates to be optimized based on physical location and connection speed, while file sizes are small enough to be easily downloaded across slow network connections such as dial-up. Resumable updating enables remote users to resume updates at a later date, even if their connection is broken.
|
|
|
|
|
