AntiVirus Solutions Review and Discussion
February 19th, 2013
Outline
•
•
•
•
•
•
•
What do you use?
Vendors
Comparisons Effectiveness/Features
SEP 12.X Demo
Web Filtering
Post Infection Tools
Questions
What Do You Use?
•
•
•
•
•
•
Strengths/Weaknesses
Ease of Use (Management)
Reliability (Rate of Infections)
Resource Intensive
False Positives
Overall Experience Good or Bad
Vendors
•
•
•
•
•
•
•
•
Trend Micro
Symantec
McAfee
Microsoft Security Essentials
Kaspersky
ClamAV
AVG
Webroot
Comparisons Effectiveness/Features
• http://chart.av-comparatives.org/chart1.php
SEP 12.X Demo
• Symantec Endpoint Protection 12.x
• Demo
Cloud vs. Traditional Comparison
• May not protect while disconnected from
the internet
• Malware may cripple internet connection
rendering Cloud AV useless
• Light weight
• Small disk footprint
• http://www.webroot.com/shared/pdf/Webro
ot_SecureAnywhere_vs_antivirus_competi
tors_19Sep2012.pdf
Web/Email Filtering
•
•
•
•
•
•
Barracuda
McAfee SaaS
Symantec Security.Cloud
Cisco IronPort
Cisco IPS
Untangle
Post Infection Tools
•
•
•
•
•
•
•
•
Malwarebytes
Symantec Power Eraser
Norton Power Eraser
McAfee Stinger
McAfee Rootkit
Combofix
Kaspersky TDSSKiller
UBCD/Ubuntu
RKL Tips and Tricks
•
•
•
•
•
•
•
MalwareBytes
netstat –ano
Stop system restore
kill Explorer History
kill temp files
hosts
Regedit
• hklm/sw/ms/win/current/run
• hklm/sw/ms/winnt/current/winlogon/userinit
• hkcu/sw/ms/win/current/run
• hkcu/sw/ms/Win/Current/policies/Explorer/NoDriveTypeAutorun
Value: FF
• hku/[sid]/sw/ms/win/cv/run
RKL Tips and Tricks
• Hijackthis
• Dates in windows and system32 and drivers (right click and clean
with MB)
•
• discache.sys in drivers directory
• atapi.sys in drivers directory – verify there is a version number
• other copies available in backup directory
• updates
• Symantec
• combofix (will disconnect you twice if remote)
• Temp file cleaner - This may disconnect you
• Tweaking.com (ReimageRepair.exe on fob)
Questions?