AntiVirus Solutions Review and Discussion

February 19th, 2013

Outline

• What do you use?• Vendors• Comparisons Effectiveness/Features• SEP 12.X Demo• Web Filtering• Post Infection Tools• Questions

What Do You Use?

• Strengths/Weaknesses• Ease of Use (Management)• Reliability (Rate of Infections)• Resource Intensive• False Positives• Overall Experience Good or Bad

Vendors

• Trend Micro• Symantec• McAfee• Microsoft Security Essentials• Kaspersky• ClamAV• AVG• Webroot

Comparisons Effectiveness/Features

• http://chart.av-comparatives.org/chart1.php

SEP 12.X Demo

• Symantec Endpoint Protection 12.x• Demo

Cloud vs. Traditional Comparison

• May not protect while disconnected from the internet

• Malware may cripple internet connection rendering Cloud AV useless

• Light weight• Small disk footprint• http://www.webroot.com/shared/pdf/Webro

ot_SecureAnywhere_vs_antivirus_competitors_19Sep2012.pdf

Web/Email Filtering

• Barracuda • McAfee SaaS• Symantec Security.Cloud• Cisco IronPort• Cisco IPS• Untangle

Post Infection Tools

• Malwarebytes• Symantec Power Eraser• Norton Power Eraser• McAfee Stinger• McAfee Rootkit• Combofix• Kaspersky TDSSKiller• UBCD/Ubuntu

RKL Tips and Tricks

• MalwareBytes• netstat –ano• Stop system restore• kill Explorer History• kill temp files• hosts• Regedit

• hklm/sw/ms/win/current/run• hklm/sw/ms/winnt/current/winlogon/userinit• hkcu/sw/ms/win/current/run• hkcu/sw/ms/Win/Current/policies/Explorer/NoDriveTypeAutorun

Value: FF• hku/[sid]/sw/ms/win/cv/run

RKL Tips and Tricks

• Hijackthis• Dates in windows and system32 and drivers (right click and clean

with MB)•  

• discache.sys in drivers directory• atapi.sys in drivers directory – verify there is a version number

• other copies available in backup directory• updates• Symantec• combofix (will disconnect you twice if remote)• Temp file cleaner - This may disconnect you• Tweaking.com (ReimageRepair.exe on fob)

Questions?