AntiVirus Solutions Review and Discussion
February 19th, 2013
Outline
• What do you use?• Vendors• Comparisons Effectiveness/Features• SEP 12.X Demo• Web Filtering• Post Infection Tools• Questions
What Do You Use?
• Strengths/Weaknesses• Ease of Use (Management)• Reliability (Rate of Infections)• Resource Intensive• False Positives• Overall Experience Good or Bad
Vendors
• Trend Micro• Symantec• McAfee• Microsoft Security Essentials• Kaspersky• ClamAV• AVG• Webroot
Comparisons Effectiveness/Features
• http://chart.av-comparatives.org/chart1.php
SEP 12.X Demo
• Symantec Endpoint Protection 12.x• Demo
Cloud vs. Traditional Comparison
• May not protect while disconnected from the internet
• Malware may cripple internet connection rendering Cloud AV useless
• Light weight• Small disk footprint• http://www.webroot.com/shared/pdf/Webro
ot_SecureAnywhere_vs_antivirus_competitors_19Sep2012.pdf
Web/Email Filtering
• Barracuda • McAfee SaaS• Symantec Security.Cloud• Cisco IronPort• Cisco IPS• Untangle
Post Infection Tools
• Malwarebytes• Symantec Power Eraser• Norton Power Eraser• McAfee Stinger• McAfee Rootkit• Combofix• Kaspersky TDSSKiller• UBCD/Ubuntu
RKL Tips and Tricks
• MalwareBytes• netstat –ano• Stop system restore• kill Explorer History• kill temp files• hosts• Regedit
• hklm/sw/ms/win/current/run• hklm/sw/ms/winnt/current/winlogon/userinit• hkcu/sw/ms/win/current/run• hkcu/sw/ms/Win/Current/policies/Explorer/NoDriveTypeAutorun
Value: FF• hku/[sid]/sw/ms/win/cv/run
RKL Tips and Tricks
• Hijackthis• Dates in windows and system32 and drivers (right click and clean
with MB)•
• discache.sys in drivers directory• atapi.sys in drivers directory – verify there is a version number
• other copies available in backup directory• updates• Symantec• combofix (will disconnect you twice if remote)• Temp file cleaner - This may disconnect you• Tweaking.com (ReimageRepair.exe on fob)
Questions?
Top Related