Now days it has become almost impossible to make your large network virus free. There are so many ways a threat can enter to your network as users now even using their cell phones to connect to public network which opens so many entry points for a threat to enter to our network. And most users doesn’t care what they are doing over internet as they think they have got the antivirus protection and that is too fully updated in the process if any message appears on the system asking for installation or free download they simply click yes and allow the virus/spy ware etc. to enter the system. And later they blame the antivirus for this.
Earlier there was no need for an Antivirus admin in a network but these days attacks to network has gone up so rapidly that companies are hiring professionals for Antivirus also. Based on my past experience I can say that no antivirus can provide 100% security to your network. You have to do so many tasks for keeping your network clean.
First task is to install a good Antivirus which has firewall in it. I use Symantec Endpoint Protection 11 now which I find very good and easy to administer. Earlier I was using SCS 3.1 which also has firewall but it was getting corrupted every other day. But SEP firewall is very much stable and has very good features also.
Second task is to update your windows regularly. Windows patches are very much necessary to make your windows stable. At least you can apply patches for windows which Symantec recommends for some threats. Patching windows is must so that re-infection will not occur.
Third task is to isolate the systems from network which are infected till you become sure that they are clean. For this I use SEP manager, On the Home page go to Favorite Reports select “Top sources of attack” disconnect the PCs listed there from network, If disconnecting is not possible then create a firewall policy to block traffic to and from those IP addresses till they become clean and apply to all clients so that no traffic will be allowed from those infected PCs. This way you can control infection on your network.
Fourth task is to train the users what to do when they are connected to public network like internet. What they should do when a pop up message comes while browsing on internet. How to scan a pen drive (external storage media) as soon as they connect it to the PC . Give some information to user regarding some common behavior of windows when a threat enters to the PC and antivirus doesn’t detect it and tell the user to inform you as soon as they find some unhealthy behavior of their PC.
Create a policy to disable autorun.inf file as most of the threats use this file to infect PCs.
Use a Centralized Internet connection rather than using several connections at user’s premises.
Create a folder named Autorun.inf in root of each drive and also in root of your pen drive so that No virus can create an autorun.inf file on your drives root and use thhat file to spread.
You can use these methods to keep your network clean although not 100% as new threats are coming regularly but by doing this you have some safety to your network and increase network performance also.