Critical System Protection

 View Only

  • 1.  Virus Scan Policy

    Posted Jun 11, 2010 11:44 AM
    Is there a way to create a policy similar to the Symantec AntiVirus Client Communication Policy for McAfee?  I would like the same options available for McAfee that exist within this policy.


  • 2.  RE: Virus Scan Policy

    Posted Jun 11, 2010 11:51 AM
    We do Symantec here... not McAfee (or any other software vendor, for that matter). If you want help configuring a McAfee product, you should inquire at their forums.

    BTW, I wouldn't tell them you're trying to configure their policy like ours... just list the features in our policy that you want to imitate and ask how to get them setup in McAfee.


  • 3.  RE: Virus Scan Policy

    Posted Jun 11, 2010 02:15 PM

    If you want to make the McAfee works like Symantec, why don't you switch to Symantec product?
    Note that it is really a sever activity to creat a policy like one in symantec since the console of McAfee is really more complicated than Symantec.

    As a pice of advice, just run Symantec Trial version in a laboraty network and compare it to McAfee. There will be lots of benefits out of it.
    I bet you will be one of us after a short time test!



  • 4.  RE: Virus Scan Policy

    Posted Jun 11, 2010 04:49 PM
    Before one comments to support Critical System Protection (THE PRODUCT) please note (or take the time) that this product *IS* designed to be flexible and monitor other apps. Understand the product and its policy's (or signatures) before making a harsh comment to a customer.

    Muydess,

    Yes it is possible to make a template policy to monitor for specific Mcafee events being sent to the system as with what the built in Symantec AV policy is performing. I am assuming Mcafee logs similarly to how SEP or SAV would as it will start with posting an event to the Windows Event log with a specific ID.

    Please provide me how much knowledge you have of Windows Template Policy in CSP. I can walk you through the basics on how one can set this up. Also review ids_ref.pdf under “more about template policies” specifically in the Windows Event Log template policy.

    Next steps would be to gather the events posted by Mcafee (i.e. a log schema) and  the actions you would want to alert on. Such as “virus found” etc… from there a template policy can be created for rule by rule event generation from the IDS side of the product.