Forum language: EN | FI
Hi we are using F-Secure Policy Manager 12.31 to manage our clients and servers in our intranet. How to enable automatic force scan of external media i.e. Ext HDD/CD drive when it is inserted into the system through our Policy Manager.
Automatic manual/scheduled scan launch is not supported in current versions. On access scanning will work for external media automatically when it is inserted into the system.
I highly discurrage any such idea.
1) a manual scan on an external media takes ages, thus wasting user's time, engery and comany's money.
2) the scan result is based on signaures, so the detection rate will be 60%-80% if you look for recent malware. To detect these you need the advanced techniques that only apply with On-Access-Scanning. Your report on that drive will be a lie "found to be clean using <today>'s pattern".
3) Initial scanning of system areas (MBR, root-dir) is always done.
4) all other files are scanned whenever accessed by the system. So as long as you do not touch/use them, they will not harm you (same with files in the Internet, CDs and Sticks in the shelf).
Just to point out: this is not F-Secure specific, but a general comment for all AV.
I think an "evil sysadmin" option would be:
- Ban all external devices via F-Secure Device Control and/or Microsoft instrumentation
- Set up an external devices security gateway computer, equipped with multiple AV suites, where USB pendrives, DVD disks, etc. are scanned, copied and sandbox run in their entirety hen entering / leaving the company premises. There will be a blue collar, a white collar and a VIP waiting queue for people wanting to have their devices checked.
- The devices which have been scanned and found to be clean are approved one-by-one through Device Control, for use throughout the company or just a particular department.
(Don't forget to hire bodyguards, because angry employees will try to beat you up!)
Best Regards: Tamas Feher, Hungary.