Anti-malware Software Guidelines

UC Berkeley security policy mandates that all devices connected to the UCB network comply with Minimum Security Standard for Networked Devices.  The recommendations below are provided as optional guidance to assist with achieving the Anti-malware Software requirement.

Requirement

For Microsoft Windows or Apple OSX devices for which anti-malware software is available, anti-malware software must be running and up-to-date. In addition, the software must run real-time scanning and/or scan the device regularly.

Background and description of risk

Malware is short for “malicious software” and broadly describes all software that is designed to provide unauthorized access or perform unauthorized actions on a system. The impact of malware can range from minor system performance issues to complete hard drive deletion or even full, remote control of a system by an attacker. It is important to detect malware before it infects a system.

Anti-malware is a standard and necessary layer of protection for networked systems and an anti-malware product is available free of charge to campus students, staff and faculty. Ensure that the software receives regular signature updates. These updates contain information about new viruses and are often delivered multiple times per week.

While anti-malware software provides significant protection against malware of all types, it is not 100% effective. Requirement #9, “Privileged Accounts” provides additional protection against malware which may not be detected by anti-malware software.

Recommendations

Enable real-time scanning

In order to detect malware before they are able to infect a system, enable real-time scanning. Real-time scanning will analyze files and programs as they are copied to a system in order to prevent the user from unknowingly becoming infected.

Edge Cases

Servers where real-time scanning creates unacceptable performance issues

Some servers may be operating in an environment where real-time scanning negatively impacts the performance of the services. In these cases, ensure that all clients connecting to the server are running anti-malware software with real-time scanning enabled and schedule anti-malware scans for the server on a weekly basis.

Anti-malware software that does not support real-time scanning

Some anti-malware software may not have the ability to perform real-time scanning of the system. In these cases, we recommend upgrading to a software package that supports real-time scanning.