Home / server / Questions / 100734
Accepted
Jon Rhoades
Asked: 2010-01-08 22:22:17 +0800 CST

How often should we virus scan our computers?

  • 772

We are just in the final stages of finishing our AV management solution (McAfee ePO) and we are fine tuning our client policies.

How often should we have our client PC's & Macs run a system scan?

I know some people advocate daily scanning, but the anti virus client has real time scanning and with our management system, we immediately pick up disabled, non functioning or out of date AV clients, so is there a need to scan very often?

Furthermore how often should we scan our file server, with our users network drives/profiles - if ever?

windows anti-virus mac-osx

4 Answers

  1. Best Answer

    I believe you have other factors to consider.

    • How often are the PCs left switched on when not in use?
    • Are the PCs used 24/7, or do they sit idle for 16 hours a day?
    • Does your AV software's real time scanning, scan on change only, or all reads/writes? (or not at all?) - How reliable is it?
    • Will your AV software reschedule a missed scan because a computer is switched off?
    • Who is using the computer? (Single user / Multi user)?
    • How much do you trust the people using the computers?
    • How much data is stored on each computer (hopefully none, as it should all be on the network)
    • Do any users have elevated rights on the systems?

    Personally, here I perform daily overnight scans (when a PC is left on). But I think that suits our set up. All our machines are dataless (so there isn't a lot of scanning required on each machine), and PCs are mostly switched off when not in use anyway. The answer is probably subjective IMHO.

    • 4

  2. Weekly.

    If your users have a tendency to leave their PCs on all the time, set it to run at 3AM or some time that no one will be in the building. If not, schedule it at lunch on a day that you know internet usage is low (check your weekly bandwidth logs). People will be unhappy that their system runs slow for browsing the web that day, but that's a secondary purpose anyways.

    • 1

  3. Interesting question. I figure that if I start with a known clean machine, such as one build from scratch, and install AV software on it before it goes on the network then a scan with that same software is probably not required. My reasoning is that if the AV software didn't detect it when it arrived or got run it's rather unlikely to detect it during a scan. Yes, I know there are reasons why that logic will fail but read on.

    What I will do is run random remote scans using different software to what we install on each machine. The users never notice and I get a bit more peace of mind. If our machines were left on overnight I'd run those scans then but again, using different software to what's installed n the machines. It's not too hard to create a script that locates the running machines and performs the scan remotely.

    One reason I push the remote scanning barrow is that there are plenty of viruses/malware that can hide from a resident scanner. It's not so easy to hide from one run remotely.

    • 1

  4. antivirus products have been getting consistently less effective at preventing malware, so don't count on your real time scanner doing a great job. Criminals will guarantee that a particular malware they are selling will not be detected....it's a business and they are very good at it. Scheduled scans are VITAL because the antivirus vendors are always a couple steps behind the malware writers. Don't believe me?...just watch how much crap your scheduled scan catches (I work in an environment with a sufficient enough number of workstations to see this play out each week).

    • 0