Analecta Cyber Company Blog: Detecting Malware Using a Centralized Antivirus Management System

2018-10-02

Detecting Malware Using a Centralized Antivirus Management System

Malware detected graphic - Analecta LLC detecting malware using a centralized antivirus management system - Analecta LLC banner graphic Previously we touched on the basics of what to do when your antivirus (AV) software indicates that it has found malicious code in the form of a virus, worm or trojan. This foundational knowledge should be seen as a starting point, especially if you own or support a small to medium sized business (SMB). As your business grows to a more complex network setup, you may face additional cyber threats in both quantity and their ability to do permanent damage to your information and your bottom line.

A centralized approach to protecting your network 


Opting for an AV solution that includes a centralized management console allows your IT department to administer AV software across your entire network from one office. In a centrally managed AV setup, the hosts notify the server when malware is discovered anywhere on the network. You can configure the management console to send mobile device notifications in case the discovery happens outside of normal business hours. From the management console, you have the ability to clean, quarantine or delete infected files on the host systems. The AV management software will use a predetermined custom configuration or ask you what you would like to do and will instruct the host machine to take that action. 

A major benefit of a centralized AVsystem is that it will reduce the time and network traffic load required to update virus definitions on multiple machines. On average, virus definition files are roughly 1-2 MB in size; however, if you have 50 or 100 network computers independently reaching out across the internet to bring back that file, you will see a bump in traffic. Centralized AV software can pull the update to the server then push it up to the rest of the devices on your network more efficiently.

As well, the centralized AV system will push files background and not give individual users the opportunity to interact with it as the updates are completed.

Malware detected graphic - Analecta LLC
SMBs are seeing more and more fake “Virus Detected” warnings that are usually ported via a website. Clicking on the “Update Now” button actually downloads the virus, trojan, worm or worse.

Caveats of centralized AV software


One issue to understand with a centralized AV system is that there is a single point of failure for your entire network. If this server crashes, your users will not receive the updates to their AV definition files, putting them at risk for attacks. Having redundancy for this system is more than just a good idea.  

Also, since viruses are discovered constantly, AV software companies push updates more frequently when a major problem is discovered. If you configure your centrally managed AV system to only update on Tuesdays at 10pm but a major virus is discovered on a Wednesday at 2am, your entire organization is at risk for the remainder of that week.

To counter this issue, configure your main system to check for updates more frequently, either once or multiple times a day. If something is worth pushing to other network computers, having piece of mind that the systems are protected outweighs the increase in network traffic. Despite these drawbacks, a centrally managed AV solution is still the better option in an enterprise environment.

More best practices to help avoid malware entering your system:
  1. Set a policy that establishes user dos and don’ts to ensure computers are only used for their intended purpose.
  2. Educate users and reinforce the concept that they should not click on unknown links or open attachments from an unknown sender. This includes not clicking on websites or popups that state that the computer is infected!
  3. Set your system up so that your AV scans attachments before the user has a chance to open the file.
  4. Don’t allow your users the option to bypass AV recommendations.
  5. Set up a system that examines attachments and links before they are passed on to the users. If they are clean, they will be made available to the end user, who won’t even notice this step in the process.

The bottom line


Protecting your systems and networks from malware is just one more way to protect your business from cybersecurity threats. Need advice on selecting the perfect centralized AV management system? We can help. Our team of experts is willing to impart skills and expertise in keeping your business protected from cyber threats. Visit our Cybersecurity website or email us at info@analecta-llc.com for more information.

Have other antivirus questions? Place them in the comments section or email us directly.

Further Resources

  • VirusTotal - Free online virus scanner/file analyze: scan URLs, IP address, domain name, file hash
  • MetaDefender Cloud - Free online virus scanner/file analyzer; similar to VirusTotal - search for a specific Common Vulnerabilities and Exposures (CVE) entry, file hash or IP address