This is the third in a series of three articles highlighting the features in Shavlik Protect that go beyond the core patch management capabilities. This installment focuses on Threat Management.
It’s scary out there!
We’ve all seen the many computer hacking stories in the news recently. It seems like nearly all large retailers and corporations that are part of our daily lives have now been affected by hackers
But, like the proverbial ostrich with its head in the sand, maybe you are thinking “Hey, this doesn’t affect me! It is only the large organizations that are being attacked.” Well, think again.
The New York Times recently profiled a new website called Hacker’s List, whose sole purpose is to match “professional hackers for hire” with clients who need help doing some digital dirty work. Want to plant a computer virus on your ex’s computer? Want to install spyware on your competitor’s server in order to steal their customer names and contact information? Then this website is for you. Yikes!!
It is stories like this that make me thankful for every tool I can get my hands on to ward off potential attacks. You may not know it, but Shavlik Protect is one of those tools. Shavlik Protect is best known, of course, for its award-winning patch management capabilities. Not as well known, however, is the fact that it offers some of the best threat management capabilities in the industry.
So, what does Shavlik Protect’s Threat Management feature provide you? Well, it combines antivirus and antispyware into a single engine, enabling you to scan for, and eliminate, various threats that may exist on your machines. It provides two forms of threat protection:
- Active Protection: This is a real-time service that runs on your target machines and monitors for changes to specific security configuration settings and values that are frequently modified by malware programs. If it detects a change, it responds immediately by changing the setting back to the original value, protecting the machine from the effects of the malware.
- Scheduled Protection: This is a scheduled service that runs periodically on your target machines. It performs scans and threat remediations using options defined by you, the administrator. Scheduled protection enables you to automatically perform scans and remove detected threats (viruses, spyware, etc.) as often as you want. For example, you might choose to run a daily quick scan that searches only the most common locations affected by threats. You might pair that with a more time consuming but thorough weekly full scan (scheduled over the weekend) that scans all local drives and archived files.
The Threat Management feature is implemented using Shavlik Protect’s agent technology. This is because it is best to perform the time-critical threat tasks directly on each machine rather than remotely from a console. You can configure your agents with both threat and patch tasks, enabling threat protection and patch management in a single agent. Not bad, huh?
Like most everything in Shavlik Protect, the Threat Management feature is highly configurable. You can:
- Specify what file locations and areas will be scanned on each machine, as well as what techniques will be used during the scan.
- Specify whether to reboot a machine if a detected threat is removed.
- Specify what an agent should do if it encounters a particular type of threat (the default value for high risk threats is to quarantine the threats).
- Allow one or more threats that you perceive to be benign or useful.
- Define exceptions that enable you to never allow or to always allow certain files and folders.
- Specify what to do if a scheduled threat scan is missed
All agent actions are reported to the Shavlik Protect console. The console provides you with a variety of tools for monitoring your agents’ actions, including generating reports and viewing a complete historical record of all threat tasks and Active Protection events.
Want to learn more? You can:
- Read all about the Threat Management feature online at http://help.shavlik.com/Protect/onlinehelp/91/ENU/PRT.htm
- View a video tutorial on how to create an agent policy at http://www.shavlik.com/support/training-videos/protect/
- View a video overview by product evangelist John Rush at https://www.youtube.com/watch?v=WKY8HOkugsc&feature=youtu.be
Note: The Threat Management feature is available with either Shavlik Protect Advanced or as a separately licensable add-on to Shavlik Protect Standard.