The importance of creating a security strategy

Protecting your virtual systems from malware requires a well-planned strategy: define threat prevention and detection, response to threats, and ongoing analysis and tuning.

Prevention — Avoiding threats

Define your security requirements to make sure that your data sources are protected. Then, develop an effective scan strategy to stop intrusions before they gain access to your environment.

Configure these features to prevent intrusions:

  • Self-Protection — (Multi-Platform only) One of the first things that malware tries to do during an attack is to disable your system security software. Configure Self-Protection for McAfee MOVE AntiVirus (Multi-Platform) to prevent McAfee MOVE AntiVirus service and files, registries from being stopped or changed.
  • Common scan options — Enable McAfee MOVE AntiVirus and configure options that apply to all scans, including:
    • (Multi-Platform) Quarantine location and the number of days to keep quarantined items before automatically deleting them
    • (Agentless) Quarantine network share
  • Scan Diagnostics client task — Run the scan diagnostic tool or use McAfee ePO to calculate and display frequently scanned files, extensions, processes, and VMs. You can use these results to exclude them from being scanned.

Detection — Finding threats

Develop an effective strategy to detect intrusions when they occur. Configure these features to detect threats:

  • On-Access Scan — Scan for threats as files are read from or written to disk.
  • On-Demand Scan — Run immediate and scheduled scans, including scanning for malware-related registry entries that weren't previously cleaned.
  • Targeted On-Demand Scan — Select a system or a group of systems from the System Tree and initiate the on-demand scan on the target system.

Response — Handling threats

Use product log files, automatic actions, and other notification features to determine the best way to handle detections.

  • Actions — Configure what happens in response to a detection.
  • Alerts — Specify how McAfee MOVE AntiVirus notifies you when detections occur, including alerting options and logging.

Tuning — Monitoring, analyzing, and fine-tuning your protection

Monitor and analyze your configuration to improve system and network performance, and enhance virus protection, if needed. Use these tools and features:

  • Queries, dashboards, and server tasks (McAfee ePO) — Monitor scanning activity and detections.
  • Log files — View a history of detected items. Analyzing this information might reveal that you must enhance your protection or change the configuration to improve system performance.
  • Scan policies — Analyze log files or queries and change policies to increase performance or virus protection, if needed. For example, you can improve performance by configuring exclusions, high- and low-risk process scanning, and disabling scan on write.
  • Scan Diagnostics reports — Run and view these scan diagnostic queries:
    • Top 10 Scanned File Extensions for each SVM
    • Top 10 Scanned Files for each SVM
    • Top 10 Scanned Virtual Machines for each SVM
    • (Multi-Platform only) Top 10 Scanned Processes for each SVM