Security Best Practices - Stopping malware and other threats

book

Article ID: 181037

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

Symantec Endpoint Protection – Best Practices:  The threat Landscape has changed and cybercrime is rampant. Companies cannot depend solely on desktop antivirus technology to protect themselves. Following the steps in the tabs below will improve the protection of desktops running Symantec Endpoint Protection and stop malware.

 

Must Do

Use IPS (Network Threat Protection)

Threats today are web –based. The Intrusion Prevention System (IPS) in Symantec Endpoint Protection stops threats before they can infiltrate a machine. IPS stops vulnerability exploits, Drive-by-Downloads and Fake AV installation.

Improve default Symantec Endpoint Protection settings

Get the most out of your Symantec Endpoint Protection product by improving its default settings. Only a few setting changes can make a big improvement to your security. Learn more about our recommended policies

Keep browser plugins patched

Attacks have moved to the browser . It’s critical that attackers not be able to use Microsoft® Internet Explorer, or Adobe® Reader/Acrobat/Flash vulnerabilities to get on a system. Use each vendor’s auto update or software distribution tools to install patches as soon as they become available.

Block P2P usage

The simplest method for distributing malware is hidden inside files be shared on peer-to-peer (P2P) networks. Create and enforce a no-P2P policy, inlcuing home usage of a company machine. Enforce the policy at the gateway and/or desktop. Learn more about using Symantec Endpoint Protection’s Application Control to block P2P at the desktop

Turn off AutoRun

Stop Conficker/Downadup and other network based worms from jumping from USB keys and network drives without changing company polices on Open Shares. Learn more

 

Should Do

Turn on enhanced security in Adobe® Reader

Protect your machines from attacks hidden in PDF files by hardening Adobe Reader. Learn more about using the enhanced security settings available in Reader.

Limit the use of network shares (mapped drives)

Worms love to spread via networked drives. Unless there is a strong business requirement, close mapped drives. If possible limit permissions to read-only rather than read-write.

Review mail security and gateway blocking effectiveness

Catching threats before they get to the desktop can be done with effective mail and web security scanning. Check that you have a mail security solution which updates frequently to detect the latest bad sender IPs, spam and malware threats at the mail gateway. Consider implementing a web security solution that will protect your organization against Web 2.0 threats, including malicious URLs and malware.

Review your security content distribution schedule

Antivirus signatures are released multiple times a day and IPS content roughly on a weekly basis or as needed. If possible, take advantage of these updates or at least update machines that are frequently infected.

 

Can Do

Implement application control rules to block specific threats

Symantec Endpoint Protection’s application and device control is a power tool that can be used to stop a specific file, block peer-to-peer (P2P) network use or protect critical files and registry entries.

Educate users

Most malware attacks use social engineering. Education can be highly effective in stopping them. Your users don’t need to be security experts. Today, just remembering four things can keep them protected.

  • Only click through to trusted sources when conducting searches, especially on topics with high attention
  • Never update "media player," “codec," or “Flash” when promoted by a site hosting videos or not affiliated with that application
  • Do not use P2P applications on business machines and be cautious on home machines as well
  • Do not click on links or attachments in spam email

Educate yourself

Symantec provides multiple resources to keep you up-to-date on the latest security threats: knowledge base articles, Security Response blogs, Symantec Connect, and the Internet Security Threat Report.

 Featured postings to these sources

 Reference page: http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0that%20should%20do%20it