AVG CloudCare Best Practices

AVG is antivirus software and AVG Cloud Care is the website that helps to manage installations, threats, updates, and scans. AVG Cloud Care organizes various AVG installations by “Customers”. Each Customer can also have “Groups”. Templates can be assigned to Customers and Alerts can be assigned to groups. Devices are the names of computers. Devices can be assigned to Groups. Alerts can also be assigned to Devices.

AVG CloudCare

Managing Templates

There are two types of templates. One is at the “Partner” level and the other at the “Customer” level. The Partner template does not propagate down to the Customer level. Any changes made at the Partner level template must be manually copied and applied to the Customer level on a per-Customer basis.

As much effort as possible should be taken to keep the Partner template up to date so that it can be used to apply to new Customers when they are first set up. It can also be applied to existing Customers by saving the Partner template and applying it to an existing Customer in the Policies tab.

Managing Policies

There are several top-level categories for policies, but the ones we use for Anti-virus are General and Antivirus. The General policy should “Require confirmation from the user” and update every 4 hours.

The Antivirus policy’s Advanced Settings should, “Enable Resident Shield”, “Ask before removing threat”, “Report Potentially Unwanted Programs and Spyware threats”, “Scan boot sector of removable media”, “Scan files referred in registry”, “Enable Instant Messaging and P2P downloads protection”. Under “E-mail Scanner”, “Scan incoming messages” and “Scan outgoing messages” should be unchecked.

Managing Exceptions

  1. Log into the CloudCare Portal
  2. On the Policies tab, select the policy you would like to manage.
  3. Click on Anti-Virus to expand the menu.
  4. Go to the Exceptions tab.
  5. Click Add Exception if adding a new exception. If editing an existing exception, select the object to edit and click the Edit or Remove button.
  6. Select the exception type; i.e., file, folder, or URL.
  7. Enter the path or URL of the exception. If it’s a username-specific folder, choose “Any Location”.
  8. Choose the components for the exception to apply to.
  9. Click Close and Save.

The global, partner Policies do not override or propagating down to customer policies. They only copy when a NEW customer is created. This means every customer needs touched every time a global policy change is made.

The “partner” policy is a template. This police is used when a “New” customer is created this is the default policy for the new customer. This does not propagate down to existing customers only to newly created customers.

AVG Support

866-402-9806 AVG CloudCare Support
828-466-5757 Support for Business
866-833-5727 ext. 417. This will take you to the tech support operator. She will create a case for the techs and transfer you to the next available tech. You can also email cloudcaresupport@avg.com

Tools to Use

Responding to Threats

Determine if the threat can or should be excluded. You can use a tool like Virus Total to determine if the file is actually a virus. If you are completely sure, first exclude the file at the Customer level. If that doesn’t work and it is a very-specific folder, then exclude it at the folder level. If the file is not currently infected, but could be in the future, exclude the file at the device-level on the actual computer with the issue, NOT in the AVG Cloud Care website.

Marketing Email Response to Virus Alert

There may be a time when you’ll need to respond directly to a client before making a change to their computer. Use the following template as a guide:

Dear [Name],

We are all aware of the changing threats on the Internet; identity theft, viruses, adware, data theft and many more. To address these challenges we are, and have been upgrading our desktop management tools. However, we now detect and report on a variety of web browser plug-ins that are not a specific threat, but are being reported as potential issues. Example, many web sites would like to have their search tool on your Web Browser to drive traffic to their advertisers.

These are commonly installed if you are not careful where you click. Install Adobe Reader, and if you’re not careful, they’ll install Google Chrome Browser. Everyone wants to slip something on your PC.

Please review the following file to determine if you would like us to:

A) Allow this threat to remain on your PC
B) Allow us to assist you with removing the threat

Threat: [Ex. “Friends Checker” toolbar.]

How to delete threats remotely in AVG Cloudcare?

If the threat had been moved to the virus vault, then yes, you can remove it from the device’s virus vault…

  • Devices
  • Click on device name
  • Under Device Details, click on “Virus Vault”

However, if the file is bigger than 4MB, or if AVG can’t remove the file due to blocked access, you may need to attempt manual removal. Also, modifying the following policy settings will change how AVG handles detected threats, by eliminating asking the end user to automatically moving all detected threats to the virus vault so you, the administrator, can decide if the threat is legitimate or a false positive…

  1. Policies tab
  2. Select policy group name, such as “Default”
  3. AntiVirus tab
  4. Advanced Settings
  5. Uncheck the “Ask me before removing threat” box
  6. ID-Protect tab
  7. Select “Automatically quarantine detected threats”
  8. Save

If you have more issues or questions, please call us at 1-866-833-5727, Monday through Friday, from 8 AM to 8 PM Eastern; and have your AVG case number ready when you call.

Crypolocker Ransomware Alert

Beware of new Crypolocker ransomware that encrypts all your files after you open an email attachment.

cryptolocker

This virus encrypts all of your files and then forces you to pay $300 in bitcoin to unlock your files. If you don’t pay, they delete the key after 72 hours and your files are essentially gone. All files that are writable/editable by your user account are affected, including files stored on a network and all USB backups. It’s able to get past most antivirus programs, but there are things you can do:

  • Restrict network access as much as possible
  • Inform users to beware of attachments
  • Keep regular OFFLINE backups

Here are some reference links about the Cryptolocker Ransomware:

Here is an example email you can send to your staff or clients:

Recently there has been a new type of cyber attack on computer systems that has the ability to compromise an entire network of computer files. The virus/malware comes in through an email attachment and then promptly encrypts all network files so that they can not be accessed. The idea behind this virus is for companies to pay $300 or more to have the writers of the virus so they can decrypt the files for access again.

Despite having security systems in place, the openness of certain environments such as your email program and your web browser can still allow this type of attack to occur. While we will continue to develop new systems to protect your organization, we need everyone to be aware of the part they play in keeping the network secure while in their email and while online.

Here are 4 simple ways to Avoid Getting a Virus:

  1. Don’t open e-mails from people you don’t know (even if it seems like it’s from a company you normally deal with)
  2. Don’t open attachments in e-mails unless you were waiting for the attachment
  3. Don’t go to websites/click links that you don’t fully trust
  4. Don’t download and execute files that you don’t fully trust

Please note that even if the file extension says “PDF” it may actually be a ZIP or EXE file that could potentially run and cause harm to your computer files or files on the network. We all have a part to play in helping to keep our computer networks secure in an ever-evolving security landscape.

Long-term Data Storage Threatened by Anti-Virus Scans

Over time, data stored on writable media subject to virus scans will be deleted or moved regardless of the presence of a virus. This is due to the ever-expanding definition of what is a virus and through heuristic analysis. In other words, what was not considered a virus in the past may be considered one in the future despite its legitimacy.

So what can we do about it?

One way is to routinely back-up to an optical disk or some other write-once media. However, CDFS, the file system used on CDs and DVDs allows files up to 2GB. Large files have to be kept another way. There may be hope though. As file permissions and firewalls get safer in Vista it may be possible to set aside areas on your PC that do not get virus checked.