Tag: Antivirus

  • AVG CloudCare Best Practices

    AVG is antivirus software and AVG Cloud Care is the website that helps to manage installations, threats, updates, and scans. AVG Cloud Care organizes various AVG installations by “Customers”. Each Customer can also have “Groups”. Templates can be assigned to Customers and Alerts can be assigned to groups. Devices are the names of computers. Devices can be assigned to Groups. Alerts can also be assigned to Devices.

    AVG CloudCare

    Managing Templates

    There are two types of templates. One is at the “Partner” level and the other at the “Customer” level. The Partner template does not propagate down to the Customer level. Any changes made at the Partner level template must be manually copied and applied to the Customer level on a per-Customer basis.

    As much effort as possible should be taken to keep the Partner template up to date so that it can be used to apply to new Customers when they are first set up. It can also be applied to existing Customers by saving the Partner template and applying it to an existing Customer in the Policies tab.

    Managing Policies

    There are several top-level categories for policies, but the ones we use for Anti-virus are General and Antivirus. The General policy should “Require confirmation from the user” and update every 4 hours.

    The Antivirus policy’s Advanced Settings should, “Enable Resident Shield”, “Ask before removing threat”, “Report Potentially Unwanted Programs and Spyware threats”, “Scan boot sector of removable media”, “Scan files referred in registry”, “Enable Instant Messaging and P2P downloads protection”. Under “E-mail Scanner”, “Scan incoming messages” and “Scan outgoing messages” should be unchecked.

    Managing Exceptions

    1. Log into the CloudCare Portal
    2. On the Policies tab, select the policy you would like to manage.
    3. Click on Anti-Virus to expand the menu.
    4. Go to the Exceptions tab.
    5. Click Add Exception if adding a new exception. If editing an existing exception, select the object to edit and click the Edit or Remove button.
    6. Select the exception type; i.e., file, folder, or URL.
    7. Enter the path or URL of the exception. If it’s a username-specific folder, choose “Any Location”.
    8. Choose the components for the exception to apply to.
    9. Click Close and Save.

    The global, partner Policies do not override or propagating down to customer policies. They only copy when a NEW customer is created. This means every customer needs touched every time a global policy change is made.

    The “partner” policy is a template. This police is used when a “New” customer is created this is the default policy for the new customer. This does not propagate down to existing customers only to newly created customers.

    AVG Support

    866-402-9806 AVG CloudCare Support
    828-466-5757 Support for Business
    866-833-5727 ext. 417. This will take you to the tech support operator. She will create a case for the techs and transfer you to the next available tech. You can also email cloudcaresupport@avg.com

    Tools to Use

    Responding to Threats

    Determine if the threat can or should be excluded. You can use a tool like Virus Total to determine if the file is actually a virus. If you are completely sure, first exclude the file at the Customer level. If that doesn’t work and it is a very-specific folder, then exclude it at the folder level. If the file is not currently infected, but could be in the future, exclude the file at the device-level on the actual computer with the issue, NOT in the AVG Cloud Care website.

    Marketing Email Response to Virus Alert

    There may be a time when you’ll need to respond directly to a client before making a change to their computer. Use the following template as a guide:

    Dear [Name],

    We are all aware of the changing threats on the Internet; identity theft, viruses, adware, data theft and many more. To address these challenges we are, and have been upgrading our desktop management tools. However, we now detect and report on a variety of web browser plug-ins that are not a specific threat, but are being reported as potential issues. Example, many web sites would like to have their search tool on your Web Browser to drive traffic to their advertisers.

    These are commonly installed if you are not careful where you click. Install Adobe Reader, and if you’re not careful, they’ll install Google Chrome Browser. Everyone wants to slip something on your PC.

    Please review the following file to determine if you would like us to:

    A) Allow this threat to remain on your PC
    B) Allow us to assist you with removing the threat

    Threat: [Ex. “Friends Checker” toolbar.]

    How to delete threats remotely in AVG Cloudcare?

    If the threat had been moved to the virus vault, then yes, you can remove it from the device’s virus vault…

    • Devices
    • Click on device name
    • Under Device Details, click on “Virus Vault”

    However, if the file is bigger than 4MB, or if AVG can’t remove the file due to blocked access, you may need to attempt manual removal. Also, modifying the following policy settings will change how AVG handles detected threats, by eliminating asking the end user to automatically moving all detected threats to the virus vault so you, the administrator, can decide if the threat is legitimate or a false positive…

    1. Policies tab
    2. Select policy group name, such as “Default”
    3. AntiVirus tab
    4. Advanced Settings
    5. Uncheck the “Ask me before removing threat” box
    6. ID-Protect tab
    7. Select “Automatically quarantine detected threats”
    8. Save

    If you have more issues or questions, please call us at 1-866-833-5727, Monday through Friday, from 8 AM to 8 PM Eastern; and have your AVG case number ready when you call.

  • Crypolocker Ransomware Alert

    Beware of new Crypolocker ransomware that encrypts all your files after you open an email attachment.

    cryptolocker

    This virus encrypts all of your files and then forces you to pay $300 in bitcoin to unlock your files. If you don’t pay, they delete the key after 72 hours and your files are essentially gone. All files that are writable/editable by your user account are affected, including files stored on a network and all USB backups. It’s able to get past most antivirus programs, but there are things you can do:

    • Restrict network access as much as possible
    • Inform users to beware of attachments
    • Keep regular OFFLINE backups

    Here are some reference links about the Cryptolocker Ransomware:

    Here is an example email you can send to your staff or clients:

    Recently there has been a new type of cyber attack on computer systems that has the ability to compromise an entire network of computer files. The virus/malware comes in through an email attachment and then promptly encrypts all network files so that they can not be accessed. The idea behind this virus is for companies to pay $300 or more to have the writers of the virus so they can decrypt the files for access again.

    Despite having security systems in place, the openness of certain environments such as your email program and your web browser can still allow this type of attack to occur. While we will continue to develop new systems to protect your organization, we need everyone to be aware of the part they play in keeping the network secure while in their email and while online.

    Here are 4 simple ways to Avoid Getting a Virus:

    1. Don’t open e-mails from people you don’t know (even if it seems like it’s from a company you normally deal with)
    2. Don’t open attachments in e-mails unless you were waiting for the attachment
    3. Don’t go to websites/click links that you don’t fully trust
    4. Don’t download and execute files that you don’t fully trust

    Please note that even if the file extension says “PDF” it may actually be a ZIP or EXE file that could potentially run and cause harm to your computer files or files on the network. We all have a part to play in helping to keep our computer networks secure in an ever-evolving security landscape.

  • AVG 2012

    If you use AVG anti-virus software, which many of our clients do, you may have noticed a new pop-up that looks something like this.  It’s advertising a free upgrade to AVG Anti-Virus Free 2011 or a paid upgrade to AVG Internet Security 2012.  Either one is fine and you can feel free to click the link, which should take you toAVG.com.

    The free version protects against:

    • Viruses and spyware
    • Social networks like Facebook
    • Web surfing and searching
    • Losing your identity online

    We’re currently recommending Microsoft Security Essentials to our clients.