+ 0 Votes Interesting CharlieSpencer_Palmetto 6 years ago I'm not the company security specialist, but I'd start by disconnecting or shutting down all switches, routers, hubs, WAPs, and other communications infrastructure to prevent further spreading. + 0 Votes Aye alxcsby 6 years ago And ours is. In two locations. + 0 Votes never happen. Jaqui 6 years ago with no windows boxes I never have to have that nightmare. Palmetto is right though, stop the spread by pulling the plug then clean everything before brining it back online. [ other option, use the backup from friday to restore each machine after cleaning it. ] + 0 Votes A few things to try jdclyde 6 years ago First, have your users run as a limited user instead of Admin. Second, deny SMTP to or from anything but your mail server. Have a baseline of your network usage, especially during off hours. If you get an infected system, it will suck up bandwidth day and night (provided it is turned on) so will give you a clue. Watch the managed AV logs. Both for finding infection attempts AND for update failures. Virus have a cool tendency to turn off your AV, so that is another sign of trouble. Do you run a firewall on the pc's? You might want to, and then allow only specific traffic to access the LAN. + 0 Votes Restore, restore, restore. deepsand Updated - 6 years ago If your system is as large as it sounds, it's large enough to warrant being 100% backed-up every day.