General discussion


What to Implement First?...Scanning & Patching Tool or Virus Scanning Tool?

By butlertf ·
To put it briefly, I can't decide whether or not I should implement a scanning and patching tool on my network or an anti-virus tool first. There will be about a 2 week period before the first tool is put into place and about another 3 to 4 weeks before the next tool is put into place.

I was thinking that if we have put into place a scanning and patching tool first, it would fix the vulnerabilities a virus would exploit. Thus, it would be better to implement the scanning and patching tool before the anti-virus tool.

If anyone has a different thought, please explain your reasoning.



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Bigger question

by robo_dev In reply to What to Implement First?. ...

What AV countermeasures are already in place?

If the answer is 'none' then the AV needs to go first, as trying to inventory, patch and update virus-infected PCs is not going to end well.

If you are reasonably confident that the PCs are not 'crawling with viruses', then bringing them up to the same patch level would make it more likely that the AV software would deploy without any issues.

That's my thought, based on your scenario, as I see it.

Collapse -

From past experience

by HAL 9000 Moderator In reply to What to Implement First?. ...

On a stand alone system I picked up a Infection by visiting the M$ Update Site. or maybe more correctly I should say in the time that the system was connected to the Windows Update Servers before an AV product got installed.

Maybe it didn't come directly from the Windows Update Site but it most certainly did hit the system hard and mean that I had to restart the reload process from scratch again.

Since that time I never consider connecting any system to the Net without first a AV product Installed. I'm not even overly happy with the need to connect to the Net to download a AV product and I have stopped using any AV product that I can not download and install without the computer being connected to the net till you start the Updating Process.

That is with a Stand Alone System with a LAN it would be the number of Workstations & Servers worse than a Stand Alone System. I've had numerous times where infected LAN's have reinfected a workstation after it gets reloaded and fully patched then gets reconnected to the LAN. I've had way too many Self Replicating Infections across Networks to ever consider not having a Fully Working AV product in place first before starting to build the LAN.


Collapse -

Makes Sense

by butlertf In reply to What to Implement First?. ...

Currently there is no AV set up hence the whole question which to implement first. It is a small lab that we are building and it is behind a firewall that only allows our specified workstations in. Granted if our workstation gets infected it could infect the rest of the systems, but the workstations do have AV on them.

The more I think about it, it seems the AV should go in first and patching second. Thank you guys for the comments.

Collapse -

AV first.

by CharlieSpencer In reply to What to Implement First?. ...

Scanning and patching will indeed take care of existing vulnerabilities, but it won't take care of existing infections. Don't worry about preventing future diseases right now; worry about curing the ones you've probably already got.

Related Discussions

Related Forums