Looking for way to, once a virus is detected on the network, have a portable virus scanner pushed to the infected device, start the scan, and then immediately disable all network connections. Has anyone ever come across a solution to this or anything similar? Thanks in advance!
need to be proactive, install anti virus/anti malware to device before it infested
We've already got Trend Mico deployed to all users devices. The problem I am trying to solve is to have a secondary scanner run only when Trend informs us that a virus/malware was detected but no action was taken. This is also why it would be good to have the devices network connection terminated after discovery.
I appreciate the answers but I was looking for a more automated way of doing it. We already have manual procedures in place for how to handle this, but I was hoping for a way to have some of the steps done immediately upon discovering the virus.
There are some things that can be automated, but they all(machines) have to have a virus scan agent that reports into some type of management system so the management system can kick off whatever procedure(by policy) needs to be done - like a shutdown or send out an email .
Trend Micro currently sends an email with the machine name to the help desk when it discovers a virus. The trick at this point is to use that as a trigger to kick off the rest of the automation. I suppose it could be scripted manually but I wouldn't really know where to start with that.
I agree completely. But say, for instance, someone was infected with ransomware. If we had the ability to minimize the damage caused by that and preventing it from spreading to other machines by having the computer's network access temporarily disabled would be immensely useful. At which point (ideally) we would have a secondary virus scanner run (one that doesn't do any real time scanning and could be locally installed if it was light-weight enough) to attempt to find and kill the malware. This way we could be already handling the situation and preventing it from getting worse in the 10-15 minutes it would take for a tech to get out there and be sure it actually has been taken care of and then restore the machines network connectivity once confirmed.
This scenario actually happened recently which is why I am looking in to a way to minimize the effects. Fortunately when it did happen we were quick enough to be able to correct it before any serious damage could occur but if for whatever reason we could not get to it quickly enough it would be nice to have some steps taken automatically.
You're probably right though, I can't imagine it being too difficult to just have the machine shut off once we get the email and this may honestly be enough to take care of the biggest part of the problem.
The issue is the remote command of the system. You'd have to create one script to do everything because once you disable the network, you'd loose remote access to do anything else - even monitoring. You'd still have to send a tech to verify that it is clean before putting it back on the network