Local virus scan started remotely and automagically.

Shogun Kane

Estimable
Sep 28, 2014
6
0
4,510
0
Looking for way to, once a virus is detected on the network, have a portable virus scanner pushed to the infected device, start the scan, and then immediately disable all network connections. Has anyone ever come across a solution to this or anything similar? Thanks in advance!
 

Shogun Kane

Estimable
Sep 28, 2014
6
0
4,510
0


We've already got Trend Mico deployed to all users devices. The problem I am trying to solve is to have a secondary scanner run only when Trend informs us that a virus/malware was detected but no action was taken. This is also why it would be good to have the devices network connection terminated after discovery.

I apologize, should have been more clear on that.

 

Shogun Kane

Estimable
Sep 28, 2014
6
0
4,510
0
I appreciate the answers but I was looking for a more automated way of doing it. We already have manual procedures in place for how to handle this, but I was hoping for a way to have some of the steps done immediately upon discovering the virus.
 

ss202sl

Honorable
May 23, 2012
758
0
11,960
109
There are some things that can be automated, but they all(machines) have to have a virus scan agent that reports into some type of management system so the management system can kick off whatever procedure(by policy) needs to be done - like a shutdown or send out an email .
 

Shogun Kane

Estimable
Sep 28, 2014
6
0
4,510
0
Trend Micro currently sends an email with the machine name to the help desk when it discovers a virus. The trick at this point is to use that as a trigger to kick off the rest of the automation. I suppose it could be scripted manually but I wouldn't really know where to start with that.
 

ss202sl

Honorable
May 23, 2012
758
0
11,960
109
It would be easy to at least script a remote shutdown so the machine is off, but there's nothing stopping the user from just turning it back on. This is why someone needs to contact the user
 

Shogun Kane

Estimable
Sep 28, 2014
6
0
4,510
0
I agree completely. But say, for instance, someone was infected with ransomware. If we had the ability to minimize the damage caused by that and preventing it from spreading to other machines by having the computer's network access temporarily disabled would be immensely useful. At which point (ideally) we would have a secondary virus scanner run (one that doesn't do any real time scanning and could be locally installed if it was light-weight enough) to attempt to find and kill the malware. This way we could be already handling the situation and preventing it from getting worse in the 10-15 minutes it would take for a tech to get out there and be sure it actually has been taken care of and then restore the machines network connectivity once confirmed.

This scenario actually happened recently which is why I am looking in to a way to minimize the effects. Fortunately when it did happen we were quick enough to be able to correct it before any serious damage could occur but if for whatever reason we could not get to it quickly enough it would be nice to have some steps taken automatically.

You're probably right though, I can't imagine it being too difficult to just have the machine shut off once we get the email and this may honestly be enough to take care of the biggest part of the problem.
 

ss202sl

Honorable
May 23, 2012
758
0
11,960
109
The issue is the remote command of the system. You'd have to create one script to do everything because once you disable the network, you'd loose remote access to do anything else - even monitoring. You'd still have to send a tech to verify that it is clean before putting it back on the network
 

Shogun Kane

Estimable
Sep 28, 2014
6
0
4,510
0
True, there is no solution that would allow for a tech not to have to come out. I'm mainly looking to minimize impact and increase speed of resolution to reduce downtime.
 
Thread starter Similar threads Forum Replies Date
T Antivirus / Security / Privacy 3
DCB007 Antivirus / Security / Privacy 4
N Antivirus / Security / Privacy 5
A Antivirus / Security / Privacy 3
E Antivirus / Security / Privacy 1
W Antivirus / Security / Privacy 3
L Antivirus / Security / Privacy 6
W Antivirus / Security / Privacy 1
A Antivirus / Security / Privacy 7
A Antivirus / Security / Privacy 8
K Antivirus / Security / Privacy 2
L Antivirus / Security / Privacy 1
F Antivirus / Security / Privacy 4
J Antivirus / Security / Privacy 3
F Antivirus / Security / Privacy 1
R Antivirus / Security / Privacy 0
R Antivirus / Security / Privacy 5
P Antivirus / Security / Privacy 3
D Antivirus / Security / Privacy 1
P Antivirus / Security / Privacy 1

ASK THE COMMUNITY