How can I check for malware on my business network?

April 2, 2014
Pinterest Stumbleupon Whatsapp

How can I check presence of malicious file on Windows computers on my business network?

  1. Rbrideaux
    April 9, 2014 at 5:36 am

    First, you need to have an updated AV with a centrally managed console.
    If you believe there is malware that your AV doesn't detect, you need to submit a sample to your AV vendor so they can give you an updated signature. That may take time. You can also send the file to http://www.virustotal.com, although if may not be detected at all if it's a targeted attack or new variant.

    You can search for presence of malware on your network using filename or wildcards using https://www.maliciousfilehunter.com

    Run the collect sample on sandbox and confirm it behavior before take further action.

  2. Oron J
    April 2, 2014 at 1:40 pm

    Ther are many ways to do this, and it depends to a certain extent on your AV software (and size of network/business). Many AV solutions have a business or enterprise version which includes a central console. This allows you to schedule scans and to collect reports from all PCs. As long as the software is deployed to all PCs, you're covered.
    You also need to scan your servers, which you can do with the same software. For performance reasons, you may need to disable real-time scanning and schedule full scans instead, but the devil's in the details here, so read the AV's manual, and possibly do some experimentation. It's also a good idea to have a security appliance at your network's gateway if you can afford it. This will offer another layer of security, but it is not a substitute for an AV client on each PC (for one thing, viruses may arrive through a USB drive or in some other way).

    On a small network, you may be able to get away with ordinary (non-policy-driven) AV solutions and simply connect to each user's drives (e.g. \userpc1c$) and scan it with your own AV over the network. You could script the system to connect to each PC in turn and scan it. However, this won't scale up to a large network.

  3. Bruce E
    April 2, 2014 at 7:34 am

    In many cases, it is done the same way you do it on your personal machines - open your antivirus solution and have it do a full scan on the machine(s) in question. If you have implemented a business solution, you probably have an administrative console where you can force a full scan of any/all machines required, including servers that have the endpoint solution installed. If you are dealing with a single file with a known location and name, you can use the login scripts to look for the file as well, or just delete it in case it is there.