Service Name: Virus Detection and Removal
Viruses and other forms of computer malware (malicious software) pose significant risks to the confidentiality, integrity, and availability of University data and computing resources. The University’s Electronic Data Security Policy therefore requires all Windows systems to run approved antivirus software. Thousands of new viruses are released daily, and antivirus software cannot always detect and/or clean all the latest infections. As such, it is sometimes necessary for Information Technology Services staff to manually respond to malware incidents.
- Quarantine – Infected machines can spread their infections to other computers. They can also allow an attacker remote access to the machines. The attacker may then intercept and steal sensitive info like passwords, personal, and financial data. To minimize these risks to the University, infected computers are immediately removed from the network upon discovery.
- Investigation – Identify the malware involved. Make changes to the system, and decide steps needed to restore the system’s integrity.
- Cleaning, hardening – Sometimes the infections can be dealt with without having to reinstall the operating system. In those instances the malware is removed and the system hardened before returning it to service (i.e., missing patches are applied and old software upgraded to reduce the likelihood of re-infection).
- System Rebuild – Often the only way to ensure a system is safe to reuse is to back up all user files, reinstall the operating system, and then restore the user files. System rebuilds typically take longer than cleaning and hardening, but provide greater assurance that the infection has been eliminated.
How to request this service:
- Generally, the Service Desk is the one that contacts you if an infection is detected on your computer and informs you that it has been quarantined as a result. Depending on the suspected severity of the incident, the system may be serviced in your office or more typically retrieved and brought to Information Technology Services where more resources are available.
- If you experience pop-up windows or have any reason to suspect that your computer is infected, be sure to contact the Service Desk immediately at:
Who can avail of this service:
- Faculty & staff of the St. John’s campus
Out of Scope:
- Student-owned and personally-owned devices
- Malware detection by your antivirus software is 24/7/365
- Manual incident response is 9am to 5pm; Monday-Friday
- Cleaning/hardening: 2 business days
- Full system rebuilding: 3 business days
Processes and Tools:
- Detection of infected systems using McAfee ePO and VirusScan
- Quarantining of infected systems
- System hardening, as needed
- Complete system rebuild, including backup and restoration of client files, as needed
- Log, monitor, and resolve entire incident using the Remedy Incident Management system.
Accountabilities and Key Roles:
- Help Desk– initial contacts
- Network and Communications Groups – quarantining of infected systems
- Personal Computing Group – Cleaning, hardening, rebuilding of compromised systems
- IT Security – Investigations and overall ownership of the malware handling process
Key Performance Indicators:
- Number of systems with malware detections per month
- Number of systems requiring manual remediation (i.e., detections that translate into Remedy incidents)
Revision: January 2014
Service Owner: IT Security Officer, IT Security Group