5.06.01 Anti-Malware Software

I. Purpose

This procedure documents the use of anti-malware software to protect the Bradley University computers and network from damage due to virus infections.

Policy Supported

This procedure is in support of Malware Protection (5.06).

II. Description

Bradley maintains licensing for Microsoft System Center Endpoint Protection software as its supported client anti-malware application. Microsoft System Center Endpoint Protection is automatically installed on faculty computers and servers acquired through Campus Computer Sales for use on campus.

Malware protection software is also run on the University mail servers and at the point at which mail enters campus.

Information Resources and Technology Responsibilities

An IRT-maintained Web site for Virus, Malware and Phishing Attempts provides information regarding virus threats and hoaxes as well as procedures for protecting systems against infection and links to useful technical resources.

On an ongoing basis, IRT staff will take appropriate action to contain virus infections as they occur and to assist in their removal. In order to prevent the spread of virus infections, or to contain damage being caused by virus infections, it may be necessary for IRT to remove a computer from the network or disable a segment of the network.

Information Resources and Technology technical staff maintain current patch levels and malware protection on all servers under their control. They scan systems for vulnerabilities on a regular basis and provide product and configuration recommendations to departments regarding system security and virus protection. On an ongoing basis, IRT staff will investigate and evaluate security solutions that may benefit the campus network and systems.

The IRT HelpDesk and staff will assist individuals with recovery from virus infections. This includes advice on containment to stop the spread, help with removal, and advice on how to prevent a recurrence.

Departmental Responsibilities

All servers and other systems administered by end-user departments are to be maintained with current patch levels and available anti-malware software. Departmental technical staff will be responsible to notify IRT of violations or malware incidents on the systems they administer. Information Resources and Technologies bears the right and responsibility to advise departments on appropriate technology protection measures.

End-User Responsibilities

Bradley University requires all users of personal computers on the campus network (wired and wireless) to maintain up-to-date malware protection software and operating system security patches on their desktop and portable computers in order to protect and limit the risks to the person and the University associated with malware attacks.

Students are required to protect their personal computers with antivirus software of their choosing. Free Anti-Virus software is provided to students at no cost and is available to students via a download from the Service Desk Anti-Malware Software page. This software must be removed when a student graduates or leaves the University for some other reason.

Systems should be set to check for and download new definitions on a daily basis. Daily updates to virus definitions provide the greatest opportunity for consistent protection from virus activity.

III. Scope

This procedure applies to all faculty, staff, and administrators.

Date Approved      
2/23/2004      
Dates Revised      
4/6/2004      
Dates Reviewed