Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
4
Replies

Virus checking on ICM

kwhitmarsh
Level 1
Level 1

‎10-11-2001 10:59 AM - edited ‎03-12-2019 12:52 PM

Does anybody have any experience of using a virus checker on an ICM server? I have heard various rumours around Cisco going to recommend a product, anybody like to comment?

Labels:
0 Helpful
4 Replies 4

tofisher
Level 1
Level 1

‎10-11-2001 01:48 PM

Cisco announced today the recommended virus checking strategy for the systems running IIS server. The statement is pasted below.

Regards,

-Tom

To: Cisco’s CCBU Customers

CC: Cisco Software Sales

From: Cisco Customer Advocacy

Cisco Product Management

Cisco Engineering

Date: October 11, 2001

Re: Preliminary Anti-Virus Software Recommendations

Many of our enterprise and service provider customers have expressed an interest in understanding Cisco’s recommendations for the use of anti-virus software. The recommendations below are preliminary and based on Cisco’s actual usage of anti-virus software in development lab environments. Cisco will seek to establish broader recommendations that include all of the product lines within Cisco’s Voice Technology Group, of which CCBU is a member. Cisco does not provide official certifications for anti-virus software products, however the following recommendations are based on Cisco’s experience working with customers who have successfully implemented anti-virus software with our software solutions.

The recommendations in this memo are provided for the following CCBU software products:

· Cisco Network Applications Manager (NAM)

· Cisco Intelligent Contact Management (ICM)

· Cisco Admin Workstations

· Cisco ACD PGs, IVR PGs, NICs

· Cisco Agent Desktop (formerly: Turnkey CTI)

· Cisco Collaboration Server (CCS)

· Cisco Media Blender (CMB)

· Cisco Web Gateway

· Cisco TrailHead Server

· Cisco eMail Manager (CeM)

· Cisco WebView / WebView II

· Cisco Internet Service Node (ISN) Application Server and Voice Browser

Of these products, particular care should be taken for systems that can use Microsoft Internet Information Server (IIS): Cisco Collaboration Server (CCS), Cisco Media Blender (CMB), Cisco TrailHead Server, Cisco eMail Manager (CeM), Cisco WebView / WebView II, and Cisco Internet Service Node (ISN) Application Server and Voice Browser. Additionally, any server positioned outside the corporate firewall, or having frequent connections to the Public Internet should be addressed as part of the anti-virus strategy.

While Cisco does not formally certify specific anti-virus software products, it is important to note that many default anti-virus options settings may adversely affect the performance of the products listed above. The performance degradation is due to increased CPU load and memory utilization contributed by the anti-virus software.

For customers who choose to implement anti-virus software on their systems, the following general guidance is recommended:

· The software not be set to run in an “automatic” or “background” mode where all incoming data or modified files are scanned in real time.

· Full scans of systems should be set to run only during scheduled maintenance windows.

· Virus scanning engines and definition files should be updated on a regular basis as per the organization’s current security/anti-virus policy.

Cisco is also concerned about virus protection and uses specific products in the development and testing labs at the CCBU. The testing labs are working on testing the following products in our labs:

On Microsoft Windows NT Workstation 4.0, Service Pack 6a and Windows 2000 Professional Service Pack 2 we currently run:

· Network Associates (McAfee) Netshield 4.5.0.534 (Full Mode)

· McAfee ScanEngine 4.150 (updated weekly)

· McAfee Virus Definitions 4.0.4164 (updated nightly)

On Microsoft Windows NT Server 4.0, Service Pack 6a and Windows 2000 Server, Service Pack 2 we currently run:

· Network Associates (McAfee) NetShield 4.5.0 service pack 1 (Full Mode)

· McAfee ScanEngine 4.150 (upgraded weekly)

· McAfee Virus Definitions 4.0.4164 (updated nightly)

Additionally, these anti-virus products are configured to run in Active/Full mode, rather than in Constant/Passive mode. They are updated both weekly and nightly as per Cisco’s corporate anti-virus security policy and additionally the Virus Definition DAT files are set to use the Randomization option, scheduled during low system use and maintenance window periods. This use is consistent with the general guidance provided above. The specific configuration used for these products is as follows:

The following items for the Netshield On-Access Monitor are as selected and the process is enabled:

Under Detection: Scan

*Inbound Files

*Boot Sectors

*Floppy During Shutdown

Under Detection: Files to Scan

*All Files

Under Advanced

*All Items Selected

*Maximum archive scan time set to 29 seconds

Under Actions

*When a virus is found: Clean infected files automatically

*Response to user: Send message to user is selected

Under Reports

*Accept Defaults

Under Exclusions

*Leave Empty

Automatic Upgrade/Update Properties are as follows:

Under Update

*Get from FTP Source

*Enter an FTP Computer name and directory: wwwin-gog/dats

Under Schedule: Run

*Select Daily, set time to 1AM

Under Upgrade

*Get from FTP Source

*Enter an FTP Computer name and directory: wwwin-gog/dats/upgrades

Under Schedule: Run

*Select Weekly, set time to 1AM

Scan Local Drives

*Accept Defaults

Under Schedule Run

*Select Daily, set time to 1AM

Cisco recommends regular updates of the virus scanning engines and virus definition files which customers can obtain from their anti-virus software vendors directly. Some viruses have also prompted updates to operating system or web server components from Microsoft; however, customers should note that these new patches may not yet be fully tested for compatibility with Cisco software products. Before applying any such patches, customers should refer to the published compatibility matrix on Cisco Connection Online (CCO) at:

http://www.cisco.com/warp/public/78/sw_compatability_matrix.html

New viruses can be unpredictable, so Cisco cannot assume responsibility for consequences of virus attacks on mission critical applications.

Again, this is a preliminary statement on Cisco’s anti-virus software recommendations. Cisco will have forthcoming announcements related to anti-virus recommendations. Please contact your Cisco sales representative or reseller for Cisco’s latest recommendations.

0 Helpful

bbrunner
Level 1
Level 1

‎11-16-2001 11:54 AM

I have used CA's Advanced Anti Virus for NT/2000 in Development and Production. It has been working without incident.

0 Helpful

steven.fuchs
Level 1
Level 1
In response to bbrunner

‎11-16-2001 02:42 PM

We have used Norton Anti Virus in both development and production environments with ICM R4.1 and ICM R4.5 as well as CCS, CMB and CEM without incident

0 Helpful

bill.king
Level 1
Level 1
In response to steven.fuchs

‎06-25-2003 11:03 AM

Does anyone have a recent experience/recommendation re: virus settings for ICM? We're using 4.1.5.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents