SLAC Computer Security
Search SLAC

Anti-Virus Policy

The purpose of this policy is to protect the availability and integrity of software and information against disruption caused by malicious code, such as viruses or harmful mobile code, and establish the requirements that must be met by all computers connected to the SLAC network.

Policy

All windows computers (including desktops, notebooks/laptops, and servers) connected to the SLAC network must have standard, supported anti-virus software installed and maintained. Anti-virus pattern files must be updated frequently in accordance with standards defined by SLAC. Tampering with or disabling the anti-virus software is prohibited.

Exceptions

Any exceptions to this policy must be submitted in writing with a business justification, to and approved  by the Computer Security Officer at security@slac.stanford.edu.

General Procedures

The IT Operations and Infrastructure Team (ITO&IT) is responsible for creating procedures for the installation and configuration of anti-virus software on standard SLAC platforms.  In addition, the ITO&IT will publish new definition files, which all standard SLAC computers will automatically receive.  The ITO&IT will ensure that SLAC systems have virus protection installed, are running properly, and have the required definition files. 

All storage media (e.g. floppy, compact disk or Zip) that are inserted into SLAC computers must first be scanned for viruses or signs of other forms of malicious software by the user before use. 

All files downloaded from the Internet must be scanned for viruses at the user’s desktop.  IT is responsible for server and e-mail gateway protections while users are responsible for the safety of their systems and files. Extra care should be taken when downloading files from sources that are not trusted.

If you need help, please contact your departmental computing support person.

Enforcement

Systems not properly protected will be removed from the network. 

Virus-infected computers must be removed from the network until they have been verified (scanned) as virus-free. User associated with the infection must change all of there SLAC passwords. If any additional risks or issues are found the system will need to be rebuilt.

Users and computers with access to sensitive data or systems that cause an AV alert will be removed from the network and must be rebuilt.

If the user is an administrator on the system, the system must be rebuilt.

A system that is rebuilt must have the hard drive formatted and no data may be saved.

 

NOTE: Users whose activity cause a scan or rebuild three times within a one year period will be reported to HR for waste and abuse of government resources.

References

Cyber Security Anti-Virus Action Procedure

Owner: SLAC Computer Security
Page Created: 07/17/2008
Last Updated: 07/17/2012
Feedback: Please send to
Computer Security Feedback