|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
Virus Infection Procedures
- If any computer connected to the SLAC network is suspected to be infected with a Virus/Malworm immediately report it to your Desktop Support Admin and SLAC Cyber Security Group (security@slac.stanford.edu).
- If you notice your AntiVirus program pops up a dialog box stating you've been infected with a Virus/Malworm, please take notes on what you were doing before that dialog box came up.
- Please do not make any changes to the system and wait for the Desktop Support Admin and SLAC Cyber Security Group to tell you how to proceed.
- In some cases if the Virus/Malworm is harmful to the SLAC Network it will be disconnected from the network immediately.
- Depending on the type of Virus/Malworm, the system may need to be fully wiped and reinstalled (this will be determined by SLAC Cyber Security Group).
- As a precaution, the SLAC Cyber Security Group will require the user to change all of their SLAC passwords.
When Cyber Security is alerted via email from Symantec of a risk it is not able to clean, quarantine* or delete:
- The Primary User and System Administrator noted in the CANDO database are e-mailed regarding the following actions.
- The system must be scanned to see if there are any other issues.
- All SLAC passwords must be changed.
- If any additional risks or issues are found the system will need to be rebuilt.
Users and computers with access to sensitive data or systems that cause an AV alert will be removed from the network and must be rebuilt.
At the time of the infection, if the user is an admin on the system, the system must be rebuilt.
- A system that is rebuilt must have the hard drive formatted and no data may be saved.
Owner: SLAC Computer Security |