[KB247] What can I do to minimize the risk of an infection on the network?

Solution

Use the recommended settings for an ESET security solution installed on a server:

ESET recommends certain settings when installing ESET Smart Security or ESET NOD32 Antivirus onto a server operating system or desktop computer functioning as a server. These settings are designed to limit disruptions of normal server processes and potential conflicts with other applications, and will not limit the protection of your server. 

Recommended settings for an ESET security solution installed on a server (4.0)

Upgrade to ESET File Security for Microsoft Windows Server

 

Take certain precautions to prevent infection by enterprise-specific threats:

You can prevent an infection by ensuring all of the machines on your network have a fully updated ESET endpoint product and then running a complete scan. Take any infected machines off the network until they have updated ESET endpoint products installed with current module versions. Run a complete scan before connecting them to the network again.

Fully patched and protected machines will still get threat alerts as long as other machines on the network are infected. The information column in the threat log will show that a threat is being detected because a new file has been created by an executable. That executable will be a network application like iexplorer.exe. This is is caused when another machine attempts to exploit/infect the target machine and NOD32 prevents it from doing so. Consequently, threat alerts on a machine do not necessarily mean that machine is infected. Rather, these alerts can be caused by external attempts at infection.

Keep your ESET security product current and receiving module updates:

According to statistics from ThreatSense.Net, thousands of new, unique infiltrations are created each day in order to bypass existing security measures and bring profit to their authors — all at the expense of other users. The specialists at ESET’s virus lab analyze those threats on a daily basis and prepare and release updates in order to continually improve the level of protection for users of the antivirus program. Automatic detection engine updates occur, by default, every hour. Keep your license current to receive the latest module updates. Click the following links below if you have any questions about your license or module updates.

Licensing FAQ

ESET Remote Administrator Server not updating to the most recent detection engine
 

Test and install operating system patches and software updates:

Malware authors attempt to exploit various system vulnerabilities in order to increase the effectiveness of spreading malicious code. Consequently, software companies watch closely for new vulnerabilities in their applications to appear and regularly release security updates that eliminate potential threats. It is important to download these security updates as they are released. However, it is equally important to test these patches on a small number of machines before releasing them on the entire network.

Use a local Mirror server for workstation updates:

The Mirror server provides you with the ability to maintain a local copy of modules and program component updates on your own network. It helps save bandwidth by centralizing the download and distribution of updates to ESET clients, and also allows you to provide updates to ESET clients which are not directly connected to the Internet. Read one or more of the following articles to configure your Mirror server:

What is an update mirror and what is its functionality?

 

Set up reports to notify you of any infections or outbreaks:

You can set up reports in ESET Remote Administrator to summarize statistical data regarding threats in your network. You can adjust the frequency of these reports and use them to monitor your system, enabling you to respond rapidly in the event of an infiltration. For illustrated instructions on setting up reports, click here.