locked
Looking for suggestions for scanning SAN drives RRS feed

  • Question

  • Wondering how everyone approaches scanning of SAN drives. We quick scan all systems once a day and deep scan once a week. We're trying to figure out the best way to scan our SAN, networked drives and figure once a week would work for that as well. It sounds pretty straightforward but I'm curious if anyone has run into any gotchas.  
    Orange County District Attorney
    Tuesday, October 21, 2008 9:02 PM

All replies

  • This isn't really AV vendor specific so I'll try to be general here :)..

    You want client AV on both the server and your clients.
    You want Real-Time Protection on on both as well.
    If you are going to do full scans against say file shares on SAN drives then definitely make sure those scans are done from the server hosting the content that is directly SAN attached.  IE don't map a drive to your file server from somewhere else and scan it as you would be adding network overhead.
    Since it is a server make sure you run the full scan's off hours when you know the server will be on but the user workload will be light as this is a disk/cpu intensive process.  
    I would also make sure the quick scan's are done during lighter times on the server as well if possible.

    As you said pretty straightforward.  Gotchas would probably be more specific case oriented if there was any special situations that were unknown.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response)
    Thursday, October 23, 2008 8:01 PM
  • Thanks for the info Kurt. I'm thinking along the sames lines as in your suggestions however we've not implimented scanning on the SAN server drives yet. Thats where we're trying to decide how much and how often.
    Orange County District Attorney
    Thursday, October 23, 2008 8:09 PM