Some general questions about SOA

[Fragender]

Hello,

I'm quite new to avast small office administration however the installation was a breeze thanks to the great documentation.

However after using avast for a few months now, I have some general questions about the program:

1. I can see infected PCs in the logs HOWEVER how can see I if the PC is clean now?

2. I'm running a scan once per week. What happens if a PC is shutdown during the scan? Will it continue where it left off or cancel the scan?

3.  The Logs currently show that one of my pcs is/was infected with "rootkit: hidden file". How can I see what kind of rootkit the PC was infected with?

4. The Server running SOA is currently not connected to the internet. Will the clients update the signatures on their own now?

5. I changed some of my group settings and want to go back to the default settings now as avast! is consuming ~100% cpu time whenever the hard drive is working. How can I reset the settings/what are the default settings?

[nannunannu]

1.  Assuming you are still running scans, you can see the most recent results in the scan log.  You also will see repeated entries in the shield logs for a machine that has something that was detected but not cleaned.  I don't particularly like the infected machine report because by default it shows things like URL:Mal as a threat that has been detected.  not really useful.

2.  It will cancel the job.  There is a setting in the scan job to wake the computer up for the scheduled job.  I'd recommend using this option and scheduling it at a time when someone is unlikely to be in the office (2am?)...

3. I'd spend some quality time with the computer in question.  don't rely on the console for that.

4.  There is an option under the network group settings to download from the internet when the mirror server is not available.  I'd like to see you get the mirror working, but if you really don't intend to use it you should stop the mirror service so the clients don't connect to it and get a response that falsely reports the old version they are running is the latest (the one from months ago that was the last one the mirror downloaded).

5.  I think this is more related to the scheduled scan jobs than the group settings.  One mistake people make is that they delete the full system scan job and expect it to stop running as scheduled on the client machines.  It doesn't work that way.  Think of it as a template that the server holds.  When you change job settings, you publish a new template for the workstations to use.  If you delete the job, you delete the server copy of the template, but the clients still will continue to run the last valid version that they had downloaded.  If you want to stop a scan job from running, leave the job in the job list, and change it's frequency to one time, and change the date to sometime in the past.  The clients will download a new version of that template, and behave accordingly.

I'd recommend still running the full and quick scans, but doing so with the wake PC option, and scheduled for some time in the middle of the night.

[Fragender]

Thank you very much for your answer.

So for point 2 there is basically no way to make sure that the scan is actually completed? Even if I start a scan over night (which isn't possible on all computers), there is the chance that it hasn't been completed until the next day because our computers are quite old.

5. So what can I do if I deleted the template? Is there a way to restore the default settings?

[nannunannu]

Thank you very much for your answer.

So for point 2 there is basically no way to make sure that the scan is actually completed? Even if I start a scan over night (which isn't possible on all computers), there is the chance that it hasn't been completed until the next day because our computers are quite old.

5. So what can I do if I deleted the template? Is there a way to restore the default settings?

Glad I can help.

For point #2...  Not that I'm aware of...  If the computers are that slow the only thing I can think of would be to only run the full scan on the weekends, assuming you have a typical "work week" environment.  You will still have real time protection.  I've seen first hand how slow and unresponsive computers of a certain "vintage" can be if a scan is thrashing the hard disk in the background while someone is actually trying to use the computer.  Best to avoid that unless you want to have a mutinous revolt.

For #5, you will have to add the job again.  I just checked and the only thing I notice that is different between my 'Full system scan' job and the defaults when you create a new job is under the "scan area" I have hard disks, rootkits and autostart programs whereas a new "blank" job just scans hard disks by default.  Hopefully someone who actually has the original job can chime in, I'm pretty sure I deleted mine and recreated it after realizing that the workstations were still running the job, as explained in my earlier post.