|
POLITICA ANTI MALWARE IT-DOC-04 Versión: 1 Fecha de creación: 15/03/2021 Fecha de actualización: 11/05/2026 |
![]() |
Table of Contents
1. Scope
2. Definitions
3. Policy Overview
4. Anti-Virus management 3
5. Anti-Spam & Malware Protection
6. Threat Monitoring & Alerts
7. alware Incident Management
8. Roles and Responsibilities
9. Non-Compliance
1. Scope
Anti-virus and malware prevention software will be installed on the following devices:
- Critical windows servers (Windows Defender)
- End user desktop computers and laptops. (Windows, Mac)
- Where applicable, Mobile devices (phones and tablets owned by MSC, Intune)
2. Definitions
- Adware: Displays advertisements, tracks activities to send advertising back to the system.
- Browser Hijacker: Redirects users to a fake home page that looks authentic.
- Keyloggers: Records everything typed on PC to obtain log-in names, passwords, etc.
- Phishing: Emails that contain information to trick the user into performing an activity.
- Ransomware: Locks user out of computer until paid for unlock codes.
- Spam: Unwanted emails that contain advertising.
- Virus: Code that installs on systems and then reproduces itself onto other systems.
3. Policy Overview
The purpose of this policy is to ensure that MSC systems and desktops are protected from malware, viruses, spam and other types of exploitive software, which can compromise data or systems.
- MSC Security reserves the right to deny access to the network to any device found to be inadequately protected or infected.
- Anti-virus clients are configured to obtain signature updates on a regular basis, either directly from the vendor website or from a central server within the organization.
4. Anti-Virus management
By default, on access scanning is enabled to provide real time protection. Regular full scans may be conducted periodically. System that remotely connect to the MSC network are required to have current anti-virus installed.
Administrators will centrally manage the Anti-Virus application and ensure:
• Systems are updated according to latest virus definitions.
• Users cannot disable the anti-virus software on the server or desktop.
• Anti-Virus engine updates or upgrades are managed and tracked.
Endpoints remotely connecting to the MSC network must have current anti-virus installed and actively running
5. Anti-Spam & Malware Protection
Mail servers must have an external or internal anti-virus scanning application that scans all mail destined to and from the mail server. Anti-Spam must be configured to minimize such types of messages from getting to their destination.
By default, on access scanning is enabled to provide real time protection. Regular full scans may be conducted periodically.
6. Threat Monitoring & Alerts
Information about emerging threats will be obtained from appropriate sources and users alerted proactively of potential attacks, giving as much detail as possible to maximize the chance of recognition.
7. Malware Incident Management
If malware is detected on a server, client, network or other IT device, the software will be configured to take the following actions:
- Clean/Eradicate infected files or systems automatically
- Quarantine files or systems automatically
- Isolate infected systems that are not able to be cleaned or quarantined
- Notify the administrators of critical events
8. Roles and Responsibilities
Matrix of Tasks and Responsible Groups.
|
TASK |
IT Team |
Global Service Desk Greece |
|
Threat Identification |
X |
|
|
Ticket opening |
X |
X |
|
Threat removal |
X |
|
|
Attack vector identification |
X |
|
|
Update/Maintain Versions |
X |
X |
9. Non-Compliance
Employees must adhere to the stated requirements. Any employee found to have violated this policy may be subject to disciplinary action, up to and including, termination of employment.
