Part of Data Security Standard 6 - Responding to incidents
Always on, always connected, always up to date (6.2.3 - 6.2.4)
Antivirus or malware protection should be installed on desktops, servers, laptops and tablets1. It includes those devices that are currently connected to the internet and those that have the capability to be connected to the internet.
The antivirus or malware protection agent should be automatically updated with the latest signatures or pattern files. The updating in larger estates may be from a central source for management or smaller estates may just update from the providers themselves.
In the case of ATP/MDE provided to NHS organisations as part of the centrally funded Windows 10 deployment Windows 10 rollout, updating is performed on your behalf.
Conversely, not installing antivirus on a device (which supports antivirus/malware protection) should be an informed decision and effective layered controls put in place to prevent internet connection.
This should be at a network level, such as an isolated network segment and device level using non routable IP subnet range. The effect of the controls should be to mitigate the effect of accidentally connecting the device to any network with a gateway to the internet.
As well as the ability to perform a manual scan, the antivirus/malware protection should perform an automatic scan (based upon an up to date pattern/engine) against any accessed files (irrespective of source). These can be when accessed locally, downloaded or from a network share.
1 Those tablet with the main operating systems of the organisation and not a mobile operating system.
Last edited: 27 September 2022 11:39 am