The IT Client Computing will install the IT approved antivirus software on all workstations, laptop computers and mobile computing devices that access the Corporate network or confidential data, if antivirus software is available. The antivirus software programs will:

• All Desktop’s and Laptop are required to have a Malware / Spyware application installed / maintained by corporate such as (McAfee, Symantec, Trend, AVG etc…)
• General user access on the local host should be restricted to non administrative accounts to prevent configuration changes and un-authorized software install / un-installs

• Require that virus updates and signatures be updated at least once each day;
• Centrally record malware signature and program updates to record when updates are installed;
• Verify that antivirus logs are being generated and that logs are centrally captured to identify potential threats;
• Confirm that the antivirus program performs a comprehensive scan of removable media, when installed; and
• If IT approved antivirus software is not available, the system owner is responsible to deploy a mitigating control and obtain approval from the Manager, Security Architecture & Security Assessment Center. 

Malware protection will include the following systems administration controls:

• All remote or third party systems will be checked for effective malware protection prior to allowing access to Corporate systems, network, or confidential data.
• The examination of electronic mail attachments, data, and software downloads for malicious code before use on corporate systems.
• Procedures for users of systems and data to report known malicious software and requirements to prohibit users from disabling malware protection systems. 

Provide user training and awareness to include:

• Identification of malicious software.
• Reporting of malicious software.
• Effective use antivirus software.
• Procedures to avoid downloading or receiving malicious software. 
• Any workstation or laptop computer (to include third party systems) connecting to the Corporate network must have a personal firewall implemented in accordance with the Malware and End Point Protection Standard.
• Laptop computer personal firewalls must be configured to deny all inbound connections with only the exception of authorized encrypted network protocols and only for use for authorized remote support purposes.
• Personal firewalls must be configured to restrict inbound and outbound traffic at a minimum of medium protection level.
• Personal firewalls must be configured to generate and save audit logs.

No un-authorized applications are to be installed on the desktop / laptops for any reason unless explicit permission is granted by the Information Security team.