Antivirus Regulation Policy
| Authority: | Vice Chancellor for Administration and Finance |
| History: | ITCS Policy No. 7.302 |
| Supersedes Policy Dated: |
October 3, 2001 |
| Review Date: |
November 9, 2011 |
| Related Policies: |
None |
| Additional References |
None |
| Contact for Information: |
Margaret Umphrey, Director, IT Security, 252.328.9187 |
Introduction
Purpose of Regulation
To establish guidelines governing the use and connection of networking devices on the university’s data communication network. This regulation applies to all university desktop, laptop, mobile and server computing systems.
Person(s) With Primary Responsibility
Director of IT Security
Regulation
All desktop, laptop, mobile and server computing systems (that have ITCS-supported antivirus software where applicable) connected to the East Carolina University computer network (herein referred to as “the network”) or networked resources shall have ITCS-supported antivirus software (preferably the most current version) correctly installed, configured, activated and updated with the latest version of virus definitions before or immediately upon connecting to the network. Directions for procurement, installation, configuration and use of antivirus software are located at http://www.ecu.edu/cs-itcs/itsecurity/customcf/computersecurity.pdf
If deemed necessary to prevent viral propagation to other networked devices or detrimental effects to the network, computers infected with viruses or other forms of malicious code (herein collectively referred to as “malware”) shall be disconnected from the network until the infection has been removed.
When an enterprise-wide virus attack is in progress, ITCS shall notify the campus computing community via the best available method, and all files on all hard drives should be scanned immediately using the newest virus definitions available.
Other operating systems or computing platforms shall have comparable protection, if available. In the event that no antivirus protection is available for a particular operating system or platform, anyone using or accessing these unprotected systems shall apply all prudent security practices to prevent infection, including the application of all security patches as soon as they become available. When antivirus software becomes available for an operating system or platform previously lacking antivirus software, it shall be installed on all applicable devices connected to the network.
Any exceptions to this regulation must be explicitly approved by the ITCS Information Technology Security Department.
