DefectDojo DefectDojo
Trust Center

Anti Virus Policy

Definitions

  • Virus: A program that attaches itself to an executable file or vulnerable application and delivers a payload ranging from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects executable code embedded in Microsoft Office programs that allow users to generate macros.
  • Trojan Horse: Destructive programs, usually viruses or worms, hidden in an attractive or innocent-looking piece of software, such as a game or graphics program. Victims may receive a Trojan horse via email, removable media, or downloads from websites.
  • Worm: A program that copies itself elsewhere in a computing system, either on the same computer or across networks. Worms may disrupt networks by overloading them. Unlike viruses, worms do not need to attach to files.
  • Spyware: Programs that install and gather information from a computer without permission, reporting it to the creator or third parties.
  • Malware: Short for malicious software; programs designed to damage or disrupt a system, including viruses, worms, and Trojan horses.
  • Adware: Programs installed without user consent or bundled with software to display ads, often causing system slowness or errors.
  • Keyloggers: Programs that capture keystrokes and may also record screen images, often sending data to a third party.
  • Ransomware: Malware that restricts user access to systems or files until a ransom is paid.
  • Server: A computer program that provides services to other programs or devices. A computer running a server program is referred to as a server.
  • Security Incident: An assessed event of unauthorized entry or attack on an automated information system, including disruption, destruction, or alteration of system functions.
  • E-mail: Electronic mail, consisting of messages sent over electronic media by a communications application.

Overview

Malware threats must be managed to minimize downtime on DefectDojo, Inc. systems and protect critical systems and member data. This policy is established to:

  • Create prudent and acceptable practices for anti-virus management.
  • Define key terms regarding malware and anti-virus protection.
  • Educate individuals who use DefectDojo, Inc. system resources on their responsibilities for anti-virus protection.

Note: The terms virus and malware, as well as anti-virus and anti-malware, may be used interchangeably.

Purpose

This policy was established to prevent infection of DefectDojo, Inc. computers, networks, and systems from malware and other malicious code. It aims to prevent damage to user applications, data, files, and hardware.

Audience

This policy applies to all computers connecting to the DefectDojo, Inc. network, including desktop computers, laptops, servers, and any PC-based equipment connecting to the network for communications, file sharing, and other purposes.

Policy Detail

All devices connected to the DefectDojo, Inc. network must have anti-virus software installed and configured so that virus definitions are current and automatically updated. Anti-virus software must be actively running at all times.

  • Virus protection software must not be disabled or bypassed without approval.
  • Settings must not be altered in a way that reduces effectiveness.
  • Automatic update frequency must not be reduced.
  • File servers must use IT-approved virus protection software to detect and clean viruses.
  • E-mail gateways must utilize IT-approved virus protection software.
  • All files must be periodically scanned for malware.
  • Any virus not automatically cleaned constitutes a security incident and must be reported to the Service Desk.

If necessary to prevent propagation or damage, infected devices may be disconnected from the network until cleaned.

User Responsibilities

  • Never open files or macros from unknown, suspicious, or untrustworthy sources. Delete them immediately, including from Trash or Recycle Bin.
  • Delete spam, chain, or junk mail without opening or forwarding.
  • Never download files from unknown or suspicious sources.
  • Always scan removable media from unknown or non-DefectDojo sources (e.g., CDs, USBs) before use.
  • Regularly back up critical data to network drives or other safe locations. Contact the IT Department for guidance.
  • Periodically check the Anti-Virus Policy for updates. Consult IT for updated recommendations.

Enforcement and Reporting

  • Every virus not automatically removed must be reported to the Service Desk.
  • Users failing to follow this policy may face disciplinary action.
  • All security incidents related to malware or viruses are investigated and mitigated according to standard IT and security procedures.

Updates and Continual Improvement

  • This policy is reviewed periodically as part of DefectDojo, Inc.’s continual improvement process.
  • Updates to virus definitions, software configurations, and procedures are applied as needed to maintain system security.
Prev
Access Control Policy
Next
Anti-Corruption & Bribery Policy