Pop quiz that just came up after a discussion with some users

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Your user has a laptop and works in a site with a single server, which in turn is connected via VPN to all of our other sites. The user wants a docking station ordered of said laptop and the following comes up in conversation:

"Oh yeah, and I keep getting Virus alerts."
"sorry what?"
"Yeah Virus alerts, been getting them for weeks - but I didnt think it important enough to bother you guys with.."
"......."

So here is the question for you tech savvy people, do you:

A) Explain to the user that Viruses destroy systems, and that in his misguided attempt to spare us some work he may have compromised the entire network, and he should disconnect from the network at once and not connect again until the problem resolves itself.

B)Hop on a train to Liverpool, head to the office, kick the door in and with the strength of your divine fury and attempt to beat some sense into the user with said laptop.

C) Hang the phone, head to your server room and cry while you say goodbye to your faithful companions who have served you well, putting them out of arms way "for their own good"

D) Panic.

so what would you guys do?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Haha sounds like fun...

B though, definitely B.


...Reminds me of the time when one of our users did something stupid.

From the users computer I log on using RDP to our file and print server to check printer settings for our main printer.

Then I log on to our exchange server to check queues from the same computer.

I turn around to answer a question from one of our directors who has found me by wandering around the office...

I turn back around and....

The user has only managed to shutdown both servers, causing mahem to the 300+ other people now unable to work, with the Director of the company standing behind me.

When I asked WTFH she was playing at she simply answered - "I thought you wanted me to shut it down."

...

I was not pleased.

Suffice it to say, don't give them a chance to do anything stupid. Treat users like sheep. Very stupid sheep.

 

definately B we need to form a elite team of "user trainers". everyone wins, you get to go on a company paid jolly to liverpool and you get to impose extreme violence on said user, and user gets a new office in the post room where they can cause less damage sorting mail.

 

I would go for option F...

Tell them that i would love to help them by remotley connecting to thier system, but currently my system is unavailable due to there being a virus loose within the network possibly loaded from some users laptop a few weeks ago. Rest assured that once this problem has been permenatley removed, i will do all i can to help you out, but thi smay be some time.


Of course the short answer also appeals to me, go round there and shove thier laptop and virus where the sun dont shine, and ask "Does that hurt or affect you in anyway?"

 

What about option g:

Fire, and lots of it.

 

Being serious here, I would choose A, but something needs to be proactively done. The problem will not resolve itself no matter how much you wish it to.

I would then look at creating a punishment group in AD with very restrictive GPOs and put the user in it for 1 week.

 

Yes seriously though something will need to be done. what av system do you have in place as I would assume any corporate size email solution would email the sys admin when a virus is detected on a client. Ours does which gives me hours of entertainment when i say "so what were you looking at when this happened" .

said laptop now really cannot be trusted on the network and ideally would require a reimage, which may teach the user if they had stored anything locally. Perhaps now would be a good time to send out an all user email reminding people of the dangers of using a works pc for recreational web browsing and what to do should a virus be detected. Perhaps users boss should also be cc'd into any "advice" you send them about their compromised workstation.

 

We are using Mcaffe enterprise, which normally provides very good protection against viruses and unwanted programs.

No notification was sent which worries me, however the user rang off just after that comment as there was meeting he needed to get to, so I dont know if they are virus alerts, spyware in the form of those annoying pop ups which say you are infected please use product X to solve it.

Passed it along to my supervisor who is threatening to catch a flight from London to Liverpool and take the laptop off the user.

Until we can get hold of them not much more can be done as its not on the network atm.

I do like the idea of a Sin Bin OU, I have a couple of people who would be in there permanently.

 

That's one of the pleasures of an Enterprise-class AV solution: if a user gets virus alerts, you get virus alerts. If you're not getting them... I suggest switching to a different solution.

Personally, I'd choose bits and pieces of A... then I'd figure out where WE in IT went wrong with regards to user education and in blocking this sort of thing from entering our network in the first place. Gateway AV, e-mail purification, and Web filtering go a long way to preventing what we like to call "user stupidity" when, in truth, it's only partially their fault - we must take some of the blame.

 

The best suggestion I have heard all week

 

Too true mate. After all, that's our job and it's what we get paid for.