Hi all,
I’ve ended up here as I’m not quite sure where else to go for sensible discussion on the subject. I'm not sure if I'm correct or incorrect in my approach. I'm interested in the greater opinion!
Where I work, we have a fairly sensitive IT manager, who on seeing a Webroot Alert will shout 'fire fire fire' and shut everything and everyone down until a full investigation has been undertaken. This gets fairly wearing as every alert generates a lot of work. (Usually to no benefit) He has a particular urgency if a notification mentions Trojans.
Now, while I appreciate the sentiment, I can't help be get ever frustrated at this approach. I am under the (correct/incorrect?) impression that an alert from our scanner (Webroot) is a GOOD thing and that nothing has been executed/infected. Although I do agree that a quiet investigation is...