How ICTS deals with virus threats | Information and Communication Technology Services

Does ICTS send virus alerts?

ICTS will send out urgent communications to all users if the virus …

is rated as a Medium or High Risk by Trellix,
has infected PCs on campus and is spreading rapidly, or
starts compromising any part of the UCT network or servers.

How does ICTS know if it is serious or not?

We receive notification of new virus threats from many sources, including Trellix, who rate each new virus threat using three ratings: Low, Medium and High Risk.

Trellix will only release a new sdat file in response to a virus threat if it is rated as a Medium risk. We therefore follow Trellix's rating of the virus when determining how we react to a new threat.

How does ICTS ensure that all PCs are protected?

Daily updates of the virus signature (sdat) file are released by Trellix and made available via our anti-virus server which automatically distributes it to all Trellix repositories across campus. The Trellix software on your PC checks the anti-virus server and if it sees a newer sdat, it will pull it onto your PC. This ensures that your PC is constantly protected against viruses.

Trellix will compile and release emergency updates in response to any newly discovered, medium and high risk viruses. These emergency updates will be automatically installed on your PC if you use correctly configured, up-to-date Trellix software and are connected to the UCT network . Disinfection tools may also be released if Trellix feels that it is warranted.

Is email automatically scanned for viruses?

Yes. Trellix EndPoint Security provides various ways of scanning for viruses. UCT has chosen to use the "on access" scanning feature, where an email is scanned for viruses as it is accessed. In other words, the scanning takes place on your workstation as you open the message, rather than on the mail server.

What is the latest virus doing the rounds?

Go to the Trellix Advanced Research Centre to see what new viruses have made their appearance.

Is it just a hoax?

Before following any instructions that your friends may have sent you about the latest scary virus, first check to see if it is a genuine threat or not. Rather follow safe email practices and ignore/delete these warnings. Do not forward virus warnings on to other friends or colleagues.

How does ICTS keep you informed?

ICTS communicates with the University community through a number of channels:

ICTS website
Facebook
Twitter
IT Liaisons,
mailing lists (i.e. icts-announce-l, all-staff and all-students)
UCT website’s Daily news articles

We also publish a monthly electronic newsletter, Bits & Bytes, which we encourage you to follow.

All regular ICT announcements are sent from the ICTS Feedback email account using the icts-announce-l@lists.uct.ac.za mailing list, to which anyone can subscribe. Learn how to subscribe to mailing lists.

The official UCT mailing lists (all-staff and all-student) are only used if the message is about a critical service or if the message is urgent for all members of staff or all students.

All IT security-related information can be found on the UCT Computer Security Incident Response Team (CSIRT) website at csirt.uct.ac.za. Similarly, IT security-related email notifications will be sent via the uct-csirt-l mailing list.

We also post short announcements to our social media pages on Facebook and Twitter.

If no electronic channels are available (for example, due to a major failure) we may even make use of phone calls or sms to alert key people to the issue.