Administrative Departmental Policy
This department-specific procedure applies to the operations and staff of the Information Services
Department of the University of Wisconsin Hospitals and Clinics Authority as integrated effective July 1,
Procedure Title: Systemwide Malware and Antivirus
Procedure Number: IN-PRO-005
Effective Date: 02/26/16
This procedure describes the processes for updating and maintaining antivirus software on UW
Health workstations and servers, as well as other non-UW Health managed devices, to protect the
security of PHI and UW Health business information.
II. DEFINITIONS (optional)
III. POLICY ELEMENTS
This procedure supports the following policy:
Systemwide Malware and Antivirus Policy (IN-POL-005)
1. All workstations that log in to the UW Health domain receive antivirus software.
2. All Windows servers have antivirus software manually installed and configured during
the initial build process to allow administration from the central antivirus server.
3. All Windows workstations have antivirus software installed and configured automatically
from the central antivirus server.
4. Exceptions to antivirus deployment must be approved by a Senior Security Consultant,
the IS Director – Systems Security, or the UW Health IS CTO.
B. System Scan
Where possible, antivirus software is administered from a central server to control the scanning
schedule and definition updates.
1. For Windows-based servers and workstations, a system scan is scheduled to run on a
2. UW Health domain servers and workstations are scanned at the client level and are not
administered from a central server.
3. Other systems are scanned and updated as risk dictates.
C. Real Time Scanning
A real-time antivirus scan is done on any document opened or downloaded.
D. System Updates
The corporate AV management server is configured to check with the antivirus software provider
at least once a day for any new definition updates.
E. Device Updates
1. Systems are configured to check the corporate AV management server for definition
updates at least once a day. Where possible, the corporate AV management server should
be used to enforce the system configuration and provide the definition updates.
2. Systems receive antivirus client updates through deployment tools or manual installation.
1. Systems that are not current on their virus scanning engine or definition files are
identified by audit.
2. Workstations or servers with out of date definition files are assigned to the appropriate
teams for resolution.
V. FORMS (optional)
VI. REFERENCES (optional)
Sr. Management Sponsor: UW Health IS CTO
Author: UW Health IS Director - Systems Security
Reviewer(s): UW Health IS Directors
Approval Committee: UWHC Internal Auditor
UW Health CIO
Effective Date Next Review Summary of Changes Change Authors
02/26/2016 TBD/2017 Annual review/revision. E. Gerke, C. Frank, E. Bakkum
6/20/2014 6/20/2015 Original release.
E. Gerke, D. Jaworski, S. Schroeder, J.