It can take hours to months before the antivirus companies know about a new virus or piece of malware. In that time, that malware might make it onto your computer. By running weekly scans, when the antivirus companies are able to send out updates to address a piece of malware, your machine will have a chance to catch any malware that slipped in before the update was available. Real-time protection is important, but weekly scans are just as important. Read more...
Internet and Port Block FAQ
Network access disabled - (Internet and port blocks)
Computers that become infected (e.g., virus, worm, trojan) almost always try to infect not only other computers at Yale, but also systems on the Internet. As soon as this is detected the computer's access to and from the Internet is blocked by Information Security staff. This is done to protect the computer from further compromise and also to minimize complaints against Yale when our computers attack systems at other institutions. In rare cases, if the compromise is severe enough, the computer may be completely disconnected from the network.
- IP Internet block: In most cases access to/from the Internet to a specific IP (e.g., 130.132.xxx.xxx) is disabled. The computing device will still have access to the local University network (*.yale.edu). You can still get your Yale email and reach Yale internet sites, but you will not be able to send traffic outside the Yale domain until you have been unblocked.
- Switch port block: In some instances we must enforce a port block that disables all network connectivity (local and Internet).
See also: Information Technology Appropriate Use Policy IT-AUP [1607.2 Conditions of University Access: C. User access Deactivation]
Information Security staff make every effort to ensure that the owner of the blocked computing device is contacted, but because of the primary importance of minimizing the compromise and protecting other devices on the Yale network and the Internet we are unable to contact owners before the block is implemented.
Note: Be sure that your device is registered and that your contact information is up-to-date:
If you need assistance determining if your computing device has been blocked or if you need assistance with remediation and appropriately securing the device you can contact the Help Desk ( 432-9000 - firstname.lastname@example.org).
Please see the request form for IP unblock and/or to remove a port block. Once the Information Security Office receives confirmation that the compromised computing device has been investigated, remediated and secured, and whether the computing device was used to create, access or receive confidential or protected information, network access will be restored.
- All requests to remove an IP unblock and/or remove a network hub (switch) block must be submitted using the online form.
- If all required information on the form is complete and all appropriate steps have been completed to secure the host, the turn-around time during normal business hours (Mon-Fri 8:30 AM - 5 PM) is 24 hours.
- If there are extenuating circumstances that require a more rapid turn-around such that restoration of access is critical to the core functions of the University (administrative, clinical care, education, research), we request that in addition to submitting the online form that contact is made with an Information Security Staff member via phone:
ISO staff (during business hours) or
ISO on-call phone: 203.627.4665 (during non-business hours).