DSPT Standard 9: Anti-Malware — Assessment & Recommendations

Tool	Purpose	Is it anti-malware?
Lynis 3.1.6	Security auditing / hardening assessment	❌ No — audits config, doesn't scan for malware
Trivy	Container image vulnerability scanning	❌ No — checks for known CVEs in packages
Nmap	Network port scanning	❌ No — finds open ports, not malware
DefectDojo	Vulnerability management / tracking	❌ No — tracks findings from other tools

User	Device OS	Typical Built-in AV	Status
Matthew	[Windows/macOS]	Windows Defender or XProtect	⬜ Unconfirmed
Peter	[Windows/macOS]	Windows Defender or XProtect	⬜ Unconfirmed

Area	Status	Action Required
VPS host anti-malware	❌ None	Install ClamAV + freshclam + weekly scan
Docker containers	❌ None	Covered by host ClamAV + Trivy (acceptable)
Workstation anti-malware	⬜ Unconfirmed	Matthew and Peter to verify Windows Defender / XProtect is active

¶ DSPT Standard 9: Anti-Malware — Assessment & Recommendations