Every IT shop should randomly sample workstations and servers on a periodic basis, looking for unordinary settings, files, and configurations. Looking for worms and viruses is best left to antivirus scanners. The idea is to query and document very normal information that would not usually set off an automated scanning tool’s alarm. When you see something unusual, investigate it. More often than not, the breadcrumbs will lead to a nonmalicious agent. Even so, the process will boost your understanding of your environment.”]
Source: https://www.csoonline.com/article/2626403/for-better-security–ditch-the-automatic-tools.html