The software was written by the company I work for. The core of the software began around 1995 or so. Back then there was no thought of future problems with systems that had no internet connection and USB was not available on the systems. Malware was rare and the OS was NT 4.0.
We have deployed ESET anti virus software on servers throughout the plant to distribute updates to the workstations. We've also attempted to set software restriction policies, which is a huge pain in the arse. There are dozens of PCs running various software that must be configured. Is there a way to set software restriction policies at a server and have the workstations obtain these policies automatically? This would certainly simplify things.
We've investigated changing the various programs so that they do not need to run as administrator, but the task is just too large. Much of the software was written/compiled with versions of Visual Studio that we no longer have. The software needs full access to the registry, full access to certain hardware (some of which we designed) and full access to all areas of the local C drive. We've got our own device drivers to go with our own hardware, none of which are 'signed' by MS. Migrating to Windows 7 would probably be impossible because of this.
We were wanting to try MSE along side what we have now. I installed MSE on a test system and it wouldn't even do a scan because it wanted to first get an update from MS.
Thanks again for your suggestions. If you have any other ideas, I'd be interested.