We had a virus outbreak. SCEP support was horrible and so is the reporting. MS couldn't even give me a list of all the files that had been removed from my machines so that I could try to restore them. I finally pieced together a report for that but honestly I don't know how accurate it is.
The problem with support is the SCEP guys don't know CM and vice-versa. The SCEP guy actually told me the only way to find the list of quarantined files was to read a local log on each client. Plus AV and CM shouldn't be under the same roof to begin with. That's not normal lines of division inside of any IT department that I know of. John Marcum Lead Desktop Engineer Bradley Arant Boult Cummings LLP -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian McDonald Sent: Monday, February 10, 2014 7:40 PM To: <[email protected]> Subject: Re: [mssms] SCEP 2012 Interesting. What drove this decision out of curiosity? Brian Sent from my iPhone > On Feb 10, 2014, at 7:38 PM, "Marcum, John" <[email protected]> wrote: > > We are ripping SCEP out and installing Trend. > > ----- > On 02/10/14, at 17:54, Russ Rimmerman <[email protected]> wrote: > > > Which malware was it (per Malwarebytes), and out of curiosity does it > (or a similar variation) come up in the Malware Encyclopedia > http://www.microsoft.com/security/portal/threat/threats.aspx > > Do you still have the .exe saved somewhere, if so I'd recommend submitting a > sample to https://www.microsoft.com/security/portal/submission/submit.aspx > and they will let you know if it is already in the database which should help > w/troubleshooting why it skipped it. > > From: [email protected] > [mailto:[email protected]] On Behalf Of Brian McDonald > Sent: Monday, February 10, 2014 4:14 PM > To: [email protected] > Subject: RE: [mssms] SCEP 2012 > > No. :( > > > ________________________________ > From: [email protected]<mailto:[email protected]> > To: [email protected]<mailto:[email protected]> > Subject: RE: [mssms] SCEP 2012 > Date: Mon, 10 Feb 2014 20:09:39 +0000 > Was anything excluded from scanning? Was the path excluded by any chance > where the EXE live(d)? > > > Michael Dzikowski > Senior Systems Engineer | Ally Technical Infrastructure - Windows > Hosting [cid:[email protected]] > > From: > [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of Brian McDonald > Sent: Monday, February 10, 2014 3:01 PM > To: [email protected]<mailto:[email protected]> > Subject: [mssms] SCEP 2012 > > I came across some random issues with SCEP alerts and detection. Recently an > EXE made it through to a startup of a computer. Malware Bytes caught it, but > SCEP did not. Yikes! > > Has anyone seen any issues similar? What is the best approach in terms of > analyzing this to pin-point this down and get to the crux of the problem? As > far as I know, my environment is optimally configured according to best > practice. > > Thanks, > > Brian > > > > > > > > > > ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
