Disable all autoplay functions, via GPO or script if you can Check using WSUS or MBSA to see that the patch is installed for the vulnerability Conficker exploits on all your machines
Make sure you don't have any rogue devices showing up in DHCP scopes These might do you for starters 2009/11/20 Kelsey, John <[email protected]> > Looks like we're getting hit the Conficker this morning. Sophos is > reporting several hundred 'conficker detected/cleaned' messages, so at least > its catching it...BUT....how do I determine the source of the infection? > Something I can look for with wireshark or something? Apparently there are > some unprotected machines on the network. > > Any suggestions are welcome! > > > ******************************* > *John C. Kelsey > *DuBois Regional Medical Center > (: 814.375.3073 > 2 : 814.375.4005 > *: [email protected] > ******************************* > > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > This message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
