What whitelist app are you using ? Erik Goldoff
IT Consultant Systems, Networks, & Security _____ From: James Rankin [mailto:[email protected]] Sent: Friday, November 20, 2009 8:49 AM To: NT System Admin Issues Subject: Re: Conficker Help! Ouch. I love my application whitelists. 2009/11/20 Steve Kelsay <[email protected]> We go hit with it two weeks ago despite being fully patched and multiple layered defense. We had Sunbelt check the files. A new variant, apparently. They built a tool to detect it and prevent further infections, but we had to run fseasyclean on all the machine and servers to get rid of it, then reboot each one. A real pain on the servers. From: Kelsey, John [mailto:[email protected]] Sent: Friday, November 20, 2009 8:34 AM To: NT System Admin Issues Subject: Conficker Help! Looks like we're getting hit the Conficker this morning. Sophos is reporting several hundred 'conficker detected/cleaned' messages, so at least its catching it...BUT....how do I determine the source of the infection? Something I can look for with wireshark or something? Apparently there are some unprotected machines on the network. Any suggestions are welcome! ******************************* John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 2 : 814.375.4005 *: <mailto:[email protected]> [email protected] ******************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
