Fine, except some "well known and trusted" sites get compromised on occasion. This is one route by which malicious PDF files hit folks via "drive by" infections. -- richard
"Paul Hutchings" <[email protected]> wrote on 09/15/2010 12:07:40 PM: > Do you do URL filtering? I work on the theory A/V should be the > last line, stop them getting there in the first place. > > From: John Hornbuckle [mailto:[email protected]] > Sent: 15 September 2010 17:20 > To: NT System Admin Issues > Subject: #*&$&% "Security Tools" Malware > > The ?Security Tools? malware is about to drive me insane. My users > keep managing to infect themselves with it, and we?re having trouble > stopping it. > > They don?t run with admin rights, so there?s no real damage done to > their systems and we can clean it up in about two minutes. But the > time adds up, and I?m tired of my technicians having to waste time on it. > > Our antimalware software is Microsoft?s Forefront Client Security, > and it?s having a tough time catching this. Every time I get > infected, I send the EXE to Microsoft and they update their > definitions?but the EXE?s used by the malware apparently change > rapidly, and seem to constantly be a step ahead of FCS?s definitions. > > I can think of a couple of options that I know would stop it, like > blocking all EXE?s at our web filter or using group policy to limit > the running of EXE?s?but this would also prevent users from doing > things like installing safe plug-ins from websites, so it?s not a > first resort. > > Suggestions? > > > > John Hornbuckle > MIS Department > Taylor County School District > www.taylor.k12.fl.us > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > NOTICE: Florida has a broad public records law. Most written > communications to or from this entity are public records that will > be disclosed to the public and the media upon request. E-mail > communications may be subject to public disclosure. > > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the > use of the intended recipient. If you receive this e-mail in error, > please delete it and notify us either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of > the e-mail as this is prohibited. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
