I then took note of the IP address of attackers and using the nmap command I could verify that indeed the workstations that were attacking my computer, had the Conficker worm. Going to read the web MSRPC Server Service BO in the Symantec web site, I noticed at the bottom of the page, a reference to the Microsoft Security Bulletin MS08-067, the security bulletin on the vulnerability exploited by Conficker. I installed the IPS module on a workstation subject to attack by Conficker, the IPS module immediately reported the attack, pointing out the IP address of the attacker and the threat that was trying to exploit: MSRPC Server Service BO detected. Many of my efforts, could be avoided if I had used the IPS module of the SEP. The main problem that I faced, was the identification of infected workstations.
In the past I have to take care of removing the worm Conficker from several corporate LAN. Recently I was able to appreciate the importance of the IPS ( Intrusion Prevention System) module of Symantec Endpoint Protection (SEP). Unlike other boot cdrom for removing viruses and malware infections, Symantec Endpoint Recovery Tool CdRom give to you the chance to installs the latest virus definitions, even without an Internet connection active, making it possible to recover the definitions directly or from the hard disk of the computer infected or from an USB stick connected to the infected computer. You can see Symantec Endpoint Recovery Tool CdRom in action in this video: The Symantec Endpoint Recovery Tool CdRom arises in the direction indicated by Andreas Marx and Maik Morgenstern in their article. Scanner could detect and delete all rootkit and malwareĬomponents as long as the signature database is up to date So a scanner would be able to see all fi les and registryĮntries which would usually be hidden. This media, the rootkit cannot be activated on the system, Installation CD or a CD or disk that a user can create and In their article Anti-Stealth Fighters: RootKit Testing forDetection and Removal ( VirusBulletin, April 2008), the authors Andreas Marx and Maik Morgenstern have written:Ī step in the right direction could be to focus on providingīootable rescue media, too: this might be the product
0 kommentar(er)
