Re: Virus from user returning from leave

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Andrew H (ajhpms_at_hotmail.com)
Date: 04/21/04 

Date: Wed, 21 Apr 2004 21:33:56 +0200

We're using CA eTrust Antivirus 7, and in general are more than satisfied
with it. It installs to remote machines from a central admin server (in
this case the SBS itself), but not in the login script. Signature updates,
on the other hand, happen on login and at periodic intervals. Our problem
is that we switched to eTrust AV from InoculateIT at approximately the same
time that MyDoom hit, so this user didn't have the right product loaded to
receive signature updates.

"Trevor OE News" <thetrev68 @ hotmail.com> wrote in message
news:OjdfUp8JEHA.620@tk2msftngp13.phx.gbl...
> Andrew,
>
> What kind of antivirus solution are you using now?
>
> I have trend's autopcc in the logon script for users, so anytime they
logon,
> the antivirus is installed or updated as appropriate. This would have
> prevented what you are seeing. I'm sure other antivirus vendors have a
> similar tool...
>
> -Trevor
>
> "Andrew H" <ajhpms@hotmail.com> wrote in message
> news:eJPkj23JEHA.624@TK2MSFTNGP11.phx.gbl...
> > A user at one of my sites came back from an extended leave, and his
> machine
> > started pumping out about 700Mb of email a day - fortunately this showed
> up
> > on the SBS usage report. We tracked it down to MyDoom.A on his machine.
> >
> > The issue is: while he was away on leave, the AV program in use at the
> site
> > was retired and replaced with a newer program for all the users on the
> > system, automatically, except for him. On his return, he either brought
> > MyDoom back with him or caught it quickly once he connected to the lan.
> >
> > Does anybody have any suggestions for preventing this sort of scenario
in
> > the future?
> >
> > I once heard somebody at Microsoft talking about a Quarantine facility
of
> > some sort which would have prevented that user fully attaching to the
LAN
> > until his AV was up-to-date, but I don't know if that was a forthcoming
> > attraction or something applicable to this situation.
> >
> >
>
>

Relevant Pages

  • Re: Security Centre Message
    ... 'Windows did not find antivirus software on the computer'. ... I had McAfee security centre installed when I bought the pc. ... McAfee always installs updates automatically, and I have never had any ... How can I ensure that Vista re-recognises McAffee. ...
    (microsoft.public.windows.vista.general)
  • Re: Is antivirus installer using a security hole?
    ... > that goes out and finds all your network's windows clients ... Then it installs ... such as with McAfee antivirus. ...
    (microsoft.public.win2000.security)
  • Re: AntiVirus Conflict
    ... she installs AVG antivirus is it okay or will there be a conflict? ... Did Comcast provide software that installed McAfee on the computer? ... AVG will play okay with almost any other antivirus software, but I would never install two ...
    (microsoft.public.windowsxp.general)
  • Re: THis is free antivirus !!! download it and install!!!
    ... version of Antivirus for FREE!!!! ... whith our Antivirus!!! ... Link to download: ... Anyone who downloads this and installs it deserves what they get. ...
    (alt.comp.anti-virus)
  • Re: Virus from user returning from leave
    ... > I have trend's autopcc in the logon script for users, ... > the antivirus is installed or updated as appropriate. ... on the lan, ... >> Does anybody have any suggestions for preventing this sort of scenario ...
    (microsoft.public.windows.server.sbs)