2 Replies Latest reply on Mar 12, 2009 1:12 PM by twenden

    EPO VSE Policies & Conficker worm

    twenden
      We have started to see the Conficker worm in our environment. This worm so far is spreading within a group that uses Symantec. It is stopping their Symantec from runnning thus infecting the systems.

      My question is basically what other people are doing to prevent Conficker? The rest of our campus is managed using EPO 3.6.1 and VSE 8.5i. In the Access Protection Rules, we have the box "Prevent McAfee Services from being stopped" unchecked. We did this to allow people to temporarily disable their virus software when transferring large files. It also allows the helpdesk to uninstall the EPO agent from systems.

      I am starting to believe that we might need to check this box and to "Not" allow the McAfee services from being disabled. What are other people doing to protect against Conficker?
        • 1. RE: EPO VSE Policies & Conficker worm
          Laszlo G
          You should really check this box again even if the data rate transfer is worst becuase you won't be protected anymore from viruses.

          Other thing you need is Microsoft patch MS08-067 in every machine because ts lack is used by confiker to infect machines.

          Another thing is to use complex passwords on shares because confiker tries brute-forcing attacks to infect them.
          • 2. RE: EPO VSE Policies & Conficker worm
            twenden


            Thanks for the info. I just got of the phone with McAfee Tech support. They also recommended that we enable that option. Just trying to make sure that McAfee does not get disabled by conficker.