McAfee Products Coverage for Conficker Worm
You could possibly use the HIPS Firewall to block the network traffic ports used to propogate, but that would entail blocking all NETBIOS traffic, which would affect other application needs/uses.
From my theoretical reading that Mcafee hips will block malicious exploits and threats, I wonder if it is able to block the worm even if the port 445 is not blocked?
Have you tried windows updates? You're pretty safe if you have Windows and VirusScan up to date.
The short answer is "Not really". If you have Conficker in your enviornment you need to be 100% sure the following settings are done:
1. Self-protection must be on.
2. On-Access Scanning must be enabled for Reads and Writes
3. You MUST perform a full on Demand Scan
4. Buffer Overflow should be turned on
5. Artemis should be enabled at Medium
6. You should perform daily scans of memory (Memory for Rootkits & Running Processes)
7. You should have a DAT within the last 5-7 days (For Conficker something in the last year or two is probably fine)
8. You should be running at least VSE 8.7 or 8.8 (though if you haven't deployed 8.8 you probably need your head examined)
9. You should be current on the engine
10. You must scan "All Files" not just "Default plus additional". The latter option is only for debugging and makes VSE stupid.
Windows patches are worthless against Conficker. Once it gets into the environment it no longer uses the MS 08-067 flaw to spread. Patching is a waste of time if you are already infected. Just do all 10 items above without any exceptions (which everyone should be doing anyways).
Why would I need Artemis at medium?