Combination of AppSense Application Manager on the Citrix farm and a standard GPO on the VDI desktops
2009/11/20 Erik Goldoff <egold...@gmail.com> > What whitelist app are you using ? > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > ------------------------------ > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Friday, November 20, 2009 8:49 AM > > *To:* NT System Admin Issues > *Subject:* Re: Conficker Help! > > Ouch. I love my application whitelists. > > 2009/11/20 Steve Kelsay <kels...@sctax.org> > >> We go hit with it two weeks ago despite being fully patched and multiple >> layered defense. >> >> We had Sunbelt check the files. A new variant, apparently. They built a >> tool to detect it and prevent further infections, but we had to run >> fseasyclean on all the machine and servers to get rid of it, then reboot >> each one. A real pain on the servers. >> >> >> >> *From:* Kelsey, John [mailto:jckel...@drmc.org] >> *Sent:* Friday, November 20, 2009 8:34 AM >> *To:* NT System Admin Issues >> *Subject:* Conficker Help! >> >> >> >> Looks like we're getting hit the Conficker this morning. Sophos is >> reporting several hundred 'conficker detected/cleaned' messages, so at least >> its catching it...BUT....how do I determine the source of the infection? >> Something I can look for with wireshark or something? Apparently there are >> some unprotected machines on the network. >> >> >> >> Any suggestions are welcome! >> >> >> >> >> >> ******************************* >> *John C. Kelsey** >> *DuBois Regional Medical Center >> (: 814.375.3073 >> 2 : 814.375.4005 >> *: jckel...@drmc.org >> ******************************* >> >> >> >> >> >> This email and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> If you have received this email in error please notify the system manager. >> This message contains confidential information and is intended only for the >> individual named. If you are not the named addressee you should not >> disseminate, distribute or copy this e-mail. >> >> >> >> >> >> >> >> >> >> > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > http://raythestray.blogspot.com > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
