Correct
From: Richard Stovall [mailto:rich...@gmail.com] Sent: Wednesday, September 15, 2010 1:53 PM To: NT System Admin Issues Subject: Re: #*&$&% "Security Tools" Malware If you have a Windows AD domain, your DHCP scopes should point your clients to your INTERNAL DNS servers. Use your ISP's or ClearCloud as forwarders. On Wed, Sep 15, 2010 at 1:48 PM, John Aldrich <jaldr...@blueridgecarpet.com<mailto:jaldr...@blueridgecarpet.com>> wrote: Cool... Can I add that as an alternative to my ISP's DNS in my Active Directory, or should I just push that out through DHCP? From: Alex Eckelberry [mailto:al...@sunbelt-software.com<mailto:al...@sunbelt-software.com>] Sent: Wednesday, September 15, 2010 12:58 PM To: NT System Admin Issues Subject: RE: #*&$&% "Security Tools" Malware Btw, we update the malware URLs of these rogues right into ClearCloud. Feel free to and the ClearCloud DNS server as a replacement to your existing DNS: http://clearclouddns.com/ It's still beta, but I think you'll find it works quite well. And it's free. Alex From: Alex Eckelberry [mailto:al...@sunbelt-software.com<mailto:al...@sunbelt-software.com>] Sent: Wednesday, September 15, 2010 12:55 PM To: NT System Admin Issues Subject: RE: #*&$&% "Security Tools" Malware http://vipre.malwarebytes.org/ Free. And the combination really works. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>] Sent: Wednesday, September 15, 2010 12:20 PM To: NT System Admin Issues Subject: #*&$&% "Security Tools" Malware The "Security Tools" malware is about to drive me insane. My users keep managing to infect themselves with it, and we're having trouble stopping it. They don't run with admin rights, so there's no real damage done to their systems and we can clean it up in about two minutes. But the time adds up, and I'm tired of my technicians having to waste time on it. Our antimalware software is Microsoft's Forefront Client Security, and it's having a tough time catching this. Every time I get infected, I send the EXE to Microsoft and they update their definitions-but the EXE's used by the malware apparently change rapidly, and seem to constantly be a step ahead of FCS's definitions. I can think of a couple of options that I know would stop it, like blocking all EXE's at our web filter or using group policy to limit the running of EXE's-but this would also prevent users from doing things like installing safe plug-ins from websites, so it's not a first resort. Suggestions? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us<http://www.taylor.k12.fl.us> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
