If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
why is Sasser trying to infect a patched system?
we have a unusual situtation. We have a properely patched server (2000), but for some reason sasser keeps trying to lay down a file on it, which is then quantined. This has happened twice in the last 5 days on this server. Any ideas would be welcome.
|
Ads |
#2
|
|||
|
|||
why is Sasser trying to infect a patched system?
Do you have a firewall protecting your network from the Internet at the
perimeter, with no unneeded/dangerous ports open? Are all workstations patched with Windows Update successfully, with all critical patches? Are you running centrally-managed desktop antivirus software, kept updated regularly & automatically? Jim-GSK wrote: we have a unusual situtation. We have a properely patched server (2000), but for some reason sasser keeps trying to lay down a file on it, which is then quantined. This has happened twice in the last 5 days on this server. Any ideas would be welcome. |
#3
|
|||
|
|||
why is Sasser trying to infect a patched system?
yes we are under a firewall which is under the control of and unit. The only unquie thing is that the server in question is a Web Cast.
|
#4
|
|||
|
|||
why is Sasser trying to infect a patched system?
Don't know what you mean by web cast....can you answer the rest of my
questions? Jim-gsk wrote: yes we are under a firewall which is under the control of and unit. The only unquie thing is that the server in question is a Web Cast. |
#5
|
|||
|
|||
why is Sasser trying to infect a patched system?
I know what a webcast is (it's not the server, it's what the server does,
more specifically), just didn't understand what you meant. Gotcha now. Where are you seeing the file/activity on your server? What ports are open from the Internet to this server or your network in general? Jim-gsk wrote: Are all workstations patched with Windows Update successfully, with all critical patches? yes they are. Are you running centrally-managed desktop antivirus software, kept updated regularly & automatically. yes we are. A web cast is a server that deals in video tele conferenceing |
#6
|
|||
|
|||
why is Sasser trying to infect a patched system?
Jim-GSK wrote:
we have a unusual situtation. We have a properely patched server (2000), but for some reason sasser keeps trying to lay down a file on it, which is then quantined. This has happened twice in the last 5 days on this server. Any ideas would be welcome. Hi What is the version number on the file %windir%\System32\Lsasrv.dll ? -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/com...r/default.mspx |
Thread Tools | |
Display Modes | |
|
|