|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
June 9th 04, 04:43 PM
|
|||
|
|||
why is Sasser trying to infect a patched system?
we have a unusual situtation. We have a properely patched server (2000), but for some reason sasser keeps trying to lay down a file on it, which is then quantined. This has happened twice in the last 5 days on this server. Any ideas would be welcome.
|
| Ads |
|
#2
June 9th 04, 05:46 PM
|
|||
|
|||
|
why is Sasser trying to infect a patched system?
Do you have a firewall protecting your network from the Internet at the
perimeter, with no unneeded/dangerous ports open? Are all workstations patched with Windows Update successfully, with all critical patches? Are you running centrally-managed desktop antivirus software, kept updated regularly & automatically? Jim-GSK wrote: we have a unusual situtation. We have a properely patched server (2000), but for some reason sasser keeps trying to lay down a file on it, which is then quantined. This has happened twice in the last 5 days on this server. Any ideas would be welcome.
|
|
#3
June 9th 04, 08:46 PM
|
|||
|
|||
|
why is Sasser trying to infect a patched system?
yes we are under a firewall which is under the control of and unit. The only unquie thing is that the server in question is a Web Cast.
|
|
#4
June 10th 04, 03:46 AM
|
|||
|
|||
|
why is Sasser trying to infect a patched system?
Don't know what you mean by web cast....can you answer the rest of my
questions? Jim-gsk wrote: yes we are under a firewall which is under the control of and unit. The only unquie thing is that the server in question is a Web Cast.
|
|
#5
June 11th 04, 03:41 PM
|
|||
|
|||
|
why is Sasser trying to infect a patched system?
I know what a webcast is (it's not the server, it's what the server does,
more specifically), just didn't understand what you meant. Gotcha now. Where are you seeing the file/activity on your server? What ports are open from the Internet to this server or your network in general? Jim-gsk wrote: Are all workstations patched with Windows Update successfully, with all critical patches? yes they are. Are you running centrally-managed desktop antivirus software, kept updated regularly & automatically. yes we are. A web cast is a server that deals in video tele conferenceing
|
|
#6
June 11th 04, 07:41 PM
|
|||
|
|||
|
why is Sasser trying to infect a patched system?
Jim-GSK wrote:
we have a unusual situtation. We have a properely patched server (2000), but for some reason sasser keeps trying to lay down a file on it, which is then quantined. This has happened twice in the last 5 days on this server. Any ideas would be welcome. Hi What is the version number on the file %windir%\System32\Lsasrv.dll ? -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/com...r/default.mspx
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
