RFI--Forefront and Alureon

[mccalluq <mccalluq () LCC EDU>]

Lansing Community College implemented Forefront in Summer 2011. Starting in 2011 Q4  Forefront was detecting and 
reporting Alureon infections. Forefront was not able to quarantine nor remove the malware. Currently our solution is to 
use a couple of anti-malware products in tandem to completely remove Alureon (certain variants).

 

A/V environment:

.         Forefront client, server, and reporting server are 2010.

.         Clients are configured via AD/GP for daily, quick scans and weekly, full scans.

.         Signatures are updated before all scans.

 

Other considerations:

.         The College has a large laptop footprint. Qualitatively, we feel the malware is getting on the system when 
outside our network (user's home network).

.         HIPS is not installed.

 

We are curious if other HEs are seeing this with their Forefront environments.

 

If common, I have a route to bring a "larger" issue to Microsoft.

 

Please feel free to contact me off-line if preferred. mccalluq () lcc edu

 

Thanks,

Quentin L. McCallum, CISSP

Information Security Analyst

Lansing Community College

517-267-5014