Educause Security Discussion mailing list archives
RFI--Forefront and Alureon
From: mccalluq <mccalluq () LCC EDU>
Date: Mon, 9 Apr 2012 14:13:58 -0400
Lansing Community College implemented Forefront in Summer 2011. Starting in 2011 Q4 Forefront was detecting and reporting Alureon infections. Forefront was not able to quarantine nor remove the malware. Currently our solution is to use a couple of anti-malware products in tandem to completely remove Alureon (certain variants). A/V environment: . Forefront client, server, and reporting server are 2010. . Clients are configured via AD/GP for daily, quick scans and weekly, full scans. . Signatures are updated before all scans. Other considerations: . The College has a large laptop footprint. Qualitatively, we feel the malware is getting on the system when outside our network (user's home network). . HIPS is not installed. We are curious if other HEs are seeing this with their Forefront environments. If common, I have a route to bring a "larger" issue to Microsoft. Please feel free to contact me off-line if preferred. mccalluq () lcc edu Thanks, Quentin L. McCallum, CISSP Information Security Analyst Lansing Community College 517-267-5014
Current thread:
- RFI--Forefront and Alureon mccalluq (Apr 09)
- Re: RFI--Forefront and Alureon Chuck Keeler (Apr 09)