Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RFI--Forefront and Alureon

From: Chuck Keeler <keeler_c () MITCHELL EDU>
Date: Mon, 9 Apr 2012 19:12:16 +0000
We have been running Forefront for the past 2 years and this has not been a threat since last summer.

___________________________________
Charles Keeler
Mitchell College
Office of Information Technology
Chief Information Officer
(860) 701-5254

From: mccalluq <mccalluq () LCC EDU<mailto:mccalluq () LCC EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Mon, 9 Apr 2012 14:13:58 -0400
To: <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] RFI--Forefront and Alureon


Lansing Community College implemented Forefront in Summer 2011. Starting in 2011 Q4  Forefront was detecting and 
reporting Alureon infections. Forefront was not able to quarantine nor remove the malware. Currently our solution is to 
use a couple of anti-malware products in tandem to completely remove Alureon (certain variants).

A/V environment:

·         Forefront client, server, and reporting server are 2010.

·         Clients are configured via AD/GP for daily, quick scans and weekly, full scans.

·         Signatures are updated before all scans.

Other considerations:

·         The College has a large laptop footprint. Qualitatively, we feel the malware is getting on the system when 
outside our network (user’s home network).

·         HIPS is not installed.

We are curious if other HEs are seeing this with their Forefront environments.

If common, I have a route to bring a “larger” issue to Microsoft.

Please feel free to contact me off-line if preferred. mccalluq () lcc edu<mailto:mccalluq () lcc edu>

Thanks,
Quentin L. McCallum, CISSP
Information Security Analyst
Lansing Community College
517-267-5014



IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may 
be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be 
taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete 
all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have 
created and notify me immediately by replying to this email. Thank you.
Previous By Date Next
Previous By Thread Next

Current thread: