Browse by Tags

Rare off-topic post :)
It is currently MS’s giving campaign where we promote philanthropicness :).  A coworker sent this out to our internal blogger alias along with some others from this site that various MS MVP’s and internal employees worth with asking if we could post Read More...
Posted 22 October 09 01:48 by kfalde | 0 Comments   
Dealing with malware that creates .exe’s on file shares
So lately we keep seeing variants of malware that modifies content on file servers in an environment in hopes of spreading to other users.  My guess is that it is just using mapped drive letters thinking they are USB keys but the effects is the same Read More...
Posted 23 July 09 07:43 by kfalde | 5 Comments   
How to go green with FCS
I’m not a treehugger but I can definitely see the $$ with power savings. Having said that I had a customer recently that wanted his computers to wake up from sleep in order to do their scheduled scans for FCS. At first I was like nope not possible we Read More...
Posted 13 May 09 04:56 by kfalde | 0 Comments   
Filed under
Some Interesting FCS SQL Queries
With a recent case I have an issue where the client count of managed computers in MOM admin console was quite different then that in the FCS console so I was trying to find out exactly which computers were not in FCS so I could troubleshoot some of those Read More...
Posted 08 May 09 05:39 by kfalde | 3 Comments   
Filed under ,
Update Views for FCS in WSUS
Nothing profound with this post just detailing out a step I typically recommend to most of our new customers with regards to making life easier when viewing updates in WSUS.  In order to make your life easier viewing FCS inside of WSUS I typically Read More...
Posted 08 April 09 11:41 by kfalde | 0 Comments   
Cheap real time monitoring for Conficker clients
I already did one post about using eventcomb/logparser to look for clients but found a better way to do it on a case last night which I wanted to share.  The first thing you need is to enable netlogon debug logging on all of your DC’s save the following Read More...
Posted 09 March 09 11:21 by kfalde | 0 Comments   
Filed under
WSUS FCS Definitions
This is a follow up post to my previous FCS definitions post.  The first one focused on the mpam-fe files and what is contained that you can find on the security portal at www.microsoft.com/security/portal .  This one instead focuses on what Read More...
Posted 05 March 09 11:05 by kfalde | 4 Comments   
Filed under ,
Blocking and finding Conficker and Downadup systems
EDIT 4/27/09: THIS NO LONGER WORKS WITH NEW VARIANTS OF CONFICKER HOWEVER THE CONCEPT IS STILL SOUND IF YOU ARE LOOKING FOR SYSTEMS THAT ARE QUERYING FOR SPECIFIC DNS NAMES.   I’ve already created one post on finding malware systems using eventcomb Read More...
Posted 09 February 09 07:47 by kfalde | 0 Comments   
Filed under
Understanding FCS Definitions
A fairly frequent question we get is how do FCS definitions work. How do I find just the delta’s for the month etc. You can always manually download the latest definitions from http://www.microsoft.com/security/portal with the links on the right. This Read More...
Posted 09 February 09 12:31 by kfalde | 0 Comments   
Filed under
Using Logparser + Eventcomb to find malware
During the course of these Conficker / Downadup issues we typically see cases that started because accounts are getting locked out.  I pause briefly here to point out that account lockouts are the work of the devil and are a sorry excuse for most Read More...
Posted 28 January 09 05:04 by kfalde | 1 Comments   
Filed under
How-to: Removal of Conficker in your FCS environment
Another Conficker post :) however this one is aimed at our FCS customers. It semi-applies to other customers however other AV vendors operated differently with regards to updates etc so this won’t necessarily be applicable to all. So today is Patch Tuesday Read More...
Posted 13 January 09 01:46 by kfalde | 2 Comments   
More on File Shares and Autorun.inf with regards to malware
So in my last post I mentioned the fact that Conficker/Downad whatever can also have a component that will spread through file shares that allow everyone to write at the root level of the file share. So a typical autorun.inf looks something like this.. Read More...
Posted 12 January 09 11:32 by kfalde | 0 Comments   
Malware Win32/Conficker.B W32.Downadup.B
So for the past 2 weeks now we are absolutely getting hammered with calls in CSS Security here at MS with organizations contracting this piece of malware. You can find write-ups from various AV companies at the following URL’s http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=76852 Read More...
Posted 08 January 09 12:37 by kfalde | 16 Comments   
Filed under
Changes to Microsoft Anti-Malware
This doesn’t really affect the FCS world but it is an interesting development. https://www.microsoft.com/presspass/features/2008/Nov08/11-18AmyBarzdukasQandA.mspx apparently we are going to begin to offer a no-cost anti-malware solution in 2nd half of Read More...
Posted 19 November 08 12:14 by kfalde | 0 Comments   
Filed under ,
FCS .adm settings
I’m not really advocating using this and I can’t take credit for this as it was posted on the FCS forums by a “ lofty10 ”. However I do know that many people are looking for something like this to manage FCS clients that do not have an FCS server infrastructure Read More...
Posted 14 November 08 11:50 by kfalde | 1 Comments   
Filed under ,
More Posts Next page »

Search

This Blog

Syndication

Page view tracker