Focus on Virus Mode:
(Page 9 of 62)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
RE: Panda ActiveScan false positive with Nessus .nasl files 2006-08-16
Pedro Bustamante (pbustamante pandasoftware com)
> Recently I checked mi winXP system with Panda online ActiveScan,
> and I think it has found some false positive when checking some
> nessus's .nasl files:

> Virus:Linux/Test10879
>     Disinfected
> C:\Documents and Settings\FALSEUSER\Mis documentos\ FALSEPATH
> \nessus-installer.sh[nessus.tar.gz

[ more ]  [ reply ]
Panda ActiveScan false positive with Nessus .nasl files 2006-08-12
LEAD Soluciones Informaticas (soporte leadsi com ar)
Recently  I checked mi winXP system with Panda online ActiveScan, and I
think it has found some false positive when checking some nessus?s .nasl
 files:

Virus:Linux/Test10879                                                   
    
    Disinfected                  
C:\Documents and Settings\FALSEUSE

[ more ]  [ reply ]
[Administrivia] Guest moderator 2006-07-29
mfossi securityfocus com
Hey everyone,

I'm off to Black Hat next week, so while I'm gone Anthony Roe will be
moderating the list. He's one of the moderators of our Firewalls list, so
this list should be a breeze for him.

While I'm gone, if you have any list subscription issues, please email
<listadmin (at) securityfocus (dot) com [email concealed]>.

[ more ]  [ reply ]
Re: Trojan downloader may be dropping FireFox and IE specific components 2006-07-28
Hayes, Bill (Bill Hayes owh com)
Computer Associates eTrust Spyware Encyclopedia now has an entry for Haxdoor.G that states this malware seems to have the same distribution as Formspy, which CA calls Ursnif.B. The CA entry Haxdoor.G states that its name is equivalent to Symantec's name of Haxdoor-0.

At first glance, this seems to

[ more ]  [ reply ]
Trojan downloader may be dropping FireFox and IE specific components 2006-07-25
Hayes, Bill (Bill Hayes owh com) (1 replies)
While reading a couple of recent entries in security bogs by McAfee and Symantec, I had one of those "say it isn't so" momements. A careful read of the descriptions by McAfee of the Trojan Downloader Downloader-AXM and McAfee's description of Formspy for Firefox and Symantec's description of Haxdoor

[ more ]  [ reply ]
Re: [security] Trojan downloader may be dropping FireFox and IEspecific components 2006-07-26
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)
RE: New Malware? 2006-07-20
Mike Alexander (mike alexander mail moray gov uk)
Bruce,

It *might* be related to this:
http://snipurl.com/tj1p
http://snipurl.com/tj23

Or it could simply be another one of these Google toolbars....which some
here might regard as a form of "malware" anyway!

Regards,

Mike
------------------------------------------------------------
Mike Alexande

[ more ]  [ reply ]
New Malware? 2006-07-20
Bruce Martins (BMartins extend COM) (2 replies)
I had a user who received an e-mail pretending to be from google updates
with a subject line of "New Google Toolbar Released"

The link actually takes them to=20

http://googletoolbar.com.sapo.pt

None of the AV scanners picked this up when downloading the EXE,
perimeter, nor desktop, and even with

[ more ]  [ reply ]
Re: New Malware? 2006-07-20
Luis Diaz Kaspersky (luis diaz kaspersky com mx)
Re: New Malware? 2006-07-20
.myke lyons (Myke Lyons cmtww com)
RE: Symantec AV reporting metrics. 2006-06-23
paul murgatroyd org uk
I have managed to get a publicly available reporter installation up and running, which people will be able to take a look at via the web.

However, I need some logs for it! If anyone would like to share some AV logs for the good of the community you will all see what reporter can do for you.

I

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-22
Ted Senn (ted senn zurichna com)
The agents will only run on Windows 2000 and above, Not on NT

FYI In my experience the reporting server is a managers toll. It is
difficult to actually get working information from it. ie report of
infection and I haven't be able to find a way to determine if the infection
is still active, cleaned

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-22
Turney, Tobin (Tobin Turney bcbsfl com)
I implemented SAVCE 10.1 with reporting on 11,000 clients with no issues. We have two primary servers. One of the primary servers is running IIS to host the reporting site. The SQL reporting DB is a shared instance on separate SQL server. The reporting agents and website are free as long as you own

[ more ]  [ reply ]
Virtualized app environment - Possible testing tool for malware 2006-06-22
Bill Stout (bill stout greenborder com)
Hi Guys,

We have a pre-GA tool that could become helpful for malware forensics.
I've included a download link and a 30-week license.

http://www.greenborder.com/earlyaccess

934OOY22AEGEK23IO3L6ACO3CK47OKD3 30 week license with 'SafeFile' option

We're working on the activity monitor which monitors

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-20
Adams, Rhuel (AdamsR ctc com)

Not quite sure where you're getting the misinformation from, but SAVCE 10.1 with Gold Support includes reporting.

I had to contact the licensing dept. to get an updated license so that the latest version was "available" for me to download, but it definitely has reporting in the package.

So far,

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-20
Ted Senn (ted senn zurichna com)
Interesting. I'm running Ver 10.1.0.401 Corp Edition and reporting server
works just fine.

Ted Senn
Security Engineer
Distributed Security
847-605-6837

"Nick Duda"

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-20
paul murgatroyd org uk
Are you sure you have 10.1 and not 10.0.1?

I can confirm that 10.1 DEFINITELY comes with the reporting server. Its not currently available to gold customers, but will be soon. If you have a Platinum support account you can download it.

Leave the examples thing with me... I'll see what I can

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-19
Howe, Paul H (paul howe nwa com)
Hmmm... If your management does not trust the patch fro 10.1, why do they trust the patch for 8.1?

> -----Original Message-----
> From: Serge Vondandamo [mailto:serge.vondandamo (at) wanadoo (dot) fr [email concealed]]
> Sent: Sunday, June 18, 2006 1:15 AM
> To: 'Ted Senn'
> Cc: focus-virus (at) securityfocus (dot) com [email concealed]; 'sekure'
> Subje

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-18
Serge Vondandamo (serge vondandamo wanadoo fr) (1 replies)
I forgot to add that,

I have up to 6000 Clients located WW (Europe, Americas, APAC, and
Middle-east).

Thanks,
Serge

-----Message d'origine-----
De : Serge Vondandamo [mailto:serge.vondandamo (at) wanadoo (dot) fr [email concealed]]
Envoyé : dimanche 18 juin 2006 08:11
À : 'Ted Senn'
Cc : 'focus-virus (at) securityfocus (dot) com [email concealed]'; 'se

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-19
Nick Duda (nduda VistaPrint com) (1 replies)
RE: Symantec AV reporting metrics. 2006-06-19
Roger Padilla (ropadill calpoly edu)
RE: Symantec AV reporting metrics. 2006-06-09
Ted Senn (ted senn zurichna com) (1 replies)
Installing the reporting server is the start. Unless you have a small
number of clients I would recommend a separate system. The reporting server
is somewhat CPU intensive in my experience.

Each AV server will need to have reporting agents installed on them.
However for testing you can set up the

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-18
Serge Vondandamo (serge vondandamo wanadoo fr)
RE: Symantec AV reporting metrics. 2006-06-09
paul murgatroyd org uk
Depending on how you have your SAV infrastructure configured, you can get away with installing the agents just on the primary servers, however the data received is better if you install the agent on each parent too.

Normally, AV definition information, client versions, etc. come from the Parent s

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-09
Ted Senn (ted senn zurichna com)
That will get the basics. However each Primary AV server (and ideally)
each AV server needs to have the reporting AGENTS install and configured to
report to the Reporting server. To configure the agents you need the 10.1
Symantec Center Console.

If you have a big infrastructure you should consider

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-06
Ted Senn (ted senn zurichna com) (1 replies)
I am running Reporting server without any problem on version 10, and 9
servers. The agent installs and reports back to the reporting server. You
may need a special group with 10.1 for the reporting server only, but the
reporting will work with the lower version AV servers ( agent will not
install o

[ more ]  [ reply ]
RE: Symantec AV reporting metrics. 2006-06-09
Serge Vondandamo (serge vondandamo wanadoo fr)
RE: Symantec AV reporting metrics. 2006-06-05
Howe, Paul H (paul howe nwa com)
Or the expensive way.....

I pull the log files from the various parent servers, import into
MS/Access and generate reports.

Serge - your metrics seem less than usfull. Engine version, dat updates
etc are rarely very far out of compliance at our site (10K+ desktops).
I post #s on how many differen

[ more ]  [ reply ]
(Page 9 of 62)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus