We are running McAfee 8.5i Patch 7 (with EPO 4.0 sever) on Windows 2003 servers. All servers have the MS08-67 patch installed.
This morning, I recieved an alert from McAfee stating that two servers had been attacked by W32/Conficker.worm. I logged onto the machines (with a non-Domain Admin account) and checked the On Access Scanner log. In both cases, McAfee reports that the worm was deleted.
But - I had some questions I was hoping someone could help me with;
i) I thought Confiker couldn't get onto MS08-67 patched machines? Or does this patch only prevent them executing on patched machines?
ii) The Virus Alert is configured to send a notification if there is a virus on the machine that is NOT removed. So not sure why I recieved the notification?
iii) Apart from logging onto the machine, is there anyway to find out what happened to the virus from logs on EPO?