The endless war on Conficker, need some advice.
Posted on 2009-07-15
When I was hired to a new technology team at my school district, we were faced with a huge task. This included battling a network that was 100% beat down by variants of the Conficker virus. Three months into the job, we are making progress, but feel that it is not enough. After imaging the whole school and ensuring that all workstations and servers are up to date in terms of OS and Symantec EP, we are starting to see attacks rising on our domain controller once again (Failure audits in our security log). Is anyone else successfully battling this in their district or company? If so, how? We are looking to other possible AV solutions, so if anyone has recommendations, please share. Note that our network is locked down very well. As of right now, we are still allowing teachers and summer school students to use flash drives. I am aware that these drives are most likely infected, but theoretically shouldn't SEP pull conficker off the second it is detected?? And with the most current Microsoft patches, why would this cause any issues?