Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update

Reader Philipp reported today a bug affecting his remaining Windows XP machines and Windows 2003 servers. Seems to be that all Windows XP and Windows 2003 machines with SC Forefront Endpoint Protection definition update 1.171.1.0 and later are affected. You might want to test definition update 1.171.64.0, as we have received reports stating that it fixes the problem. However, we have not seen yet any official statement from Microsoft regarding this issue.

If you disable Forefront because it's not letting your machine work, please place other controls that minimize the associated risk. Otherwise, your computers could be so easily hacked.

We also receive questions on which AV is the best. Since the answer is it depends on the company and the information security assets, you might want to check the Magic Quadrant for Endpoint Protection from Gartner Group and try to find yourself what is the best answer for your company. If you want to read the entire file, you can have it from Mcafee or Computerlinks.

We will update this diary if more information becomes available.

More information available at:

Manuel Humberto Santander Pelaez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

186 Posts
ISC Handler
"You might want to check the Magic Quadrant for Endpoint Protection from Gartner Group and try to find yourself what is the best answer for your company. "

I think not. The Magic Quadrants tend to be biased towards the size and fandom within certain circles.. and speak little or nothing to the technical merits or cost effectiveness of those vendors' products.

I would be interested in more data-driven comparisons.

There are a lot of security products out there, end point protection products, etc with very high price tags.
Doubtful that many of them are worth it.

Particularly with the spikes in 0-day fresh malware that scanners cannot reasonably pick up.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!