RFI--Forefront and Alureon

We have been running Forefront for the past 2 years and this has not been a threat since last summer. ___________________________________ Charles Keeler Mitchell College Office of Information Technology Chief Information Officer (860) 701-5254 From: mccalluq > Reply-To: The EDUCAUSE Security Constituent Group Listserv > Date: Mon, 9 Apr 2012 14:13:58 -0400 To: > Subject: [SECURITY] RFI--Forefront and Alureon Lansing Community College implemented Forefront in Summer 2011. Starting in 2011 Q4 Forefront was detecting and reporting Alureon infections. Forefront was not able to quarantine nor remove the malware. Currently our solution is to use a couple of anti-malware products in tandem to completely remove Alureon (certain variants). A/V environment: · Forefront client, server, and reporting server are 2010. · Clients are configured via AD/GP for daily, quick scans and weekly, full scans. · Signatures are updated before all scans. Other considerations: · The College has a large laptop footprint. Qualitatively, we feel the malware is getting on the system when outside our network (user’s home network). · HIPS is not installed. We are curious if other HEs are seeing this with their Forefront environments. If common, I have a route to bring a “larger” issue to Microsoft. Please feel free to contact me off-line if preferred. mccalluq@lcc.edu Thanks, Quentin L. McCallum, CISSP Information Security Analyst Lansing Community College 517-267-5014 IMPORTANT WARNING: The information in this message (and the documents attached to it, if any) is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken, or omitted to be taken, in reliance on it is prohibited and may be unlawful. If you have received this message in error, please delete all electronic copies of this message (and the documents attached to it, if any), destroy any hard copies you may have created and notify me immediately by replying to this email. Thank you.