I provided a few screen shots showing where the SmartDefense protection is for Conficker. Here is the “short but sweet” way to find it in R65:
Open SmartDashboard and go to the SmartDefense Tab. Select:
Application Intelligence –> MS-RPC –> MS-RPC over CIFS –> Block Microsoft Server Service Remote Code Execution (MS08-067)
This will bring you to the Conficker protection definition. Simply check the ‘Active’ radio button and push the updated policy. So far the Conficker worm has not turned out to be not too widespread, but with this control enabled in your environment you will be able to monitor any of this malicious this traffic in SmartView Tracker.
Aren’t you glad you ignored Cisco’s advice to block all internal Microsoft traffic, install their IPS, and install their CSA agent on all your desktops? What a joke.
The best way to address this to have a desktop patch management plan, and enable the SmartDefense protection to keep any potential outbreaks at bay. Much simpler and more cost effective.