I provided a few screen shots showing where the SmartDefense protection is for Conficker. Here is the “short but sweet” way to find it in R65:

Open SmartDashboard and go to the SmartDefense Tab. Select:

Application Intelligence –> MS-RPC –> MS-RPC over CIFS –> Block Microsoft Server Service Remote Code Execution (MS08-067)

This will bring you to the Conficker protection definition. Simply check the ‘Active’ radio button and push the updated policy. So far the Conficker worm has not turned out to be not too widespread, but with this control enabled in your environment you will be able to monitor any of this malicious this traffic in SmartView Tracker.

Aren’t you glad you ignored Cisco’s advice to block all internal Microsoft traffic, install their IPS, and install their CSA agent on all your desktops? What a joke.

The best way to address this to have a desktop patch management plan, and enable the SmartDefense protection to keep any potential outbreaks at bay. Much simpler and more cost effective.

Where is the Conficker protection in Smart Defense?

4 thoughts on “Where is the Conficker protection in Smart Defense?

  • Pingback: fireverse.org » Blog Archive » Where is the Conficker protection … | Patch Management

  • April 2, 2009 at 1:26 pm
    Permalink

    As stated on your previous Cisco-bashing post, your statements are taking their recommendations out of context. CSA would have protected from this even before the announcement in November and their IPS would have stopped it in November.

    We’re all entitled to our opinions, in this case, I think you’re the joke.

  • Pingback: Where is the Conficker protection in Smart Defense? | Patch Management

  • April 13, 2009 at 1:12 am
    Permalink

    Uh I am not talking about having to roll out thousands of CSA clients. Not real practical is it? I am also not recommending (although Cisco might) dumbing down all your firewalls to 650Mbps gateways, and lose four Gig ports just so you can shove their little IPS card in a 5540. You might want to go back and study the product matrix for your beloved Cisco product line as you clearly do not understand the throughput numbers and capabilities of their line.

    BTW thanks for posting twice in under five minutes. Like I said in an earlier reply, I will be using your posts to further inform my readers as to just how limited the Cisco line continues to be.

Leave a Reply

Your email address will not be published. Required fields are marked *