Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog

Can Intel vPro help combat Conficker worm?

Created: 30 Mar 2009 • Updated: 30 Mar 2009
Terry Cutler's picture
+3 3 Votes
Login to vote

Perhaps a better question is - How can the current Intel vPro Technology combined with existing management\security solutions help protect client systems?

This is not an attempt to scare or over-generalize the reality of security threats such as the Conficker worm.  The intent is directed to how a real-world situation can be addressed.  The suggestions below assume Intel vPro Technology is already configured within your environment - thus you are ready and able to use the out-of-band management technology in connection with existing "in-band" management tools.

 An overview of the Conficker worm is available online. The following are a few examples:

There are a mix of good\bad reports on preventing, detecting, removing, and basically addressing the worm.

The following are a few suggestions on how to combine Intel vPro Technology with client management and security solutions to help protect and remediate a worm infection situation.

Interested to know if you’ve employed such tactics and how these have assisted in combating the Conficker worm threat.

  • System Defense/Network Filtering to totally isolate a client - For systems that have been detected as infected on the network
  • Out-of-band discovery of systems needing a patch – In searching databases\logs for clients that have not received the latest security updates, the ability to locate those system on the network even when powered-off
  • Wake-up, patch and/or scan systems – using a job to reliably power-on via Intel vPro technology, distribute necessary security patches to the client, run security scans, and then power-off the client.
  • Isolate and patch – For systems that have not been patched\scanned, yet to provide a security precaution before allowing them on the network. This will require a customized system defense or network filter to allow certain “in-band” actions on the targeted client. (i.e. patch, scan, etc).

If not already familiar with how to combine out-of-band and in-band management techniques as mentioned above, example demonstrations for an Altiris CMS version 6 environment are available at http://www.symantec.com/connect/articles/combining-band-and-out-band-management, with the same material (including lab documents) also posted at http://communities.intel.com/docs/DOC-2347

The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.