Endpoint Protection

 View Only

  • 1.  Offline scan Windows NT 4.0

    Posted Jun 19, 2014 04:15 PM

    My SEP 12.1 clients are reporting RCP attacks, the SEPM server shows it's comming from a Gantry Mill running an embedded Windows NT 4.0 OS.  The Mill can't be replaced or upgraded and I have my doubts it can be wiped and reload (The backup image is recent and probably infected too).

    Is there a tool avialable too run a scan & repair on this legacy OS?



  • 2.  RE: Offline scan Windows NT 4.0

    Posted Jun 19, 2014 04:21 PM

    Sounds like Conficker

    Removal tool is here:

    http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99



  • 3.  RE: Offline scan Windows NT 4.0

    Posted Jun 19, 2014 05:31 PM

    Ah, removal tool good idea.  The clients were reporting CVE-2008-4250 detected.



  • 4.  RE: Offline scan Windows NT 4.0

    Posted Jun 19, 2014 06:11 PM

    Should be a patch for that

    http://www.securityfocus.com/bid/31874/solution



  • 5.  RE: Offline scan Windows NT 4.0

    Posted Jun 23, 2014 06:44 AM

    Hi mspope,

    A short answer is, unfortunately, "no"- there are no currently supported Symantec products which protect Windows NT except Symantec Data Center Security: Server & Server Advanced.  (This is the product formerly known as Symantec Critical Systems Protection, SCSP).  If there is just one robot or gantry mill running WINNT I doubt this is what you are looking for to protect your company.

    My SEP 12.1 clients are reporting RCP attacks,

    Do you mean TCP attacks?  What exact entries are appearing in the logs, and when did they begin?  There are some instances where ARP events, etc are caused by the coding of the devices in a particular environment rather than an actual threat.

    Troubleshooting Unsolicited Address Resolution Protocol (ARP) Requests
    http://www.symantec.com/docs/TECH194746

    Please do let me know if this is helpful!

    Many thanks in advance,

    Mick