Network Access Control

I have a small network connected to the internet via a PC running Windows Advanced Server 2003 and ISA 2004.

Over the last couple of weeks we have been experiencing problems connecting to any Microsoft associated site.  This included windows update sites and windows online sites.

Initially I thought that ISA was to blame but I have discovered that any URL that is associated with antivirus software is also blocked.

Has anyone come across this problem?  Can anyone suggest which virus may be to blame?

Thanks in anticipation

Sharks 2010

Hello ,

If you're suspect from Endpoint Protection,check the Intrusion Prevention logs from Sep manager for that client. You can find it under Monitor/Logs/Network Threat Protection/Attacks

If there's an attack from outsource Active Response module can block traffic for 600 seconds.

Regards,

Oykun

It sounds like a possible infection on this system.

For a quick test, run the Conficker Eye Chart - http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

What AV product are you running? I would get the latest Rapid Release definitions and run a full scan in Safe-mode. You may also perform a scan with the Norton Power Eraser Tool, or boot the SERT tool for finding those threats hiding from the Windows OS.

RR definitions - http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Power Eraser tool - http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

SERT - http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Thomas