The BigFix is in: Software helps protect PCs from viruses

(imported topic written by StacyLee)

http://news-service.stanford.edu/news/2005/september14/bigfix-091405.html

This article is from last year but is a good success story on how we used BigFix to combat the Zotob/Esbot worm.

While we were under attack we had identified “mousebm.exe” as a rouge service installed as a result of the worm. (this was before the worm even had a name)

I had written in a retrieved property to look for this service and return the time stamp as a result. The cool part of this was I could see how quickly and which order of machines were being infected to try to trace back to the first machine attacked. In one department I saw 70 machines comprimised in about a 45 minute window. Long story short here is another great way to use retrieved properties to identify comprimised machines.

(imported comment written by go4u)

link dead

(imported comment written by StacyLee)

i just tried it and it still works.