Orwick_Alefgard
Weaksauce
- Joined
- Dec 31, 2002
- Messages
- 83
Hey Everyone:
I do support work for a medium sized company and we have been getting a rash of these "fake AV" malware/spyware/virus/whatever, and it is driving me bonkers!
I need to know what I would need to do to completely lock down a PC to the point where this virus crap stops. Or at least lock things down to the point where the AV software (MS Forefront Endpoint Protection 2010) can do its job.
These PC's are wide open. Local admin rights, no group policy, nothin. Assume that there is ZERO desktop management.
I am (quite suprisingly) getting a lot of support from the VP of IT on this issue. He had agreed to support me in making whatever culture changes are needed to make this happen. He has asked that I tell him what I intend to change so that he can prep our associates accordingly and has given me access to any lab machines, equipment, software, etc. that I need to get started. Additionally, I have access to a team of developers who can assist in fixing whatever internal apps we have that might need adjustment to work under the new security settings.
So the part that I am concerned with now is what to lock down on the client side. The problem that I am running into is that when googling, I am getting stuff like "remove local admin access", etc. But I can still easily manage to get the PC's infected in my lab.
I think that the whole thing is bigger than just removing local admin access. I think the real issue is that I'm just not googling the right damn phrase!
So any and all help is appreciated! Point me to any additional reading, tell me what to google, ask questions, whatever you guys need to help me out!
I do support work for a medium sized company and we have been getting a rash of these "fake AV" malware/spyware/virus/whatever, and it is driving me bonkers!
I need to know what I would need to do to completely lock down a PC to the point where this virus crap stops. Or at least lock things down to the point where the AV software (MS Forefront Endpoint Protection 2010) can do its job.
These PC's are wide open. Local admin rights, no group policy, nothin. Assume that there is ZERO desktop management.
I am (quite suprisingly) getting a lot of support from the VP of IT on this issue. He had agreed to support me in making whatever culture changes are needed to make this happen. He has asked that I tell him what I intend to change so that he can prep our associates accordingly and has given me access to any lab machines, equipment, software, etc. that I need to get started. Additionally, I have access to a team of developers who can assist in fixing whatever internal apps we have that might need adjustment to work under the new security settings.
So the part that I am concerned with now is what to lock down on the client side. The problem that I am running into is that when googling, I am getting stuff like "remove local admin access", etc. But I can still easily manage to get the PC's infected in my lab.
I think that the whole thing is bigger than just removing local admin access. I think the real issue is that I'm just not googling the right damn phrase!
So any and all help is appreciated! Point me to any additional reading, tell me what to google, ask questions, whatever you guys need to help me out!