One of our users, for the second time in two weeks reported that they had a virus on their pc and Norton had picked it up. The scary thing is that it had got on and infected the pc, despite Norton installed and running on the machine. I think the problem was/is due to the fact that the Symantec Firewall/VPN software is pants and can be configured by the user – therefore if they are not careful it can be left in a wide-open state…and thats what I think happened, although after the last infection I made sure it was in restricted mode (but it wasn’t this morning). If I’d known about the Port Reporter from MS I could have worked out (easily) what ports the virus was supposedly running on. I guess I could have used netstat but not first thing before coffee.
Comments
You might want to take a look at TCPView from http://www.sysinternals.com/ (freeware) – it’s basically netstat on steroids with a nice pretty GUI. Oh, and take a look at Process Explorer too, it’s even cooler (taskman on steriods) 🙂