Monday, February 18, 2013 4:25 AM
I currently run Microsoft Forefront and have recently got Trojan.Agent.TKH or 'C:\Documents and Settings\<user>\Application Data\Lesewy\dikut.exe'. Does anyone know why this was not stopped by Forefront or if I should be doing anything else to prevent this occuring in future?
Monday, February 18, 2013 10:36 PManyone??
Tuesday, February 19, 2013 4:40 PM
You should also look at Microsoft's Software Restriction Policies.
You can create Group Policies that prohibit programs from getting executed from user profile locations for non-administrator users.
The only tricky part is if you have users the frequently use WebEx and other web based tools that launch from temporary web folders used in the profile.
It may take awhile, or maybe even a couple of different versions of the GPO to get all your users and OU's configured for those special programs that don't use the standard "Program Files" or "Program Files (x86)" locations.
If you work it in great detail all the way through, you will be amazed at how little malware can now be installed or run on your non-administrator user systems.
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, March 07, 2013 8:05 AM
Friday, February 22, 2013 3:24 AMModerator
Thank you for the post.
If FCS does not detect this kind of virus, you may submit a sample to MMPC for further analysis: https://www.microsoft.com/security/portal/Submission/Submit.aspx
Nick Gu - MSFT
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 1:42 AM