Why is Forefront not picking up what appears to be Rustock type botnets? RRS feed

  • Question

  • The only way I know which computers are infected is to copy the randonly generated DNS names when OpenDNS blocks them as Botnets, then manually add those names to the ASA/PIX Botnet filter blacklist and wait for it to be blocked.  But then after reimaging and making sure we have the latest Forefront installed, they get infectected again.  Scan by Forefront shows nothing.
    Friday, April 15, 2011 6:24 PM


All replies