Another WSUS Cleanup Script

Just noticed this as I was looking for a solution for a different WSUS problem and thought I would share this here as well.  http://gallery.technet.microsoft.com/ScriptCenter/en-us/90ca6976-d441-4a10-89b0-30a7103d55db Apparently a “Thomas Schlacter” posted this recently to the ScriptCenter and looks very convenient in that you would only need to schedule this on the master server and it would…


Some thoughts on Adobe Reader and malware

Not sure if anyone saw this bit of news recently where a report put out by ScanSafe indicates that PDF’s accounted for 80% of exploits in the 4th quarter of 2009.  I support both FCS our antivirus product and I also do Incident Response work.  As part of our IR work we do semi-forensics shall…


Some more logparser & eventcomb stuff for IR work

Counting and sorting by unique text in the strings section: As a follow on to a previous article http://blogs.technet.com/kfalde/archive/2009/01/28/using-logparser-eventcomb-to-find-malware.aspx I found some other useful queries that I figured I would post as well that came in helpful on some recent cases. We were basically looking for unique instances of event text from eventcomb logs so…