Another WSUS Cleanup Script

Just noticed this as I was looking for a solution for a different WSUS problem and thought I would share this here as well.  http://gallery.technet.microsoft.com/ScriptCenter/en-us/90ca6976-d441-4a10-89b0-30a7103d55db Apparently a “Thomas Schlacter” posted this recently to the ScriptCenter and looks very convenient in that you would only need to schedule this on the master server and it would…

0

Some thoughts on Adobe Reader and malware

Not sure if anyone saw this bit of news recently where a report put out by ScanSafe indicates that PDF’s accounted for 80% of exploits in the 4th quarter of 2009.  I support both FCS our antivirus product and I also do Incident Response work.  As part of our IR work we do semi-forensics shall…

0

Some more logparser & eventcomb stuff for IR work

Counting and sorting by unique text in the strings section: As a follow on to a previous article http://blogs.technet.com/kfalde/archive/2009/01/28/using-logparser-eventcomb-to-find-malware.aspx I found some other useful queries that I figured I would post as well that came in helpful on some recent cases. We were basically looking for unique instances of event text from eventcomb logs so…

0