Blocking Conficker through ISA Server/TMG

  • Article

Happy New Year everybody!

I hope you enjoyed your new years eve because now you might want to take a look on this worm that is causing lots of headaches to all IT Admins. MMPC (Microsoft Malware Protection Center) has a report about this malware and how to proceed to avoid infestation:

https://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.B

Good news is that ISA Server and TMG can block outbound requests for this worm and yesterday night (before midnight) our IR (Incident Response) Team in partnership with ISA Server Team brought together an action plan to allow ISA/TMG to block that. Jim Harrison automated this process by creating a script that you can use to create policies to block conficker and you can download from here:

https://jim.isatools.org/tools/block_conficker.vbs

Enjoy your day off and be sure to implement those actions ASAP.