WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
May 3, 2004
Intruder Alert 3.6 W32_Sasser_Worm Policy

This policy detects the propagation of the W32.Sasser Worm.

Download ITA W32_Sasser_Worm Policy

NOTE: The "Sasser_File_Detected" rule only works if the instructions for configuration for Filewatch monitoring have been implemented. These instructions are outlined below.

Affected Platforms

Windows 2000/2003/XP

Description

This policy detects the propagation of the W32.Sasser Worm.

Policy Rules include:

  • Sasser_Worm_Activity
    This rule detects the changes in the registry associated with the W32.Sasser Worm.

  • Sasser_File_Detected
    This rule detects the creation of files associated with infection of the W32.Sasser worm.

ITA Filewatch Configuration Instructions

  1. Browse to the system folder where the ITA agent is installed.

  2. Locate the ntcrit_S.lst file.

  3. Insert the following files to be monitored:

    #windir\avserve.exe
    #windir\avserve2.exe


Last modified on: Tuesday, 04-May-04 02:35:05
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation