This will be a first for me on this forum, this is NOT a complaint, but rather just an observation.
I am punishing this eval unit best I can, throwing everything at it, which includes dual AV, all IPS (Snort) options with no time limit, and also enabling file patterns.
Had user (limited) approach me today that they had an unknown security message. It was a fake antivirus message from "Microsoft" about needing to clean a virus. Luckily they were savvy enough to alert me without clicking.
I can't honestly say what would have occurred had they clicked it (hopefully nothing in my environment), I just find it somewhat disconcerting that with all these layers, these things still blow through.
This was coming from a .blue domain in an ad on FoxNews homepage. Here's what it went past to get to user...
OpenDNS -> Sophos SG125 with dual AV / all IPS options / file patterns -> Invincea FreeSpace with all options (jailed / hardened / and blacklist fed browser) -> Symantec Endpoint Protection with Insight plugin enabled in FreeSpace browser -> limited user on Win7pro64.
So just how many "licks" does it take to get to the center of a "secure" juicy pop? I still don't know the answer to that one. I'm moving everyone to Commodore 64's next week. Stay paranoid everyone.
This thread was automatically locked due to age.
