MS smallbusiness 2003 - what to exclude in AMON?

Hi guys,

As far as i know one should exclude the exchange, and IIS (inetpub) folders and a minor few others (they are mentioned in various docs from MS and also here on Wilders).

But, when you read http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/

More accurate the following:
The outbreak coincides with another mass infection in progress that's infected tens of thousands of pages, including those of Boston University, security provider Computer Associates, and agencies from the state of Virginia and the city of Cleveland. It infects websites running Microsoft's Internet Information Server web program and the company's SQL database with links the redirect users to servers in China. The malicious sites then try to install keylogging software and other nasties.

So how do I protect my webcontents if AMON is not allowed to scan the webcontents?
Or am i missing something?

I guess I possibly saw an infection as described in the document linked last monday. And yeah it gave me a kind of headache
On one customers' SBS server the DNS server went down during the weekend and could not be restarted anymore.
During the weekend AMON quarantined a few files according to the logs, pasword stealing tools and hacktools were seen by NO32.
In addition to this, Windows file protection alarmed me that some files were replaced or malformed (but i couldn't find which ones ).
After repairing the files, rebooting the machine and everything was OK again (NOD32 did not find any other infection again during the manual scan). But I was still wondering how on earth this came in, because there is also a firewall between the SBS and the internet. And one thing is for sure: NOD32 does not often ignore malware, I find it very reliable.

Greetings from a stormy and rainy Holland

 

Your topic means "server 2003" not Exchange .

On Server 2003 (not Exchange) you do not need to exclude anything particular .

This document page 10 talks about what is needed to be excluded ... Best is:
%ProgramFiles%\Exchsrvr
%SystemRoot%\System32\Inetsrv

The above two excluded in AMON only in Exchange

If you mean Exchange , well , you can Schedule a new task to perform manual scan on ...System32\Inetsrv\ every 12 or 24 hours

 

For the record
for exchange we have (of course) XMON running

Greetings

 

OOOPS, I was missing something
the excluded folder is INETSRV, and NOT INETPUB!!!

I guess it was a little bit too late last night, so i mixed them up

But, MS still advises to exclude more things.
see http://support.microsoft.com/kb/823166

cheers, tonight I am going to bed early ;-)

 

Can you please make it clear what we are talking about -> Microsoft Exchange Server or Microsoft Windows Server 2003 SmallBusiness edition (they are different things)


In Windows Server you do not need to exclude any directory (there is no must)
In Exchange Server (mail server) there is a strong recommendation to exclude certaint directories .

In Exchange server ... when they are excluded in AMON , XMON will scan their data .

You can use the Scheduler of NOD32 to make a regular on-demand scan with the on-demand scanner component . What you need to do :
1. Open NOD32 on-demand scanner
2. Navigate to "Profiles" tab
3. Press "Profiles" button
4. Name a new profile
5. From the drop-down list choose this new profile
6. Configure it the way you like it
7. Goto "Scanning targets" section and uncheck "Local"
8. In Files and folders section add these folders:
%ProgramFiles%\Exchsrvr
%SystemRoot%\System32\Inetsrv

9. Close the on-demand scanner and confirm the changes with Yes button
10. Navigate to the Scheduler anc create yourself a new task (on-demand scanning , choose how often to run , when to run , at the end choose the profile you have just created)

 

Microsoft Windows Server 2003 SmallBusiness edition is the platform we are talking about.
But within server 2003 smallbusiness Edition Exchange is running (just for the record)

 

Ok . Thanks.

Then you exclude these directories in AMON:
%ProgramFiles%\Exchsrvr
%SystemRoot%\System32\Inetsrv

Have XMON enabled

+ create an on-demand scanner task to manually scan desired folders more regularly.

 

OK thanks,
this is indeed how it is configured ,
so that part is OK!

greetings from Holland

 

You are welcome !

Greetings from sunny Bulgaria!