WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
July 27, 2004
Intruder Alert 3.6 W32_MyDoom_M_Worm Policy

This policy detects the propagation of the W32.MyDoom.M Worm.

NOTE: The "MyDoom_M_File_Detected" rule only works if the instructions for configuration for Filewatch monitoring have been implemented. These instructions are outlined below.

Affected Platforms

Windows 2000/2003/XP

Description

This policy detects the propagation of the W32.MyDoom.M Worm.

Policy Rules include:

  • MyDoom_M_Worm_Activity
    This rule detects the changes in the registry associated with the W32.MyDoom.M Worm.

  • MyDoom_M_File_Detected
    This rule detects the creation of files associated with infection of the W32.MyDoom.M worm.

ITA Filewatch Configuration Instructions

  1. Browse to the system folder where the ITA agent is installed.

  2. Locate the ntcrit_S.lst file.

  3. Insert the following files to be monitored:

    #windir\java.exe
    #windir\services.exe


Last modified on: Tuesday, 27-Jul-04 16:45:22
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2009 Symantec Corporation