NetFort Tips & Tricks - How LANGuardian can help with virus removal

  • 1
  • Idea
  • Updated 5 years ago
  • (Edited)
You might not be aware that LANGuardian, with the detailed visibility it provides into internal network and user activity, can be extremely useful when you need to track down or eliminate viruses on your network.

A LANGuardian customer recently contacted us with an interesting use case. The W32/Autorun.worm.aaeh virus had begun to spread across the network, and the customer asked if LANGuardian could help in removing it. From the McAfee Labs Threat Center, the customer knew the filenames associated with the virus and the addresses of the command-and-control (C&C) servers used to propagate it.

Using the Windows file share monitoring features in LANGuardian, the customer was able to detect all instances of the specific filenames on the network. And by using LANGuardian traffic reports, the customer was also able to detect client machines that had communicated with the C&C servers.

The customer told us:

"We were able to get it contained last night. We found the machine that infected the network through isolating all the machines having touched the files, restoring the network volumes that had been changed by the worm, and repairing the machines that touched the files. Good news is it was only about 10 people. But we had to blow away all user data on those volumes from before the outbreak. The one machine that infected the network was pretty ravaged, but we were able to clean it. LANGuardian was the instrumental tool for this situation."

Also, we have recently heard from a university where they had received a notification about a device on their network that was scanning external IP addresses. In this case, the offending device was a smartphone connected to a wireless network. Somehow, a rogue application was installed on the phone and the owner was unaware that the phone was scanning networks. LANGuardian was able to pinpoint exactly which device was causing the problem and our support team worked with the university staff to resolve the issue quickly and efficiently.

If you have questions about how LANGuardian can help you eliminate viruses from your network, or indeed any other aspect of using LANGuardian, please contact us on support@netfort.com any time.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 5 years ago

  • 1

Be the first to post a reply!