Re: Sasser worm blocking scripts for ISA

• From: Jim Harrison <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 05 May 2004 12:45:37 -0700

Not entirely true.
1.3 worked as well, but when I added the rule-order functionality in 1.4, I 
also broke other things by not removing my test code...

..I said it's been a bad week...
:-p

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 5 May 2004 16:20:28 +0300
 "Rami SIK" <rami@xxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Thanks for the script.

By the way, it is possible to run it successfully only after version 1.5

 
--------------------------------------------
Rami SIK
 
System & Network Administrator
CCNA , MCP
 
Kimyatas
Istanbul / Turkey
 
Tel:90-212-334 4963
--------------------------------------------

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, May 05, 2004 4:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Sasser worm blocking scripts for ISA

http://www.ISAserver.org

Enterprise Ed., right?

v 1.5, folks...
<sigh>

..it's been a bad week...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 5 May 2004 08:41:33 -0400
 "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Jim,

I got the error message using version 1.4. The script didn't create any
rules.

Amy

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, May 04, 2004 10:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Sasser worm blocking scripts for ISA

http://www.ISAserver.org

Yeh; you can delete the "Sasser" rule and protocols.
It was the price I had to pay for combining two separate scripts into
one.
The ISA 2000 folks got a whole new set of protocols with a new rule.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 4 May 2004 13:07:45 -0700
 "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Looks fine, except now I have 2 Protocol rules, Sasser and W32.Sasser
with
associated destination sets.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: Tuesday, May 04, 2004 1:00 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> 
> http://www.ISAserver.org
> 
> Ok; I've got it now.
> Force-refresh your browser on teh ISAtools.org page and you shoud get
teh
version
> 1.3 script.
> Feel free to email me directly if you have further problems with it.
> 
>   Jim Harrison
>   MCP(NT4, W2K), A+, Network+, PCG
>   http://isaserver.org/Jim_Harrison/
>   http://isatools.org
>   Read the help / books / articles!
> 
> 
> On Tue, 4 May 2004 09:05:41 -0700
>  "Jim Harrison" <jim@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> No; it's ISA caching getting in the way.
> I'll drop that for now.
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
> 
>  Read the help, books and articles!
> ----- Original Message -----
> From: "David Rutter" <admin@xxxxxxxxxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, May 04, 2004 08:37
> Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> 
> 
> http://www.ISAserver.org
> 
> The version on the site is still 1.2, version 1.3 appears not to have
> been uploaded yet.
> 
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, May 04, 2004 4:32 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> 
> 
> http://www.ISAserver.org
> 
> Got the same error here, and just downloaded it.
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> > -----Original Message-----
> > From: Rob Moore [mailto:RMoore@xxxxxxxx]
> > Sent: Tuesday, May 04, 2004 7:07 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> >
> > http://www.ISAserver.org
> >
> > Yes, I got the same error just now, having downloaded the latest
tool.
> 
> > (I ran the first version earlier this morning.)
> >
> > Rob
> >
> > -----Original Message-----
> > From: Jenifer M. Nech [mailto:Jenifer.Nech@xxxxxxxxxxxx]
> > Sent: Tuesday, May 04, 2004 9:52 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> >
> > http://www.ISAserver.org
> >
> > Script gives me the following error:
> >
> > ---------------------------
> > block_sasser.vbs
> > ---------------------------
> > Failed to remove the "W32.Sasser" protocol rule; error 0x80070002;
The
> > system cannot find the file specified.   Hit <CTRL> C to copy this
> error
> > message to the clipboard.
> > ---------------------------
> > OK
> > ---------------------------
> >
> > ISA 2000 on Windows 2003
> >
> >
> > ----- Jenifer Nech
> >
> > -----Original Message-----
> > From: David Rutter [mailto:admin@xxxxxxxxxxxxxxxxxxxxx]
> > Sent: Tuesday, May 04, 2004 8:20 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> > Importance: High
> >
> > http://www.ISAserver.org
> >
> > Thanks Jim.
> >
> > Regards,
> >
> > David
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > Sent: Tuesday, May 04, 2004 2:23 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> >
> >
> > http://www.ISAserver.org
> >
> > Yep; I sent you guys a buggy script.
> > ..sorry...
> >
> > I've found and fixed the bugs and the correct version is 1.3.
> >
> >   Jim Harrison
> >   MCP(NT4, W2K), A+, Network+, PCG
> >   http://isaserver.org/Jim_Harrison/
> >   http://isatools.org
> >   Read the help / books / articles!
> >
> >
> > On Tue, 4 May 2004 13:09:25 +0100
> >  "David Rutter" <admin@xxxxxxxxxxxxxxxxxxxxx> wrote:
> > http://www.ISAserver.org
> >
> > Running the script terminates with "Failed to remove the enterprise
> > "W32.sasser" rule;  Error 0x80070002; The system can not find the
file
> 
> > specified" and does not install the protocols or rules.
> >
> > ISA 2k installed in Enterprise/integrated
> >
> > Solution?
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > Sent: Tuesday, May 04, 2004 5:28 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Re: Sasser worm blocking scripts for ISA
> >
> >
> > http://www.ISAserver.org
> >
> > Latest update:
> >
> > - single script for ISA 2000 and ISA 2004
> > - accomodates A/B/C/D variants
> > - versioning is contained in the script itself (for those who asked)
> >
> > http://isatools.org/block_sasser.vbs (complete with domain and tld!
> > :-))
> >
> > The old block_sasser_2k4.vbs is now gone, kapoof, splitsville...
> >
> >   Jim Harrison
> >   MCP(NT4, W2K), A+, Network+, PCG
> >   http://isaserver.org/Jim_Harrison/
> >   http://isatools.org
> >   Read the help / books / articles!
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > admin@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > jim@xxxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > admin@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> 
> > jenifer.nech@xxxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> 
> > rmoore@xxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> 
> > johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> admin@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rami@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » RE: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA
• » Re: Sasser worm blocking scripts for ISA

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---