Not entirely true. 1.3 worked as well, but when I added the rule-order functionality in 1.4, I also broke other things by not removing my test code... ..I said it's been a bad week... :-p Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 5 May 2004 16:20:28 +0300 "Rami SIK" <rami@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Thanks for the script. By the way, it is possible to run it successfully only after version 1.5 -------------------------------------------- Rami SIK System & Network Administrator CCNA , MCP Kimyatas Istanbul / Turkey Tel:90-212-334 4963 -------------------------------------------- -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, May 05, 2004 4:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Sasser worm blocking scripts for ISA http://www.ISAserver.org Enterprise Ed., right? v 1.5, folks... <sigh> ..it's been a bad week... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 5 May 2004 08:41:33 -0400 "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Jim, I got the error message using version 1.4. The script didn't create any rules. Amy -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, May 04, 2004 10:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Sasser worm blocking scripts for ISA http://www.ISAserver.org Yeh; you can delete the "Sasser" rule and protocols. It was the price I had to pay for combining two separate scripts into one. The ISA 2000 folks got a whole new set of protocols with a new rule. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 4 May 2004 13:07:45 -0700 "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Looks fine, except now I have 2 Protocol rules, Sasser and W32.Sasser with associated destination sets. John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: Tuesday, May 04, 2004 1:00 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > http://www.ISAserver.org > > Ok; I've got it now. > Force-refresh your browser on teh ISAtools.org page and you shoud get teh version > 1.3 script. > Feel free to email me directly if you have further problems with it. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > > > On Tue, 4 May 2004 09:05:41 -0700 > "Jim Harrison" <jim@xxxxxxxxxxxx> wrote: > http://www.ISAserver.org > > No; it's ISA caching getting in the way. > I'll drop that for now. > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "David Rutter" <admin@xxxxxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, May 04, 2004 08:37 > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > > http://www.ISAserver.org > > The version on the site is still 1.2, version 1.3 appears not to have > been uploaded yet. > > -----Original Message----- > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Tuesday, May 04, 2004 4:32 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > > http://www.ISAserver.org > > Got the same error here, and just downloaded it. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > -----Original Message----- > > From: Rob Moore [mailto:RMoore@xxxxxxxx] > > Sent: Tuesday, May 04, 2004 7:07 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > > > http://www.ISAserver.org > > > > Yes, I got the same error just now, having downloaded the latest tool. > > > (I ran the first version earlier this morning.) > > > > Rob > > > > -----Original Message----- > > From: Jenifer M. Nech [mailto:Jenifer.Nech@xxxxxxxxxxxx] > > Sent: Tuesday, May 04, 2004 9:52 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > > > http://www.ISAserver.org > > > > Script gives me the following error: > > > > --------------------------- > > block_sasser.vbs > > --------------------------- > > Failed to remove the "W32.Sasser" protocol rule; error 0x80070002; The > > system cannot find the file specified. Hit <CTRL> C to copy this > error > > message to the clipboard. > > --------------------------- > > OK > > --------------------------- > > > > ISA 2000 on Windows 2003 > > > > > > ----- Jenifer Nech > > > > -----Original Message----- > > From: David Rutter [mailto:admin@xxxxxxxxxxxxxxxxxxxxx] > > Sent: Tuesday, May 04, 2004 8:20 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > Importance: High > > > > http://www.ISAserver.org > > > > Thanks Jim. > > > > Regards, > > > > David > > > > -----Original Message----- > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > > Sent: Tuesday, May 04, 2004 2:23 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > > > > > http://www.ISAserver.org > > > > Yep; I sent you guys a buggy script. > > ..sorry... > > > > I've found and fixed the bugs and the correct version is 1.3. > > > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > > > > > On Tue, 4 May 2004 13:09:25 +0100 > > "David Rutter" <admin@xxxxxxxxxxxxxxxxxxxxx> wrote: > > http://www.ISAserver.org > > > > Running the script terminates with "Failed to remove the enterprise > > "W32.sasser" rule; Error 0x80070002; The system can not find the file > > > specified" and does not install the protocols or rules. > > > > ISA 2k installed in Enterprise/integrated > > > > Solution? > > > > -----Original Message----- > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > > Sent: Tuesday, May 04, 2004 5:28 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Sasser worm blocking scripts for ISA > > > > > > http://www.ISAserver.org > > > > Latest update: > > > > - single script for ISA 2000 and ISA 2004 > > - accomodates A/B/C/D variants > > - versioning is contained in the script itself (for those who asked) > > > > http://isatools.org/block_sasser.vbs (complete with domain and tld! > > :-)) > > > > The old block_sasser_2k4.vbs is now gone, kapoof, splitsville... > > > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > admin@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > admin@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > > jenifer.nech@xxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > > rmoore@xxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > > johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > admin@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')