Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How can I create a Retina policy that scans for only Nimda and CodeRed?

codered create nimda policy Retina Scans
0
Posted

How can I create a Retina policy that scans for only Nimda and CodeRed?

0 CommentsAdd a Comment

1 Answer

0

From the Tools menu, select Policies. In the resulting Policies window, choose Audits from the left hand pane. In the left hand column, which are the classes of Audits performed, deselect all boxes EXCEPT “Web Servers” (at the end). You should now have ONLY the “Web Servers” class with a check box in front of it. In the right hand window, which contains the individual checks within the Web Servers class, you may uncheck them all, except the following: o IIS Superfluous Decoding – NT4 (nimda worm) o IIS Superfluous Decoding – NT5 (nimda worm) o IIS4 NT4 IDA remote overflow (CodeRed worm) o IIS5 NT5 IDA remote overflow (CodeRed worm) You’ll note I left CodeRed checks in place as a “just in case”. You may also wish to leave the new checks in place from last week titled “IIS – Cumulative…” as these are very new vulnerabilities and machines may not have been patched yet.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123