SUS will download all updates/tools, including the Mydoom removal tool,
regardless. If you never approved it then your clients will never see it
and it should be a moot issue. If it makes you feel any better, every
SUS deployment I have seen has it listed in the updates list.
Eric
-----Original Message-----
From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com]
Sent: Wednesday, August 11, 2004 8:01 AM
To: Eric McCarty; focus-virus@securityfocus.com
Subject: RE: Microsoft mydoom removal tool via SUS
I never approved the update. The fact that it even shows up in the list
of updates to approve it what troubles me.
-----Original Message-----
From: Eric McCarty [mailto:eric@lawmpd.com]
Sent: Wednesday, August 11, 2004 9:57 AM
To: Dan Denton; focus-virus@securityfocus.com
Subject: RE: Microsoft mydoom removal tool via SUS
If you approve it for update in SUS Admin it will deploy it whether
workstations are infected or not. Uncheck it in the Approved updates
section and it will no longer be an issue.
Eric
-----Original Message-----
From: Dan Denton [mailto:ddenton@PAYLESSOFFICE.com]
Sent: Wednesday, August 11, 2004 7:42 AM
To: focus-virus@securityfocus.com
Subject: Microsoft mydoom removal tool via SUS
We use SUS to distribute updates to our workstations and one of the
updates that frequently shows up is the Mydoom removal tool. The
description says that the appearance of this update is a sign of
infection, but none of my systems show infection in Symantec's SSC, and
Eeye's mydoom scanner shows nothing as well. Has anyone else had this
issue? I assume at this point that it's a false positive, but I'm
checking all my bases.
I apologize if this post is better suited to focus-ms.
Dan Denton
Information Technology Manager, CCNA
Pay-LESS Office Products
