Virus cleanup - fix compromised windows firewall settings
- From: Cloud9Flyer <sean.blaes@xxxxxxxxxx>
- Date: Tue, 21 Aug 2007 15:19:50 -0000
I am running Windows 2003 R2 and had the box compromised by a virus.
Symantec cleaned it all up I think, but I keep getting reinfections.
After investigating the windows firewall, it had been disabled.
Further, it appears that a group policy has been applied to it that I
can't edit.
When I open the firewall admin, I see an entry in the exceptions:
2941:TCP is allowed from all IPs. The problem is, I cannot edit it,
it's grayed out. Also, explorer.exe has been added to the list and is
also grayed out (that might have been there before though, I'm not
sure). In the exception config box, all entries do say group policy =
no. However, when I run "netsh firewall show state" it says "Group
policy version = Windows Firewall" which from what I'm reading, means
that it's using a group policy indeed. Also, when I run gpedit.msc
and go to Admin templates -> ... -> Windows Firewall, it indicates
"Not configured" for every entry.
So, can anybody tell me how I can remove this port exception from my
firewall configuration? I'm pretty much baffled at this point. Can I
remove the group policy from the machine altogether (at least for the
firewall, my other servers show they're not using group policy)? If
so, how do I do that?
These servers are not on a domain, by the way, they are stand-alone
boxes, if that's relevant to your answers.
Thanks a bunch in advance for your help.
.
- Follow-Ups:
- Prev by Date: Audit Policy (security logs)
- Next by Date: Re: Permit only one network logon per user
- Previous by thread: Audit Policy (security logs)
- Next by thread: Re: Virus cleanup - fix compromised windows firewall settings
- Index(es):
Relevant Pages
|
