notacomputergeek

The events of last week with Crowdstrike and Windows reminded me of a situation I found myself battling around 2006. One Monday morning, we had a client that started reporting infected computers and within a short amount of time, all their computers were affected. It was all hands on deck! The infected file, located on a server share, was identified immediately, and was transmitting to all computers that connected to the network share by an autorun file. Once identified, it was also easy to stop the transmission, but the damage was done.

The problem was – the anti-virus program (Symantec) they were using did not and could not identify the file was infected, so there was also no way that Symantec would be able to clean the computers. All we could do was submit the file to them for inspection. Panic was setting in for the staff and us, since no one could use their computers and we had an unreliable A-V program.

Without a dependable A-V program, we started testing eight different other programs to see which ones could detect the infected file. If I remember correctly, two of them could, so we started evaluating those two programs to replace Symantec. We finally decided that Kaspersky was the best choice, so we created a boot disk that had to be run on each computer to clean the infection. It was no easy task ripping out one A-V program, cleaning each computer, and installing a new A-V program.

I empathize with all the IT staff that were called in to fix something last week that they didn’t have direct control. In the IT world, we try to remove all single points of failure that can cause catastrophes, but it still happens. I had a boss once that used to say “What keeps you up at night?” If you can answer that question, then there is definitely something you need to work on.