This policy detects the propagation of the W32.Novarg.Worm through changes in the registry.
W32.Novarg.A@mm is a mass-mailing that is received with any one of the following file extension; .bat, .cmd, .exe, .pif, .scr, and .zip.
NOTE: This policy only works if the instructions for configuration of filewatch have been implemented. These instructions are outlined below.
Download ITA W32_Novarg_Worm Policy
This policy detects activity of W32.Novarg.Worm on an affected system.
Policy Rules include:
This rule detects the creation of files associated with the infection of the W32.Novarg.A@mm worm.
- Browse to the system folder where the ITA agent is installed.
- Locate the ntcrit_S.lst file.
- Insert the following file to be monitored:
Last modified on: Monday, 26-Jan-2004 23:55:01 PST
©1995 - Symantec Corporation