Has Any one tried / is using SecureIIS product from Mcafee.com
Please post your comments if this is good to protect your windows webservers

Regards

Manish Kapadia

I think SecureIIS is a product of eEye Digital Security. Perhaps McAffee is reselling it. Or else has a similar product but that's probably unlikely.

If it's the SecureIIS from eEye, I can't say I have personal experience with it. However I am very familiar with eEye the company. I believe they are credited with *most* of the vulnerabilities discovered in IIS in the past year, including Code Red and others. The claim on their website is that it blocks most worms before they're discovered.

I subscribe to their mailing list and hear about new worms, etc before they hit my server. (I run Apache/Linux on my systems, but do consulting for several IIS centers.)

Anyway, eEye are usually the ones to pull an all-nighter disassembling worms to know down to the code-level what it does and how to stop it. They gave Code Red its name, actually, from the beverage they drank while analyzing the assembly dumps.

I have heard good things about SecureIIS, I think it would be a good tool for you.

http://www.secureiis.com/

http://www.eeye.com/

It's a pretty nice program. It basically helps prevent buffer overflows by limiting the size of query, header, referrers, URLS, etc and helps cut down access to scripts and cmd.exe type files.

Also, if you have not found IIS Lockdown from MS; get it. It also helps to lock down your system. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp