Welchia

The Welchia worm uses the MS DCOM vulnerability or a WebDAV vulnerability. After infecting a computer, the worm begins searching for other live computers to infect. It does so by sending a specific ping packet to a target and waiting for the reply that signals that the target is alive. This flood of pings may disrupt network connectivity.

You can configure how the Welchia worm should be handled.

Welchia Fields

In this field…	Do this…
Action	Specify what action to take when the Welchia worm is detected, by selecting one of the following: Block. Block the attack. This is the default. None. No action.
Track	Specify whether to log Welchia worm attacks, by selecting one of the following: Log. Log the attack. This is the default. None. Do not log the attack.

In this field…

Do this…

Action

Specify what action to take when the Welchia worm is detected, by selecting one of the following:

Block. Block the attack. This is the default.
None. No action.

Track

Specify whether to log Welchia worm attacks, by selecting one of the following:

Log. Log the attack. This is the default.
None. Do not log the attack.