New KB published on Forefront Client Security definition updates

Ever wonder about what FCS clients are actually downloading when they update?   Have you clicked on “File Information” option in WSUS or downloaded a package from the Microsoft Update catalog, seen a long list of update files, and questioned what they were? For answers to these questions and more see:  http://support.microsoft.com/?id=977939   Thanks, Craig Wiand…


Distribution Component

Back in October, the Forefront Client Security product team made an announcement that WSUS 3.0 on 64bit OS would be a supported scenario and to not install the Distribution component on 64bit Operating systems. “Also, we are announcing support for definition distribution via WSUS 3.0 installed on an x64-based platform. To support this configuration, the…


After install of KB971026 for FCS, the full Client package for FCS is re-offered from WSUS

Yesterday Microsoft released KB971026 which is an update to the FCS Antimalware engine.  This update installs successfully without issues.  However, after this update is applied, the initial FCS Client package called “Client Update for Microsoft Forefront Client Security (1.0.1703.0)” on the WSUS server would then be offered to the system.  If the Client Update for Microsoft…

1

Understanding catch-up scans

A catch-up scan is a scan that is initiated because a regularly scheduled Forefront Client Security antimalware scan was missed.  Usually these scheduled scans are missed because the computer was turned off at the scheduled time.  The FCS documentation at http://technet.microsoft.com/en-us/library/bb418896.aspx states: Scheduled malware scans enable you to choose the time of day when the…


Testing FCS antimalware detection with your own library

During evaluation of the Forefront Client Security antimalware protection many customers will review the information provided by independent antimalware testers such as http://www.av-test.org/ http://www.virusbtn.com/ http://www.av-comparatives.org/ (When reading these sites, note that Microsoft’s Forefront Client Security and OneCare products use the same malware protection engine and definitions) Other customers may want to test FCS detection capabilities…


Slipstreaming a Client Security client installation

As I mentioned in my previous blog posting, there have been several updates to the FCS antimalware client since its release. Through traditional deployment methods you will install the release to manufacturing components(RTM) of the FCS client which has no updates and extremely limited detection capabilities. At installation, the client has the base 1.0.0.0 antimalware…


MarioForever Detection Issue With FCS

On or about December 9th, Microsoft Malware Protection Center included new information in the FCS definitions to ‘clean’ the file ‘user32.dll’ in the system32 and system32\dllcache folders which may have been modified at some earlier time by the Marioforever malware.  Most of these infections occurred in May/June 2008.  In those cases, signature updates were provided to…

0

Changing the management group to which an FCS client reports

During the course of your FCS deployment it may be necessary to redirect an FCS client from one FCS collection server to another.  Common reasons why an admin would do this include moving the machines from a test server to a production server or load balancing machines across down-level installations of an Enterprise Manager deployment. …


What Does CSS Need to Help Troubleshoot an FCS Issue?

Are you suspecting an Infection in your network?   If you suspect an Infection in your network and if you could find the infected file please upload the sample to the link https://www.microsoft.com/security/portal/submit.aspx Only one file can be submitted at one time and the size of that file is limited to 10 megabytes. Compress the…

0

Event 3002 with error 0x8007139f from FCSAMRtp when RTP security agent unchecked

On a system running the FCS Client, you may run into the event listed below which occurs on the local system and may cause an Alert to fire on the FCS Console. This issue can occur when the client system has had a Real-time protection Security Agent de-selected in the FCS Client UI. For example, if you do…

0