What Does CSS Need to Help Troubleshoot an FCS Issue?


Are you suspecting an Infection in your network?


 


If you suspect an Infection in your network and if you could find the infected file please upload the sample to the link https://www.microsoft.com/security/portal/submit.aspx


Only one file can be submitted at one time and the size of that file is limited to 10 megabytes. Compress the file and password protect the file with the password “infected” (without quotes).           


If you want to submit more than one file for analysis, please compress the files into a single archive and password protect the files with the password “infected” (without quotes).


In the comments field please provide any information about the Infection.


Microsoft Malware Protection Center will send you the results of the analysis on the submission.


 FCS customers please contact Microsoft Customer Service and Support to raise an incident and follow the below steps.


You can also try these steps,


·         Run a Full Scan in the infected machine with the recent signature updates.


·         Try to isolate the machine from the network to avoid spreading the infection.


 


Are you facing an issue while installing Forefront Client Security?


 


Check the Prerequisites


·         http://technet.microsoft.com/en-us/library/bb404270.aspx


 


If you still experience issues after reviewing the Prerequisites, please contact Microsoft Customer Service and Support to raise an incident and follow the below steps


Server installation issues: Gather and provide the engineer with the topology you are attempting to install and computer and account information (see deployment guides)


Example:














































































Item


Description


Your Notes


Management server


Server name


 


Collection server


Server name


 


Collection database


Server name and SQL Server instance name (if it’s not the default)


 


Reporting server


Server name


 


Reporting


Database


Server name and SQL Server instance name


 


Distribution


Server


Server name


 


DAS Account


Domain user account required


 


DTS Account


Domain user account required


(Recommendation: re-use DAS account)


 


Reporting Account


Domain user account required


(Recommendation: re-use DAS account).


 


Action Account


Domain user account required


(Recommendation: re-use DAS account)


 


Management Group Name


Defined during Client Security setup


 


Reporting Server URL


Defined during SQL Server 2005 setup (Default:http://reportingservername/ReportServer)


 


Report Manager URL


Defined during SQL Server 2005 setup


(Default: http://reportingservername/Reports)


 


Size of Collection Database


Defined during Client Security setup


 


Size of Reporting Database


Defined during Client Security setup


 


WSUS Management URL


Created when installing WSUS


 


WSUS Client Configuration URL


Created when installing WSUS


 


 


Collect the failed setup log from the below location and share it with the Engineer who is contacting you


For Server role installation:


<Install drive>\Program files\Microsoft Forefront\Client Security\Server\Logs\Server_date.log


For Client installation:


%Program Files%\Microsoft Forefront\Client Security\Client\Logs


 


If your Forefront Clients are not getting the signature updates


 


Please execute the CSS Sec MPS report from the Link in the distribution Server http://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744


(If it’s a Single server topology run it in the FCS Server)


 


Also execute the CSS Sec MPS report from the Link in a client machine http://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744


and when Microsoft Engineer has contacted you request him/her for the Workspace to upload the output of the MPS Report.


 


For other Issues faced in Forefront Client Security


 


Execute the CSS Sec MPS report from the Link


http://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744


·         Run this in all the Forefront Client Security Server Roles.


·         If it’s a Single Server topology execute this in FCS Server.


·         To Run this Script you need to login with Administrator ID.


·         This Script will not take more than 5 to 15 minutes.


·         This Script is transparent and utilizes less processor time and memory.


·         Gather and provide the engineer with the topology you are attempting to install along with computer and account information (See Deployment Guides)


When Microsoft Engineer has contacted you request him/her for the Workspace to upload the output of the MPS Report.


 


What will the CSSSEC MPS Report log from your machine?


 


Information on IIS:


IIS Anonymous (IUSR) User Information


IIS Metadata and Module Information (MBSchema.xml, MetaBase.xml, sysinfo xml).


IIS Configurations and logs.


 


Windows update related Information:


WinHTTP Proxy Settings.


BITS (Service and Queued job Status)


Missing Security update Information.


 


FCS Information:


FCS Anti malware support Logs.


FCS Security State Assessment Information.


FCS Account Information.


FCS Client setup files.


FCS Database Information.


Profile settings of FCS Console.


Checks the Status for Forefront client dependency services.


 


MOM and reporting Services Information:


MOM Management Pack Information.


MOM *.mc8 Log Files.


MOM Configuration (Onepoint database size and permissions, System Center Reporting database Size and Permissions)


SQL reporting Services Information and logs.


 


Other Information:


Dcom Information.


Event Logs (Application, System and Security Event logs)


Schedule task Information.


Version of Windows OS.


Version and Symbol Information of Executables.


NTFS Information


Group Policy Information.


Disk Quota Information.


MS Office Information.


Hardware Information of the Local machine.


ISA Server Information.


Security center Configuration (Anti Virus, Firewall, Automatic Updates)


 


For More Information please read the readme file from the link: http://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744


 


Thanks


Swami


CSS Security Team


 

Comments (0)