MarioForever Detection Issue With FCS

On or about December 9th, Microsoft Malware Protection Center included new information in the FCS definitions to ‘clean’ the file ‘user32.dll’ in the system32 and system32\dllcache folders which may have been modified at some earlier time by the Marioforever malware.  Most of these infections occurred in May/June 2008.  In those cases, signature updates were provided to…

0

Changing the management group to which an FCS client reports

During the course of your FCS deployment it may be necessary to redirect an FCS client from one FCS collection server to another.  Common reasons why an admin would do this include moving the machines from a test server to a production server or load balancing machines across down-level installations of an Enterprise Manager deployment. …


What Does CSS Need to Help Troubleshoot an FCS Issue?

Are you suspecting an Infection in your network?   If you suspect an Infection in your network and if you could find the infected file please upload the sample to the link https://www.microsoft.com/security/portal/submit.aspx Only one file can be submitted at one time and the size of that file is limited to 10 megabytes. Compress the…

0

Event 3002 with error 0x8007139f from FCSAMRtp when RTP security agent unchecked

On a system running the FCS Client, you may run into the event listed below which occurs on the local system and may cause an Alert to fire on the FCS Console. This issue can occur when the client system has had a Real-time protection Security Agent de-selected in the FCS Client UI. For example, if you do…

0

Understanding Forefront Client Security SP1 and getting “up-to-date”

The Forefront Client Security team announced the release of Service Pack 1(SP1) last month.  As described in the announcement SP1 is a server-only update.  As this is a departure from what many folks are used to it causes a little confusion about which updates apply to which machines and how to be “up-to-date”.  In the…


Welcome to the FCS Support Blog

The CSS Security Support Team will be posting to this blog to inform FCS customers about common support issues seen in the field.  If you have a topic you would like to see covered, please post a comment and we will attempt to address it. Thanks, CSS Security Support Team

1

FCS with MOM 2005 Database Guidance

  All information provided here is in regards to Forefront Client Security 1.0.  There are no guarantees on the information provided.   Default DB sizes during FCS Setup Database sizing Transaction log file sizing Hard Disk Spindles Troubleshooting Appendix   Default DB sizes during FCS Setup During the FCS install process, the default setting for…

1