Understanding catch-up scans

A catch-up scan is a scan that is initiated because a regularly scheduled Forefront Client Security antimalware scan was missed.  Usually these scheduled scans are missed because the computer was turned off at the scheduled time.  The FCS documentation at http://technet.microsoft.com/en-us/library/bb418896.aspx states: Scheduled malware scans enable you to choose the time of day when the…


Testing FCS antimalware detection with your own library

During evaluation of the Forefront Client Security antimalware protection many customers will review the information provided by independent antimalware testers such as http://www.av-test.org/ http://www.virusbtn.com/ http://www.av-comparatives.org/ (When reading these sites, note that Microsoft’s Forefront Client Security and OneCare products use the same malware protection engine and definitions) Other customers may want to test FCS detection capabilities…


Slipstreaming a Client Security client installation

As I mentioned in my previous blog posting, there have been several updates to the FCS antimalware client since its release. Through traditional deployment methods you will install the release to manufacturing components(RTM) of the FCS client which has no updates and extremely limited detection capabilities. At installation, the client has the base 1.0.0.0 antimalware…


MarioForever Detection Issue With FCS

On or about December 9th, Microsoft Malware Protection Center included new information in the FCS definitions to ‘clean’ the file ‘user32.dll’ in the system32 and system32\dllcache folders which may have been modified at some earlier time by the Marioforever malware.  Most of these infections occurred in May/June 2008.  In those cases, signature updates were provided to…

0