Forefront TMG Malware Inspection False Positive Detection


Recently I saw this thread on the TMG Forum and found it very interesting as it was quiet easy to repro. Yesterday Microsoft released a signature update that address this issue. The problem that TMG’s administrators were facing is documented here:

image

From: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3aJS%2fBlacole.BW

Make sure to go to TMG Update Center and force an update (in case Malware Inspection is not showing as 1.119.1988.0). If it is higher than that you should be fine as shown below:

image

Comments (1)

  1. Another good reference about this issue is documented here isc.sans.edu/diary.html