Hi All!
I just wanted to let you know that i just finished developing the FEP training (...or actually it includes Forefront protection for Exchange and SharePoint as well).
Currently it's all in Swedish but if you want training in English that is no problem at all. The training is currently offered in Stockholm, Sweden but, again, if you are interested in Forefront training anywere in the world is not an issue as long as you have a faciliy and a stable, high speed Internet connection. I'll take care of the rest (including hardware). Just send an email to johan [at] msforefront.com
You Swedes...go sign up here :-)
http://www.labcenter.se/Lab/2069
I'm also offering a revamped Malware Internals training. This is a really fun and interesting 3 day training designed for anyone working with AV products and/or is interested in Malware. How they work, how you detect them, how they try to go undetected and how you clean them. This is invaluable info for incident respons teams, IT pros and AV administrators. we work only with live malware and we build our own bot net in the classroom.
as all labs they are hands-on intensive.
http://www.labcenter.se/Lab/2043
/Johan
Hi!
A computer system meant to detect problems with aircraft was infected with malware according to air crash investigators.
Spanish newspaper El Pais late last week released a report claiming that an internal investigation by Spanair, the airline concerned, revealed that a computer in the company’s headquarters in Palma, Majorca was infected with a Trojan Horse. The computer in question was used to spot technical faults in aircraft and the infection prevented it from working properly which could have contributed to the crash of flight 5022 which killed 154 people in 2008.
I read this story about the plane crash that happened in Madrid airport a few years ago. Malware moves to crashing computers to killing people... well maybe to drastic of a conclusion but this is really scary, and who is to balme? the airport for not protecting the computer or the viruswriter? i am leaning towards the latter, but there is also a responibility to protect important systems (i don't know enough about the infected system to know to what extent it was protected).
Hope this is a wake up call.
My heart goes out to all families and those who lost someone in the crash.
/Johan
Forefront Client Security Offline Asset Removal Tool
This is a tool that i have been waiting for for a looong time (ok i got a sneak peek a few months ago, but now its officially released).
As your computers go offline or gets rebuilt the records in MOM db does not clean itself out and you end up with orphaned computer objects. If you are a neat freek, like myself, you don't like this. There is no way of getting rid of these ojects in bulk, you have to do it one by one and that adds administration overhead.
The tool and commadline options are available here:
http://support.microsoft.com/kb/2272146
so fire up the tool and go clean out those dead objects!
...and the good thing is that its friday today so you have something to do over the weekend.
Enjoy!
/Johan
Hi guys and girls!
Finally FEP 2010 goes public!
The beta is now released. Download here: http://www.microsoft.com/downloads/details.aspx?FamilyID=8b46c3ff-d9a0-4741-8ba5-458c1b3d2257&displaylang=en
You will have to have SCCM 2007 R2 (or install it) in your infrastructure to be able to manage FEP 2010. Managing FEP is done within SCCM console unlike FCS which had a separate dashboard.
Key new features that you will be able to evaluate in this beta release are:
-
Integration with Configuration Manager - Single interface for managing and securing endpoints reduces complexity and improves troubleshooting and reporting insights.
-
New Antivirus Engine - Highly accurate and efficient threat detection protects against the latest malware and rootkits with low false positive rate.
-
New behavioral threat detection - Protection against “unknown” or “zero day” threats provided through behavior monitoring, emulation, and dynamic translation.
-
Dynamic Cloud Updates: On-demand signature updates from the cloud for suspicious files and previously unknown malware
-
Windows Firewall management - Ensures Windows Firewall is active and working properly on all endpoints, and allows administrators to more easily manage firewall protections across the enterprise. You can only control FW on/off for the different FW profiles, you can not configure ports etc.
Some other stuff that we missed in FCS will be in FEP 2010, like:
- Right-click menu to scan a folder
- Beeing able to update definitions from UNC path (good for satelite offices where there is no WSUS and maybe a slow wan link)
- Visibility of clients that do NOT have FEP installed
- Automatic client migration from currently installed AV (including FCS v.1) to FEP 2010 (Not including all AV vendors or all versions)
- ...and more
Unfortunatly my lab computer is in the shop for a seroius upgrade (it used to have 16 cores and 12 GB RAM...i figured it needed more :-)) however this means i can not post screen shots etc yet...but be sure that i will as soon as i get my box back.
Stay tuned! i'll be back shortly
/Johan
Hi!
When you hear about a specific malware threat, do you ever wonder which definition version i need as a minimum to be protected? In comes Microsoft Malware portal :-)
On our client (or in FCS reports) you find the currently installed definition version.
Now, go to www.microsoft.com/security/portal and under "Get the latest Definitions" > "Definition Change log"
You can change the definition to the one you have (if not the latest) at the bottom right (see image) to find out if the threat is included for that definition.
Enjoy!
/Johan
Microsoft recently released a Hotfix Rollup 1 package for FPE 2010.
Read all about the included fixes here (and download)
http://support.microsoft.com/kb/2181692
/Johan
As Windows 2000 nears the end of it’s support cycle, we wanted to make sure you had the most up to date info on running FCS on computers running Windows 2000:
Customers using Forefront Client Security (FCS) who are unable to migrate to OS versions beyond Windows 2000 before July 13, 2010 will continue to receive support for the FCS product as follows:
- FCS on computers running Windows 2000 will continue to receive antimalware definition updates.
- Microsoft support will continue to provide resolution assistance for issues specifically with the FCS agent.
- FCS related issues that require a fix for the operating system code base will not be supported. For these issues, customers may consider the Custom Support Program.
Support for issues relating to FCS on computers running Windows 2000 will be provided based on the FCS support lifecycle policy (Mainstream support retires on 10/09/2012; Extended Support retires on 10/10/2017).
Hi!
If you wondered what FOPE or Forefront Online Protection is and wanted to know more, here is a screencast.
http://blogs.technet.com/b/forefront/archive/2010/06/15/screencast-forefront-online-protection-for-exchange-101.aspx
Enjoy!
/Johan
Hi!
We've been waiting a while for FEP.
I've been installing and playing around with it so quite some time. I first installed parts of "stirling" in october 2007. Now Stirling is no more and when NDA is lifted i'll tell you more and where everything fits.
There is a public beta of FEP coming soon and once that is out i can really start blogging about FEP how to install, features and functions.
FEP is built on SCCM and for those who have SCCM installed, installing FEP is a pice of cake (not very consultanat friendly :-))
Since it's built on sccm you have the deployment fuctionality "built in"
Stay tuned because FEP Beta will be public soon!
/Johan
Hi Guys!
I know i've been offline for a while...that's what a baby and no sleep at night will do to you. :-)
Below is an update from Craig regarding FCS BPA.
At the end of last week we published additions to the FCS BPA. The revisions are again described in KB976986. The new checks are focused on database related issues including:
- Database sizing
- DTS job failures
- Last backup times
- Threat metadata problems
As promised in our last BPA announcement, it also contains usability improvements like a start menu shortcut and status bars during scanning.
To test drive the new additions, visit the download center.
Thanks, and happy analyzing,
Craig Wiand
Microsoft Forefront Escalation Engineer
Hello!
I found this out a couple of weeks ago but then it was under NDA. Now i see that the news is public so i can blog about it.
The central console Forefront Protection Manager (Stirling Console) will not be released. instead FEP will be managed through the SCCM console and FPE and FPSP will be centrally managend through the existing FSSMC (a Service pack will be released to handle the new version of Exchange and SharePoint protection.)
Here is the story:
As enterprise IT evolves, Microsoft continues to evolve its Forefront security management strategy. In order to best help customers simplify the security experience and manage compliance, we are aligning security management with systems and application management.
As part of this strategy, Forefront Protection Manager (FPM) will not be released to market. Instead, multi-server management for Forefront Protection 2010 for Exchange Server (FPE) and Forefront Protection 2010 for SharePoint (FPSP) will be delivered through a streamlined solution for messaging and collaboration workloads, both on-premises and in the cloud. We will share additional details on this solution in the future.
To address customer needs in the near-term, we will release the following in the second half of 2010 at no additional cost to FPE and FPSP customers:
· A Service Pack release for our established Forefront Server Security Management Console (FSSMC) that will expand support for multi-server management to the latest versions of FPE and FPSP.
· A Forefront Server Security Script Kit that will allow IT administrators to use Remote PowerShell to configure and report on multiple deployments of FPE and FPSP throughout the enterprise.
More about our long term strategy:
We are aligning security management with systems and application management at two levels. The first level will deliver risk management across protection, access, and identity, providing end-to-end visibility into the enterprise and helping enable compliance. The second level will operationalize and simplify security management by building on application workloads and providing a consistent management experience across physical, virtual, and cloud environments.
As part of this strategy, we announced earlier that Forefront Endpoint Protection 2010 will be built on System Center Configuration Manager for centralized deployment, configuration, updating, and reporting. This will allow customers to configure, patch, and protect their desktops and laptops with the same infrastructure, delivering comprehensive security with greater efficiency. This solution is on track for a planned release to market in the second half of 2010.
Link to the story: http://blogs.technet.com/forefront/archive/2010/04/20/update-on-forefront-security-management.aspx
Stay tuned for more updates
/Johan
There will release a new antimalware engine update for FCS. Full information on the updates included with the release will be published in a KB article once the update is released. The KB article is Microsoft Knowledge Base article 979536 (http://support.microsoft.com/kb/979536).
Currently, we are slated to release the update (and the KB) on 13 April 2010 – if there is a change in this schedule, this blog post will be updated.
The items included in the update are summarized below:
- Malware detected while a user is not logged on will have the default action (defined either in policy or by the definitions) taken. Previously, the malware was suspended (making the malware unable to run, and unavailable to other applications), thereby rendering the computer protected, but the default action was not taken.
- Update to the installer to no longer use DIFx for Applications. This fixes update and uninstall issues on computers running Windows 2000.
- The FCS antimalware service sometimes unexpectedly exits on Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2.
This update also replaces some earlier fixes and updates – the full list is in the KB article.
The update is available via Microsoft Update and WSUS. The KB article also includes instructions for downloading it separately for distribution via some other method.
Enjoy
/Johan
More Posts
Next page »