Saturday, October 27, 2007

Forefront Client Security Features







1- Best Of Breed:
As Microsoft infrastructure products fit best together with its other Microsoft products, we offer FCS that integrate with AD infrastructure and integrate with your operating system well as. The anti virus vender is the same with the operating system vendor which present the Best Of Breed and integration between the same Microsoft platform ensuring that no Third parties overwrites or additional registry keys. beside other anti viruses while uninstalling, It doesn't remove all its registry keys and files.. FCS works best with Microsoft Desktops


2- Unified protection
While any antivirus system is based on windows system and its services, and while operating system is booting and starting service after service, you should know that the over-windows services always run the latest as kernel and core windows services must run first, till the operating system complete it’s loading and the antivirus service is not yet initiated, the operating system is 100% unsecured and as it have not any antivirus software installed , and any worm even it’s absolute worm can attack your system and kill your antivirus service at the first place !
With Forefront client security you ensure that operating system is batched with latest batches and hot fixes to ensure there are no worms attack that will use any old or new System vulnerability to launch attack on your system by distributing updates by Microsoft Software update Service


3- Best Of Class
One of the best antivirus have been before in house with low price against others


4 – Deployment
Setting get to client by means of group policies with the GPMC that add registry keys to the FCS Client to point him to his management server which present ease of use out-of-the-box


5- Reporting
With Microsoft SQL reporting engine, and with the managed MOM agent that’s deployed with FCS client, you can generate reports on incidents and events that had happened in the Viruses behavior in your network


· Awards
Info Security 2008 Global Product Excellence Finalist
ICSA Labs Certification
Virus Bulletin 100% Award
West Coast Labs Checkmark Certification



· Reporting Design



Summary:

Unified Protection
One solution for spyware and virus protection
Built on protection technology used by millions worldwide
Effective threat response
Complements other Microsoft security products

Simplified Administration
One console for simplified security administration
Define policy to manage client protection agent settings
Deploy signatures and software faster
Integrates with your existing infrastructure

Visibility and control
One dashboard for visibility into threats and vulnerabilities
View insightful reports
Stay informed with state assessment scans and security alerts

Tuesday, October 23, 2007

Microsoft Forefront Server Security Management Console Trial Version Available !

The Microsoft Forefront server Security management CONSOLE (FSSMC) is available now as RTM version and can be downloaded in the Download center as 120 Day Trial

Assistance of the FSSMC installations can be administered and supervised by Microsoft Forefront server Security and Microsoft antigen in a network together over a Web-based surface central.

http://www.microsoft.com/downloads/details.aspx?FamilyID=f9b669c6-6f9f-4c09-8457-c00b5b6ebd7a&displaylang=en


Microsoft Forefront Server Security Management Console User Guide

http://download.microsoft.com/download/f/7/2/f727049c-b15f-4754-bb1f-b36161ca8f28/FSSMC_Users_Guide.doc

Exclude Certian Processes From Forefront Scan Jobs

If one would like to exclude certain processes with Forefront Client Security (FCS) from the Scan by the anti-mark commodity engine, one does not become fuendig in the possible attitudes of a guideline in the Forefront Client Security management CONSOLE. There there is the possibility of listing paths and file extensions only unfortunately to indicate. One can deposit processes which can be excluded at present only directly in the Registry or by GPO (ADM):

For each process in addition under
HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes
new DWORD entry with the complete listing name of the process (e.g. "C:\WINDOWS\system32\Dienstname.exe") one puts on.

The value of these entries is always 0

Triggering Immediate Update Checker for Win and FCS updates

After you Deploy FCS you will wait the client operating system to detect updates based on the frequent that you specified in the group policy, but you can immediate trigger update detection by running this command in the RUN or CMD : wuauclt /detectnow .. here is a guide for some wuauclt command and its parametrs that i found usefull:

[Quote]

Client Troubleshooting Tool RequirementI'd like to see either one tool (i.e wuauclt.exe) that does "everything", or two tools: wuauclt (that runs client stuff) and waucltLINT (that sorts out issues, ala DNSLINT, etc). I can live with either, although there might be value in having 2. But in what follows, I've assumed that JUST wuauclt.exe is to be used.The following feartures/switches are needed.1. /? - list parameters and usage/? - describes usage of wuauclt.exeThe /? switch should be supported and give details of wuauclt usage. If client options are in error, this summary is displayed following an explanation of why the error occured. ALL command line tools should support this option.

2. Verbose mode console logging, with multiple levels/v - verbose mode/vv - very verbose modeBoth switches cause wuauclt to output normal log information to the command line (STDIO). /v provides basic information, while /vv logs greater detail. /vv is what is logged in normal logs. While wuauclt can log to a log file, it's more work for the admin when troubleshooting, The admin has to run the command, then navigate over to another folder, find the log, the navigate to the end of it, to find out where the run began. This is harder than it needs to be, and the /v, /vv options could just pipe log entries to stdio.

3. List client configuration/configlist - lists WUAUCLT configuration.This option lists all configuration items current by the client, and includes the client version number, AU policy/registry settings and provide details of all AU clients files, version numbers, file dates, etc. This helps admins (and MS) to ensure that the right client versions are loaded.

4. Install the correct AU client by force/installAUclient/installAUclientFromMicrosoftThis option causes the system to contact either the confiugred WSUS server, or Microsoft's WU server, and to reinstall forefully the latest version of the AU client. This enables admins (and MS) to ensure that the latest client versions are loaded, and enables download from Microsoft for roaming systems.

5. Make /DetectNow a little less silent/DetectNow - forces a client AU detection and logs detailsThe /detectnow option should log to stdio what it is doing. This includes what WU server is it contacting, how many updates are on the WU server, and how many are needed by the client, etc, and any information being sent back the server. This is really no change, just requesing some level of output to stdio. This makes troubleshooting quicker.

6. Clear Log File/clearlogfile - clears the client update log file/clearandsaveogfile - saves the current client update log file to a named file, then clears the update log.Currently, the client log appears to be non deletableand just grows. This is a potential DOS vector. Also, for troubleshooting, it's helpful to be able to clear the log (possibly saving it first for later detailed exam).

7. Download Updates Now/downloadnow - initiates an immiate downoad of any requried update using BITS/downloanowfast - initiates an initiates an immiate downoad of any requried update using HTTP.This option forces the AU client to start downloading of any outstanding updates. the secton version downloads using HTTP, and is therefore much faster in elapsed time and is mainly used for troubleshooting isues (or possibly to speed up larger updates). Often, expecially for laptops that have been 'abroad' for awhile, you want to just get all the approved updates NOW, and not wait for the next detection time.

8. Stop Downloading AU Updates/stopdownload - stops any AU updates being downloaded (either using HTTP, or BITS).This option stops the downloading of any AU updates either queued, or in progress. Just as you can invoke a download, you need to be able to stop it.

9. Test WSUS Server Connecttion/TestWSUSServer - checks connection with configured WU ServerThis option attempts to coonect to the WSUS server configured, and checks that a connection can be made, and that communcations between AU client and WSUS server is working. This would be useful for example, to diagnose network communications failures, or an internal firewall that might be accientally blocking some traffic between client and server.
[Quote/]

and don't forget to always check the \windowsupdate.log to see the AU error and sucess logs

Cheers

Monday, October 22, 2007

Forefront Client Security Startup Scan batch


When you deploy FCS, there is no option for making a startup scan, we can make this feature working by making a startup script with a batch file that run the following command

For Quick Scan:
%ProgramFiles%\Microsoft Forefront\Client Security\Client\Antimalware\mpcmdrun.exe scan scantype 1

For Full Scan:
%ProgramFiles%\Microsoft Forefront\Client Security\Client\Antimalware\mpcmdrun.exe scan scantype 2

tested ;)