Anmelden
Microsoft.com
 
Ressourcen für IT-Professionals
 
 
 
Ressourcen für IT-Professionals > Forenhomepage > Forefront Client Security Malware Technology and Response > Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS
Stellen Sie eine FrageStellen Sie eine Frage
Foren durchsuchen:
 

Allgemeine DiskussionMicrosoft DONT KNOW HOW TO RESPONSE MALWARE THREATS

  • Donnerstag, 28. August 2008 17:33Hiram Dante TeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillen
     
    Zum Abstimmen anmelden
    0
    Zum Abstimmen anmelden
     Hi we deploy Forefront Client Security on aproximatly 6500 computers.

    All de process is easy winth scripts or WSUS or both. At this moment we have a treath
    with the Virus:Win32/Sality.AM and Worm:Win32/Sality.AM and a lot of other malware.
    The malware causes files infection, reg keys deletion, FCS corruption.

    We call to MS Support with the case SRX080826600424 anh they said us "FCS reports
    was determined that the FCS client anti-malware files were older than the most current versions
    available" They built a hotfix (KB956280 – 1.5.1958.0) and after subsequent scans detected and
    removed the malware.

    Now all the computer pre-cleaned has the virus again. (Reinfected)

    We call partners or another companies and they have removed FCS

    In summary Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS  and they just say "If FCS
    does not detect the malware please submit it (    https://www.microsoft.com/security/portal/submit.aspx)"
    and the Management Consoles (MOM or FCS MC) dont help on this cases.


    FCS could be integred on Enterprise Agreement but is not the better solution. Maybe on a few years with Forefront codename "Stirling"


    I Speak Spanish.. so my english is not perfect.
    H1R@M
     

Alle Antworten

  • Sonntag, 5. Oktober 2008 13:39YounGun TeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillen
     
    Zum Abstimmen anmelden
    0
    Zum Abstimmen anmelden
    Hi and thank you for your feedback,
    Anti-virus technology such as Forefront has it's limitations. Especially after malware has infected your system. You will find that every security product out on the market will not detect all types of malware.

    I will forward your feedback to the Malware Protection Engine team.
     
  • Sonntag, 29. März 2009 05:03Andrewm1972 TeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillen
     
    Zum Abstimmen anmelden
    0
    Zum Abstimmen anmelden
    What happens in the event a virus is detected and ForefroClient Security doesn't have the updated signature for that infection?
    Does it go into Quarantine?
     
  • Mittwoch, 22. April 2009 20:13Johan Blom, Forefront MVPMVPTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillenTeilnehmermedaillen
     
    Zum Abstimmen anmelden
    0
    Zum Abstimmen anmelden
    Hi!

    I agree completely with YounGun here. Antivirus software is protecting against known malware. and relying 100% on antivirus for protection against malware won't work. For a more complete protection against malware you need a defence in depth strategy where AV is one part.

    to answer Andrewm1972: No, if the FCS, or any other AV product for that matter, does not have a definition for the malware it does not go into quarantine. it infects the computer. For it to end up in quarantine there has to be a definition for it since it's the AV product that put's it in there.

    /J
    MCSE, forefront spec | www.msforefront.com