Sign in
Microsoft.com
 
Forefront Client Security TechCenter
 
 
 
Forefront Client Security TechCenter > Forefront Client Security Forums > Forefront Client Security Malware Technology and Response > Red X will not go away!
Ask a questionAsk a question
Search Forums:
 

Proposed AnswerRed X will not go away!

  • Wednesday, August 19, 2009 9:12 PMAndrewm1972 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Good day!

    Forefront Managed Systems
    Full Scans once a week.  No Quick Scans.
    No End User Access (locked down)
    Fully Managed by System Admin
    Virus detected- Icon turned from green check mark to Red X.
    Red X will not clear up.  Been about a week now.

    Anything I can do besides editing the Policy and giving End Users access to Forefront settings?
    I was under the assumption this would automatically clear up (automatically Smart-Clean).


    Regards-

    Andrew
     

All Replies

  • Friday, August 21, 2009 10:03 AMNick Gu - MSFTMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Proposed Answer
    Sign In to Vote
    0
    Sign In to Vote

    Hi,

     

    Thank you for your post.

     

    According to your description, I understand that the Red X live in the system tray. If anything misunderstand, please let me know.

     

    The red x means that Forefront Client Security has detected your system being infected by some sort of malware. If you have action access, you can click on the icon and choose “Take recommended action” from the menu. If no access, you will have to edit the policy to allow you to open the client GUI. After redeploy the policy and run gpupdate /force on the client computer.

     

    Regards,

    Nick Gu - MSFT
     
  • Friday, August 21, 2009 12:18 PMAndrewm1972 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Nick-thanks for the response.

    Let me clarify.
    I have managed Forefront installed.  The default Forefront Policy is fully managed by the System Admin (no end user access at all).
    If forefront detects Malware, the Green check Mark becomes a Red X.

    From my knowledge, Forefront Client Security immediately suspends the infected file,  then after a few minutes, it automatically takes recommended action.

    For an Enterprise with 2000+ Computers, editing and redloying the Forefront Policy to allow the 'End User' to Smart Clean is not a good alternative.

     
  • Monday, August 24, 2009 2:22 AMNick Gu - MSFTMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Hi,

     

    Thank you for your update.

     

    Yes, you are right. Forefront Client Security immediately suspends the infected file then after 10 minutes (non configurable time) it automatically takes recommended action. You should confirm whether the policy has deployed successfully. Please run gpupdate /force on the client computer.

     

    Regards,

     

    Nick Gu - MSFT
     
  • Monday, August 24, 2009 12:19 PMAndrewm1972 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Thanks for your response.
    I checked and double checked the policy and it did apply successfully.  This only happens to a handful of clients.
    I ended up modifying the security group that the pc's were in so I could smart clean, but this cannot be a good alternative in the future (espeially if this affects numerous clients).
    Is MSFT aware of this "bug"?