Hi we deploy Forefront Client Security on aproximatly 6500 computers.<br><br>All de process is easy winth scripts or WSUS or both. At this moment we have a treath<br>with the <span style="font-size:11pt;line-height:115%;font-family:'Calibri','sans-serif'"><strong>Virus:Win32/Sality.AM</strong> and <strong>Worm</strong><span style="font-size:11pt;line-height:115%;font-family:'Calibri','sans-serif'"><strong>:Win32/Sality.AM</strong> and a lot of other malware.<br></span>The malware causes files infection, reg keys deletion, FCS corruption.<br><br>We call to MS Support with the case SRX080826600424 anh they said us &quot;FCS <font face=Calibri>reports <br>was determined that the FCS client anti-malware files were older than the most current versions <br>available&quot; They built a hotfix <font face=Calibri>(KB956280 – 1.5.1958.0) and after <span><font face=Calibri>subsequent scans detected and <br>removed the malware.<br></font></span></font></font><br>Now all the computer pre-cleaned has the virus again. (Reinfected) <br><br>We call partners or another companies and they have removed FCS<br><br><font style="font-size:16px" color="#990000">In summary <strong><u>Microsoft</u> DONT KNOW HOW TO RESPONSE MALWARE THREATS </strong> and they just say &quot;If FCS<br>does not detect the malware please submit it (</font><a href="https://www.microsoft.com/security/portal/submit.aspx"><font style="font-size:16px" color="#990000">https://www.microsoft.com/security/portal/submit.aspx</font></a><font style="font-size:16px"><font style="font-size:16px" color="#990000">)&quot;<br>and the Management Consoles (MOM or FCS MC) dont help on this cases.<br><br></font><br></font>FCS could be integred on Enterprise Agreement but is not the better solution. Maybe on a few years with <span style="font-size:11pt;color:#1f497d;font-family:'Calibri','sans-serif'"><font color="#000000">Forefront codename &quot;Stirling&quot;</font></span><br><br><br>I Speak Spanish.. so my english is not perfect.</span><hr size="1" align="left" width="25%">H1R@M© 2009 Microsoft Corporation. All rights reserved.Wed, 22 Apr 2009 20:13:13 Z5e8164b0-43e9-43ac-a5e8-a02cbd9debb6http://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#5e8164b0-43e9-43ac-a5e8-a02cbd9debb6http://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#5e8164b0-43e9-43ac-a5e8-a02cbd9debb6Hiram Dantehttp://social.technet.microsoft.com/Profile/en-US/?user=Hiram%20Dante Hi we deploy Forefront Client Security on aproximatly 6500 computers.<br><br>All de process is easy winth scripts or WSUS or both. At this moment we have a treath<br>with the <span style="font-size:11pt;line-height:115%;font-family:'Calibri','sans-serif'"><strong>Virus:Win32/Sality.AM</strong> and <strong>Worm</strong><span style="font-size:11pt;line-height:115%;font-family:'Calibri','sans-serif'"><strong>:Win32/Sality.AM</strong> and a lot of other malware.<br></span>The malware causes files infection, reg keys deletion, FCS corruption.<br><br>We call to MS Support with the case SRX080826600424 anh they said us &quot;FCS <font face=Calibri>reports <br>was determined that the FCS client anti-malware files were older than the most current versions <br>available&quot; They built a hotfix <font face=Calibri>(KB956280 – 1.5.1958.0) and after <span><font face=Calibri>subsequent scans detected and <br>removed the malware.<br></font></span></font></font><br>Now all the computer pre-cleaned has the virus again. (Reinfected) <br><br>We call partners or another companies and they have removed FCS<br><br><font style="font-size:16px" color="#990000">In summary <strong><u>Microsoft</u> DONT KNOW HOW TO RESPONSE MALWARE THREATS </strong> and they just say &quot;If FCS<br>does not detect the malware please submit it (</font><a href="https://www.microsoft.com/security/portal/submit.aspx"><font style="font-size:16px" color="#990000">https://www.microsoft.com/security/portal/submit.aspx</font></a><font style="font-size:16px"><font style="font-size:16px" color="#990000">)&quot;<br>and the Management Consoles (MOM or FCS MC) dont help on this cases.<br><br></font><br></font>FCS could be integred on Enterprise Agreement but is not the better solution. Maybe on a few years with <span style="font-size:11pt;color:#1f497d;font-family:'Calibri','sans-serif'"><font color="#000000">Forefront codename &quot;Stirling&quot;</font></span><br><br><br>I Speak Spanish.. so my english is not perfect.</span><hr size="1" align="left" width="25%">H1R@MThu, 28 Aug 2008 17:33:52 Z2008-08-28T17:33:52Zhttp://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#b266acda-7911-4a60-9b46-bc1fc0c054achttp://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#b266acda-7911-4a60-9b46-bc1fc0c054acYounGunhttp://social.technet.microsoft.com/Profile/en-US/?user=YounGun Hi and thank you for your feedback,<br>Anti-virus technology such as Forefront has it's limitations. Especially after malware has infected your system. You will find that every security product out on the market will not detect all types of malware.<br><br>I will forward your feedback to the Malware Protection Engine team.Sun, 05 Oct 2008 13:39:19 Z2008-10-05T13:39:19Zhttp://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#40b6d61c-d961-4ac8-a4bb-f8afa1865f44http://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#40b6d61c-d961-4ac8-a4bb-f8afa1865f44Andrewm1972http://social.technet.microsoft.com/Profile/en-US/?user=Andrewm1972What happens in the event a virus is detected and ForefroClient Security doesn't have the updated signature for that infection?<br/>Does it go into Quarantine?Sun, 29 Mar 2009 05:03:01 Z2009-03-29T05:03:01Zhttp://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#709f9e8f-d1ea-45b4-9ddd-1313c67bba06http://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/5e8164b0-43e9-43ac-a5e8-a02cbd9debb6#709f9e8f-d1ea-45b4-9ddd-1313c67bba06Johan Blom, Forefront MVPhttp://social.technet.microsoft.com/Profile/en-US/?user=Johan%20Blom%2c%20Forefront%20MVPHi!<br/><br/>I agree completely with YounGun here. Antivirus software is protecting against <span style="text-decoration:underline">known</span> malware. and relying 100% on antivirus for protection against malware won't work. For a more complete protection against malware you need a defence in depth strategy where AV is one part. <br/><br/>to answer Andrewm1972: No, if the FCS, or any other AV product for that matter, does not have a definition for the malware it does not go into quarantine. it infects the computer. For it to end up in quarantine there has to be a definition for it since it's the AV product that put's it in there.<br/><br/>/J<hr class="sig">MCSE, forefront spec | www.msforefront.comWed, 22 Apr 2009 20:13:09 Z2009-04-22T20:13:09Z