Sign in
Microsoft.com
 
Forefront Client Security TechCenter
 
 
 
Forefront Client Security TechCenter > Forefront Client Security Forums > Forefront Client Security Alerting and Monitoring > Enabling managed clients to "Always Allow" instead of just "Permit"
Ask a questionAsk a question
Search Forums:
 

AnswerEnabling managed clients to "Always Allow" instead of just "Permit"

  • Monday, June 01, 2009 1:57 PMsmutech Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    The FCS client alerts when turned on to prompt users for unclassified software imply that the user can select "Always Allow", however that is not listed as an option in the alert action field when an alert is generated. For example, our environment is a Windows domain with WSUS/MOM, but being a university our end users are all administrators. This means we must try to protect them as much as possible, but allow them to make customized exceptions. If a department is using an application that loads in the startup, instead of excluding it globally, can the individual not just be offered the option to always allow, or is this just a feature of the unmanaged FCS? If so, and we can only add this as a policy exclusion, when do you add a path as an exclusion vs. adding as an  "Override"?

    Thanks!

     

Answers

  • Tuesday, June 09, 2009 6:22 AMNick Gu - MSFTMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    Hi,

     

    Thank you for posting.

     

    As far as I know, Unclassified software is software that is not explicitly identified in malware definitions as malware or as trusted software. If a Client Security agent detects suspicious behavior by unclassified software and the “Prompt user when unclassified software is detected” option is enabled in the policy applied to the computer, Client Security prompts the user. Users can choose whether to allow the detected action by the unclassified software.

     

    To configure how users experience the Client Security agent, please refer to the following steps:

    1.Under “Client options”, configure whether users can access the Client Security agent UI. Do one of the following:

    1).If you want to provide users with full access to the Client Security agent UI, select the “User can view all Client Security agent settings and messages” option.

    2).If you want to provide users with minimal access to the Client Security agent UI, select the “User can only view system tray icon and status messages” option. This is the default setting in a new policy. Regardless of user privileges, including administrator privileges, the user cannot access the Client Security agent UI.

     

    2.If you are allowing full access to the Client Security agent UI, configure whether only administrators can access the Client Security agent UI. Do one of the following:

    1).If you want to allow only administrators to access the Client Security agent UI, select the “Only administrators can change Client Security agent settings” check box.

    2).If you want to allow all users to change Client Security settings on a client computer, clear the “Only administrators can change Client Security agent settings” check box.

     

    3.If you are allowing full access to the Client Security agent UI, configure whether administrators are allowed to add scan exclusions for files, folders, and file types and overrides for malware responses. Do one of the following:

    1).If you want to allow administrators to configure exclusions and overrides, select the “Allow users to add exclusions and overrides” check box.

    2).If you do not want to allow administrators to configure exclusions and overrides, clear the “Allow users to add exclusions and overrides” check box.

     

    4.Configure whether the Client Security agent prompts users when it discovers unclassified software. Do one of the following:

    1).If you want the Client Security agent to prompt users, select the “Prompt users when unclassified software is detected” check box.

    2).If you do not want the Client Security agent to prompt users, clear the “Prompt users when unclassified software is detected” check box.

     

    Regards,

     

    Nick Gu - MSFT
     

All Replies

  • Tuesday, June 09, 2009 6:22 AMNick Gu - MSFTMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    Hi,

     

    Thank you for posting.

     

    As far as I know, Unclassified software is software that is not explicitly identified in malware definitions as malware or as trusted software. If a Client Security agent detects suspicious behavior by unclassified software and the “Prompt user when unclassified software is detected” option is enabled in the policy applied to the computer, Client Security prompts the user. Users can choose whether to allow the detected action by the unclassified software.

     

    To configure how users experience the Client Security agent, please refer to the following steps:

    1.Under “Client options”, configure whether users can access the Client Security agent UI. Do one of the following:

    1).If you want to provide users with full access to the Client Security agent UI, select the “User can view all Client Security agent settings and messages” option.

    2).If you want to provide users with minimal access to the Client Security agent UI, select the “User can only view system tray icon and status messages” option. This is the default setting in a new policy. Regardless of user privileges, including administrator privileges, the user cannot access the Client Security agent UI.

     

    2.If you are allowing full access to the Client Security agent UI, configure whether only administrators can access the Client Security agent UI. Do one of the following:

    1).If you want to allow only administrators to access the Client Security agent UI, select the “Only administrators can change Client Security agent settings” check box.

    2).If you want to allow all users to change Client Security settings on a client computer, clear the “Only administrators can change Client Security agent settings” check box.

     

    3.If you are allowing full access to the Client Security agent UI, configure whether administrators are allowed to add scan exclusions for files, folders, and file types and overrides for malware responses. Do one of the following:

    1).If you want to allow administrators to configure exclusions and overrides, select the “Allow users to add exclusions and overrides” check box.

    2).If you do not want to allow administrators to configure exclusions and overrides, clear the “Allow users to add exclusions and overrides” check box.

     

    4.Configure whether the Client Security agent prompts users when it discovers unclassified software. Do one of the following:

    1).If you want the Client Security agent to prompt users, select the “Prompt users when unclassified software is detected” check box.

    2).If you do not want the Client Security agent to prompt users, clear the “Prompt users when unclassified software is detected” check box.

     

    Regards,

     

    Nick Gu - MSFT