miércoles, 07 de abril de 2010 10:00
We have the confiker.B virus/worm whatever and I have noticed that on many client pc's and servers with Forefront client security installed, updated and with a green tick saying all is well, that this worm is still installed. I run a quick scan, it finds it, removes it and says to reboot to fully clean up. this is fine when done manually, but my fcs deployment policy does not allow for the default action to reboot. Therefore it cleans as best it can on a scheduled scan but as it doesn't reboot, the virus is still there. Now on servers I may actually not want it to reboot there and then, so my questions are:
1. can the default action set by fcs policy include a reboot if required?
2. can the default action send a sys admin an email telling them a reboot is required?
I am not able to rid our domain of this virus due to the fact that although protected by fcs without a reboot the scan and subsequent default action doesn't get rid of it.
thanx in advance for any and all replies
Todas las respuestas
lunes, 12 de abril de 2010 9:22Moderador
Thank you for the post.
No, it is by design. Real time scanning will detect when malware is dropped onto a servers' share, but it will not clean, it will only send a message back to the console stating that malware found and needs to be cleaned. An interactive prompt will only pop up inside a logged-in session on the server hosting/sharing the logical disk where the malware was detected. Then correct operation is to have the user intervention screen pop up, and on 10 minutes idle take the specified default action. For email notification, please refer to this link: http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/06/configure-e-mail-notifications-for-forefront-client-security-step-by-step-guide.aspx
Nick Gu - MSFT
- Propuesto como respuesta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator lunes, 12 de abril de 2010 9:22