로그인
Microsoft.com
 
Resources for IT Professionals
 
 
 
Resources for IT Professionals > 포럼 홈 > Forefront Client Security Malware Technology and Response > Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS
질문하기질문하기
포럼 검색:
 

일반 토론Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS

  • 2008년 8월 28일 목요일 오후 5:33Hiram Dante 사용자 메달사용자 메달사용자 메달사용자 메달사용자 메달
     
    로그인하여 투표
    0
    로그인하여 투표
     Hi we deploy Forefront Client Security on aproximatly 6500 computers.

    All de process is easy winth scripts or WSUS or both. At this moment we have a treath
    with the Virus:Win32/Sality.AM and Worm:Win32/Sality.AM and a lot of other malware.
    The malware causes files infection, reg keys deletion, FCS corruption.

    We call to MS Support with the case SRX080826600424 anh they said us "FCS reports
    was determined that the FCS client anti-malware files were older than the most current versions
    available" They built a hotfix (KB956280 – 1.5.1958.0) and after subsequent scans detected and
    removed the malware.

    Now all the computer pre-cleaned has the virus again. (Reinfected)

    We call partners or another companies and they have removed FCS

    In summary Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS  and they just say "If FCS
    does not detect the malware please submit it (    https://www.microsoft.com/security/portal/submit.aspx)"
    and the Management Consoles (MOM or FCS MC) dont help on this cases.


    FCS could be integred on Enterprise Agreement but is not the better solution. Maybe on a few years with Forefront codename "Stirling"


    I Speak Spanish.. so my english is not perfect.
    H1R@M
     

모든 응답

  • 2008년 10월 5일 일요일 오후 1:39YounGun 사용자 메달사용자 메달사용자 메달사용자 메달사용자 메달
     
    로그인하여 투표
    0
    로그인하여 투표
    Hi and thank you for your feedback,
    Anti-virus technology such as Forefront has it's limitations. Especially after malware has infected your system. You will find that every security product out on the market will not detect all types of malware.

    I will forward your feedback to the Malware Protection Engine team.
     
  • 2009년 3월 29일 일요일 오전 5:03Andrewm1972 사용자 메달사용자 메달사용자 메달사용자 메달사용자 메달
     
    로그인하여 투표
    0
    로그인하여 투표
    What happens in the event a virus is detected and ForefroClient Security doesn't have the updated signature for that infection?
    Does it go into Quarantine?
     
  • 2009년 4월 22일 수요일 오후 8:13Johan Blom, Forefront MVPMVP사용자 메달사용자 메달사용자 메달사용자 메달사용자 메달
     
    로그인하여 투표
    0
    로그인하여 투표
    Hi!

    I agree completely with YounGun here. Antivirus software is protecting against known malware. and relying 100% on antivirus for protection against malware won't work. For a more complete protection against malware you need a defence in depth strategy where AV is one part.

    to answer Andrewm1972: No, if the FCS, or any other AV product for that matter, does not have a definition for the malware it does not go into quarantine. it infects the computer. For it to end up in quarantine there has to be a definition for it since it's the AV product that put's it in there.

    /J
    MCSE, forefront spec | www.msforefront.com