Centrally manage the setting "Do not scan files accessed by these processes"
- Hi all,
Is there a way to centrally manage this setting that is (for the moment) available only in client console??
I've found the solution of copiyng registry keys between PCs but is not so smart.
I think that it may be done via and ADM/ADMX on Active Directory.
I' hope that the FCS team would include this feature in next revision of the product, but the customers are asking me for this feature right now... :)
Thanks,
Marco Lelli
Todas as Respostas
- So did some playing around with this and testing ....
The following will work with some caveats.
When in GP editor you have to do View>Filtering> and uncheck "Only show policy settings that can be fully managed"
You will need to edit the text to put in the path of the process you are trying to exclude.
Set the setting to enabled leave as default.
This is NOT in the Policies section of the registry and it appears that it will not work in that section as I tried to create it there and that branch seems to constantly be removed by the AM client possibly. Because it is not in the Policies section if you remove this GPO that exclusion will still be tattooed in the registry and you would have to figure out some way to remove it.
With that being said here you go use at your own risk... save the stuff inside the --- to a .adm file.
-----------------------------------------------------------------------------------------------
CLASS MACHINE
CATEGORY !!FCSCategory
POLICY !!Exclusion_NameKEYNAME "SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes"
EXPLAIN !!Exclusion_ExplainPart !!Exclusion_Description DROPDOWNLIST REQUIRED
VALUENAME "C:\Windows\system32\goodprocess.exe"
ITEMLIST
NAME !!Ignore_Default VALUE NUMERIC 0 DEFAULT
END ITEMLIST
END PART
END POLICYEND CATEGORY
[strings]FCSCategory="Microsoft FCS Threat Override"
Exclusion_Name="FCS Process Exclusion"
Exclusion_Description="FCS Process Exclusion"
Exclusion_Explain="Allows setting process exclusions for FCS so that it does not scan files touched by certain processes Not supported for W2K"Ignore_Default="Default"
----------------------------------------------------------------------------------------------------------------------------
CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Marco,
This "issue" has been communicated to Microsoft and, like your self, i agree that this is annoying that you cannot edit these settings centrally.
I am working on creating msi packages that adds the scanning exclusions nesessary for common Microsoft products and roles like Exchange, IIS DC, SQL server etc.
These msi files can be deployed centraly. I have already released the package for Exchange 2007 on www.codeplex.com
hope this helps
/Johan
MCSE, forefront spec | www.msforefront.com- Thanks Kurt and Johan,
I'll try the suggested solutions and i'll report you back the results.
Marco - Johan,
After reviewing the FCS Exchange 2007 exclusion list for directories, processes & extensions - I can see why you created the .msi files to do this automatically. However, we are running Exchange 2007 on Windows Server 2008 in a HyperV environment. Are there any .msi files yet for this configuration?
Thanks,
Frank Johan,
After reviewing the FCS Exchange 2007 exclusion list for directories, processes & extensions - I can see why you created the .msi files to do this automatically. However, we are running Exchange 2007 on Windows Server 2008 in a HyperV environment. Are there any .msi files yet for this configuration?
Thanks,
Frank
This is sorely needed, any update?Hi!
Thank you for the kind words.
Right now i'm completely swamped with work and my family barely recognize me anymore :-(. However i hear your pain and will try to post an update to the .msi file before end of this year. I'm very sorry but it's really the best i can do.
/Johan
MCSE, forefront spec | www.msforefront.comI'm sorry to hear that, and I understand where you are coming from that's for sure.
The technologies I am looking for are:
Exchange Server 2007 (All roles)
Active Directory Services
Windows Server 2K3/2K8,2K8R2
Hyper-V (critical issues on this one with FCS corrupted VMs, had to remove client because .xml exlcusion didn't work)
SQL Server
SharePoint 2007
Configuration Manager 2007
Operations Manager 2005/2007 R2
IIS
I may be leaving some out
