TechNet - Только для профессионалов. Специально для Вас. >
Форумы
>
Forefront Client Security Malware Technology and Response
>
Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS
Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS
- Hi we deploy Forefront Client Security on aproximatly 6500 computers.
All de process is easy winth scripts or WSUS or both. At this moment we have a treath
with the Virus:Win32/Sality.AM and Worm:Win32/Sality.AM and a lot of other malware.
The malware causes files infection, reg keys deletion, FCS corruption.
We call to MS Support with the case SRX080826600424 anh they said us "FCS reports
was determined that the FCS client anti-malware files were older than the most current versions
available" They built a hotfix (KB956280 – 1.5.1958.0) and after subsequent scans detected and
removed the malware.
Now all the computer pre-cleaned has the virus again. (Reinfected)
We call partners or another companies and they have removed FCS
In summary Microsoft DONT KNOW HOW TO RESPONSE MALWARE THREATS and they just say "If FCS
does not detect the malware please submit it (https://www.microsoft.com/security/portal/submit.aspx)"
and the Management Consoles (MOM or FCS MC) dont help on this cases.
FCS could be integred on Enterprise Agreement but is not the better solution. Maybe on a few years with Forefront codename "Stirling"
I Speak Spanish.. so my english is not perfect.
H1R@M
Все ответы
- Hi and thank you for your feedback,
Anti-virus technology such as Forefront has it's limitations. Especially after malware has infected your system. You will find that every security product out on the market will not detect all types of malware.
I will forward your feedback to the Malware Protection Engine team. - What happens in the event a virus is detected and ForefroClient Security doesn't have the updated signature for that infection?
Does it go into Quarantine? - Hi!
I agree completely with YounGun here. Antivirus software is protecting against known malware. and relying 100% on antivirus for protection against malware won't work. For a more complete protection against malware you need a defence in depth strategy where AV is one part.
to answer Andrewm1972: No, if the FCS, or any other AV product for that matter, does not have a definition for the malware it does not go into quarantine. it infects the computer. For it to end up in quarantine there has to be a definition for it since it's the AV product that put's it in there.
/J
MCSE, forefront spec | www.msforefront.com
