登入
 
首頁文件庫學習園地下載支援社群論壇
IT 專業人員的技術資源 > 論壇首頁 > Forefront Client Security - Security State Assessment > I need to exclude some checks reported by the Security State Assessment check.
發問發問
搜查論壇:
 

已答覆I need to exclude some checks reported by the Security State Assessment check.

  • Thursday, 12 November, 2009 11:34Jono2p 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票
    I work in an organisation with approx 5000+ clients. We are in the process of migrating to Microsoft Forefront from McAfee. When I run the 'Security State Assessment Summary', there are a few checks which I would like to disregard. For example, each client machine has a built in Admin/special account logins which are set to never expire. These are bing flagged by the vulnerability report. Also, certain generic 'autologon' machines are being flagged that we have setup.

    Is there a way to exclude these and other checks from the SSA scan?
     

解答

  • Monday, 16 November, 2009 8:17Nick Gu - MSFTMSFT, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     已答覆
    登入以投票
    0
    登入以投票

    Hi,

     

    Thank you for the post.

     

    As far as I know, The parameters of SSA checks are not configurable. For example, you cannot change which services the Unnecessary Services check identifies as possible vulnerabilities. We currently not support custom SSA checks.

     

    Regards,

    Nick Gu - MSFT
     

所有回覆

  • Monday, 16 November, 2009 8:17Nick Gu - MSFTMSFT, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     已答覆
    登入以投票
    0
    登入以投票

    Hi,

     

    Thank you for the post.

     

    As far as I know, The parameters of SSA checks are not configurable. For example, you cannot change which services the Unnecessary Services check identifies as possible vulnerabilities. We currently not support custom SSA checks.

     

    Regards,

    Nick Gu - MSFT
     
  • Friday, 20 November, 2009 12:30Jono2p 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票

    Thanks for replying back Nick,

    I was led to believe that these checks will be configurable when thenext-gen version of Forefront (Stirling) is released.

    Is this true?

     
  • Wednesday, 30 December, 2009 17:24Kurt FaldeMSFT, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票
    As far as I  know yes.  You can get SSA in v1 to disregard some items if you have them configured via Group Policy to be that way.. for example if you have more then X amount of admins locally on a system I believe SSA alerts on that HOWEVER if you have a GPO applied to that machine that specifies via the Restricted Groups feature that various users are in the Administrators group then SSA will disregard the results of that check as it believes you must know what you are doing if you have this specified via GPO.  So if you can find the correlating setting for a certain check in GPO you may be able to set that in your GPO's to override the results of those scans.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde