locked
I need to exclude some checks reported by the Security State Assessment check. RRS feed

  • Question

  • I work in an organisation with approx 5000+ clients. We are in the process of migrating to Microsoft Forefront from McAfee. When I run the 'Security State Assessment Summary', there are a few checks which I would like to disregard. For example, each client machine has a built in Admin/special account logins which are set to never expire. These are bing flagged by the vulnerability report. Also, certain generic 'autologon' machines are being flagged that we have setup.

    Is there a way to exclude these and other checks from the SSA scan?
    Thursday, November 12, 2009 11:34 AM

Answers

  • Hi,

     

    Thank you for the post.

     

    As far as I know, The parameters of SSA checks are not configurable. For example, you cannot change which services the Unnecessary Services check identifies as possible vulnerabilities. We currently not support custom SSA checks.

     

    Regards,


    Nick Gu - MSFT
    Monday, November 16, 2009 8:17 AM
    Moderator

All replies

  • Hi,

     

    Thank you for the post.

     

    As far as I know, The parameters of SSA checks are not configurable. For example, you cannot change which services the Unnecessary Services check identifies as possible vulnerabilities. We currently not support custom SSA checks.

     

    Regards,


    Nick Gu - MSFT
    Monday, November 16, 2009 8:17 AM
    Moderator
  • Thanks for replying back Nick,

    I was led to believe that these checks will be configurable when thenext-gen version of Forefront (Stirling) is released.

    Is this true?

    Friday, November 20, 2009 12:30 PM
  • As far as I  know yes.  You can get SSA in v1 to disregard some items if you have them configured via Group Policy to be that way.. for example if you have more then X amount of admins locally on a system I believe SSA alerts on that HOWEVER if you have a GPO applied to that machine that specifies via the Restricted Groups feature that various users are in the Administrators group then SSA will disregard the results of that check as it believes you must know what you are doing if you have this specified via GPO.  So if you can find the correlating setting for a certain check in GPO you may be able to set that in your GPO's to override the results of those scans.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Wednesday, December 30, 2009 5:24 PM
    Moderator