Forefront End Point Protection 2010 bug or what ? RRS feed

  • Question

  • In FEP 2010, all malware are incidently suspended and then notification is popped up to user to immediately take the remediation action. It is possible through policy settings as to what possible policy actions would be available, also it is possible to specify timings of remediation scan to run at specific time.

    However it is by no means possible to stop the prompt/popup to the user that malware is discovered. (Even after hiding the icon, popup is unavoidable).

    At one of our customer site, there is numbers of network virus hits, user must get through just because there are viruses in the network and unavoidable type of structure. Users are getting bothered by lot of popups comming to their desktop and end users are totally non technical. and it is very annoying for them.

    As administrators we should be able to set the policy to take auto remediate action, and log the incident but not to disturb the user rather we should have alert or something in SCOM or through SCCM.

    Bothering the user is very confusing to the user and on increased number of attacks non technical users are simply not able to work !

    I am really afraid my current client would discontinue using this product provided we remain unable to provide suitable resolution to this big draw back.

    Solution or hint towards that would be appreciated.

    Shahid Roofi
    Monday, May 16, 2011 6:42 AM


  • Hi,

    Thanks for the post.

    Actually it is an expected behavior of Real-Time Protection (RTP). The alerts messages are generated by the real-time protection when malware is detected, therefore it is strongly recommended to enable the RTP (http://technet.microsoft.com/en-gb/library/ff823843.aspx?mkt=en-us) and don't disbaled it to hide these alerts messages.

    Thanks for your understanding and cooperation.



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Monday, May 23, 2011 5:54 AM
    Tuesday, May 17, 2011 2:35 AM