locked
Pre-Approving system changes blocked by ForeFront protection RRS feed

  • Question

  • The college I work in is looking to deploy Impero classroom management software.  Lets you take control of machines from a console, block net/mapped drive access etc.. 

    However it runs as a service, the server can install the software onto the classroom machines but this won't actually work until ForeFront approves the creation of the service and another few bits and bobs.

     

    Is there a way I can pre-approve these requirements for this application, it'll be a nightmare deploying this by hand.   There are hundreds of PCs involved.

     

    We have a single server FF install which is working well, WSUS pushing out updates nicely.

     

    Thanks,

     Pete

     

    Wednesday, February 13, 2008 3:39 PM

All replies

  •  

    Hey Pete,

     

    First of all, glad to hear that your are enjoying yourself with you FCS deployment :-)

     

    now, to the answer:

    when FCS blockes something, it categorize it to a specific category or block it beacuse of a specific malware/adware found. your can check on the client itself or on the FCS reporting histroy on what category/malware your application was block for and use FCS policy (overrides tab) in order to override the default FCS behavior when discovering that "so-called' threat.

     

    This should answer your needs...

    Wednesday, February 13, 2008 9:27 PM
  • http://picasaweb.google.com/phatpete/ForefrontProblem/photo?authkey=EPPCQdE4HQM#5166805063178550242

     

    I looked at that, the pic on the left is the workstation with one of the approved changes visible.

     

    The right side is the server, which is just  ablanket approval for "unknown"

     

    Thanks for the quick reply, hopefully I'm missing something silly.

     

    Cheers,

     Pete

    Thursday, February 14, 2008 12:04 PM
  •  

    Hey Pete,

     

    Unfortunatly when such a case of unknown happens, I suggest you go to:

    https://www.microsoft.com/security/portal/submit.aspx

     

    and submit this exe file as a false positive with an explenation on exactly what change in registry it falls on when the FCS detects it.

     

    The Malware team should check the file and hopefully release an update definitions that exclude this file...

    Thursday, February 14, 2008 5:19 PM
  • I'll try rolling it out via SMS then I think, see if that can get round ForeFront.  I don't particularly fancy having to go through that for anything we need to push out to machines which needs changes.

     

    Thanks for the response,I'll use that link if SMS can't do it.

     

     Pete

    Friday, February 15, 2008 9:14 AM