locked
Terminal Server restart after FCS finds a virus RRS feed

  • Question

  • Hi,

    Can you let me know what your best practice is for FCS combined with Terminal Server? We had a situation that a user gets the question for rebooting the server (kicking out 100 users without warning) after the user surfed to a website with a virus that aparently is severe enough for Forefront to fire that trigger. We changed that but now the server reboots automatically after the virus event. Also very unpleasant. Just want to check your view on this: 

    Q: Did you configure Forefront to give a message about a virus at all?

    Q: How do you handle the "reboot trigger" from FCS on a Terminal Server environment? Just set a warning for the admin to do a reboot when suitable?

    Thanks in advance

    Regards, 

    Bernhard 

    Sunday, May 6, 2012 6:23 AM

Answers

  • Hi Bernhard,

    Thank you for the post.

    Can you let me know what your best practice is for FCS combined with Terminal Server?
    Just set scan exclusion according to KB822158 and set Sypnet Reporting settings off. Another KB960092 is released for the terminal server also runs Citrix Citrix MetaFrame Presentation gray screen issue.

    Did you configure Forefront to give a message about a virus at all?
    You need to enable "User can view all Client Security agent settings and messages" option in FCS policy.
    When users have no access to the Client Security agent UI, this means they receive no notification when the agent detects malware during scheduled or interval scans.
    http://technet.microsoft.com/en-us/library/bb418862.aspx

    How do you handle the "reboot trigger" from FCS on a Terminal Server environment?

    The reboot default action is defined in the definition file. You could only set override response entry to avoid rebooting. But I recommended you search the malware via Malware encyclopedia, perform the Prevention suggestions (like enable firewall, patch latest windows update,use strong passwords) to prevent infecting the malware.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support


    • Edited by Rick Tan Wednesday, May 9, 2012 3:11 AM
    • Marked as answer by Rick Tan Wednesday, May 16, 2012 1:42 AM
    Wednesday, May 9, 2012 3:10 AM