locked
2 questions on HOW the protection engines work RRS feed

  • Question

  • We are currently in the middle of heading a project of a FFCS implementation in a 3-server topology.  The company is asking the following questions, and i find them to be pretty damn good questions.  Can anyone help in answering these for me.  Thanks.

     

    1.  I undestand that FFCS allows you to choose from using X amount of anti-virus engines to protect end-user machines.  I also understand that MS provides the updates and definition files to your environment for you to push to the FFCS Agents.

    Now lets say you choose to use AV engine "Trend Micro".  Lets say that tomorrow a new AV is found and TM produces definition files to protect its customers from this AV.  It then provides its direct paying customers with the availability to get the latest definition files.

    How far form of a time frame from when these definition files are released TM, does MS Forefront provide the same definition files to it's customers?

     

     

    2.  Lets say you perform a scan on a workstation using FFCS.  You have selected to use 3 AV engines for scanning the workstation.  Lets say AV Engine 1 finds a file named FILE-X and dubs its a "threat".  Then AV Engine 2 finds FILE-X and doesn't consider it a threat.  Finally, AV Engine 3 finds FILE-X and dubs it a threat.

    Is this going to be reported as a threat to the management console?
    What is making the decision as if it is ACTUALLY a threat or not (based on the AV engines choices)?

    • Moved by Nick Gu - MSFT Wednesday, November 3, 2010 2:00 AM (From:Forefront Client Security Malware Technology and Response)
    Wednesday, October 13, 2010 12:20 AM

Answers

  • Hi,

     

    Thank you for the post.

     

    ”I understand that FFCS allows you to choose from using X amount of anti-virus engines to protect end-user machines”- No, Forefront Client only has one engine, the Microsoft malware engine. 

     

    According the description, you may confused FCS with Forefront Server Security solutions (Exchange, SharePoint, OCS) which includes Microsoft, Kaspersky, Authentium, Virus Buster, and Norman. 

     

    Regards,

    ========

    After receiving a lot of feedbacks from the community, it was decided to conduct the Forefront Products and Technologies Forums consolidation to improve forum discoverability and reduce customer efforts. This forum will be locked down at the end of Oct. For continued information about Forefront Client Security Malware Technology and Response, please post to Forefront Client Security General forum at: http://social.technet.microsoft.com/Forums/en-US/Forefrontclientgeneral/threads. On Oct 25<sup>th</sup>, forum engineers will move any new threads to the Forefront Client Security General forum.

     

    Please post a reply to this announcement if you have any feedback on this decision or the process. Thank you for your understanding.


    Nick Gu - MSFT
    • Marked as answer by Miles Zhang Monday, October 18, 2010 5:56 AM
    Friday, October 15, 2010 7:38 AM

All replies

  • any input on this?
    Kenneth Rodulfo MCP, , MCSA, MCSE, MCTS - Forefront, MCTS - Windows 7 Cisco Certified Network Professional
    Wednesday, October 13, 2010 2:05 PM
  • Hi,

     

    Thank you for the post.

     

    ”I understand that FFCS allows you to choose from using X amount of anti-virus engines to protect end-user machines”- No, Forefront Client only has one engine, the Microsoft malware engine. 

     

    According the description, you may confused FCS with Forefront Server Security solutions (Exchange, SharePoint, OCS) which includes Microsoft, Kaspersky, Authentium, Virus Buster, and Norman. 

     

    Regards,

    ========

    After receiving a lot of feedbacks from the community, it was decided to conduct the Forefront Products and Technologies Forums consolidation to improve forum discoverability and reduce customer efforts. This forum will be locked down at the end of Oct. For continued information about Forefront Client Security Malware Technology and Response, please post to Forefront Client Security General forum at: http://social.technet.microsoft.com/Forums/en-US/Forefrontclientgeneral/threads. On Oct 25<sup>th</sup>, forum engineers will move any new threads to the Forefront Client Security General forum.

     

    Please post a reply to this announcement if you have any feedback on this decision or the process. Thank you for your understanding.


    Nick Gu - MSFT
    • Marked as answer by Miles Zhang Monday, October 18, 2010 5:56 AM
    Friday, October 15, 2010 7:38 AM