locked
FCS console on Client Blue Circle RRS feed

  • Question

  •  

    Hi,

    I'm currently running a pilot for FCS, and have the latest FCS engine and malware definitions. My clients are XP sp2 and Windows 2003 R2 sp2 (x86 and x64)

     

    I am allowing users to see the FCS console on their PC's. Every now and again the FCS icon in the system tray goes Blue with a question mark, and they contact after opening the console and seeing that it says "Review Items that have not been classified yet". They click on the review link and it lists the application e.g. Internet Explorer Home page (with the path listed in the description) and they can use the default Action of Permit or they could select Deny.

    Half the time they do not know what to select, so they ask me, and I normally tell them to use the default action and click Apply actions (which puts it into a white list).

    Could I manage these white lists from the FCS Management console? There does not seem to be an option there apart from the Overrides tab, but you can not add custom applications in here such as permitting the path to the IE Home page or the other one I have seen on the actual Management Server is

    C:\A286B00A-C3DE-414F-A96A-2BD238948D88\MsMgmtAuxiliary.exe

    What is the best way to manage these pups? I would like to manage them in advance.

     

    The other option seems to be Only allow administrators access to the console on the client (which is a shame since I would like users to be able to open it). Then FCS then seems to perform the default action itself, could someone confirm that this is the case, (however, MsmgmtAuxillary.exe still appears on the Management Server even with only allowing administrators access to the console). So in the example above if the default action is permit, then FCS would allow the Home page to be accessed and the icon in the system tray goes green with a tick. As soon as I change the options again to allow users to access the console the icon goes blue again and the PUPs are all listed asking for some action by the user.

    If I did just give administrators acess to the console and then a few months later decided to give users access to the console, would the user then have a whole list of PUPs to action or is there a time limit that FCS deals with and automatically approves them?

     

     

    Wednesday, May 21, 2008 10:49 AM

All replies

  • Hi,

     

    You can add in an exclusion to a direct executable via the exclusions screen, centrally on the policy. I too hit the same issue you had, and this was the solution, so should do the job.

     

    You will need to have it in the central policy otherwise the clients will always keep prompting for the same things, which is annoying, even if you allow admin's access to the console, the policy is updated via GP so will always refresh.

     

    Hope that helps

     

    cheers

    Chris

     

    Monday, May 26, 2008 7:57 PM