Carsten Siemens edited Revision 57. Comment: Fixed misspelling and added tag: has comment
Richard Mueller edited Revision 56. Comment: Removed (en-US) from title, added tag
Guowen Su edited Revision 53. Comment: new vulnerabilities
Ed Price MSFT edited Revision 46. Comment: This is really a portal, so I added that. Also added some tags.
Does anyone know how to stop FCS from warning everytime a GPO Refresh rewrites my IE Home page and Search Page? It seems odd that FCS warns about a standard GPO configuration.
I tried to make an ADM file and apply it. Didnt have any effect.
My ADM Attempt is here:
----------------------------------------------------------------------------------------------------------------------------------
CLASS MACHINE
CATEGORY !!FCSCategory
POLICY !!AgentKeys_Name
KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection"
EXPLAIN !!AgentKeys_Explain
VALUENAME IEConfigurationAgent
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY
[strings]
FCSCategory="Microsoft Forefront Client Security"
AgentKeys_Name="Configuring Real-time protection agent"
AgentKeys_Explain="If enabled or set to true, the agent will watch/scan Internet Explorer configuration related resources."
Added it to computer policies / policies / Administrative Templates and set the value to disabled to turn off the screening for IE config. Applied the GPO to my machine's OU and ran GPUpdate /force a few times. Each time still fired off FCS Warnings
Client Version: 1.5.1981.0
Engine Version: 1.1.5703.0
Antivirus definition: 1.81.258.0
Antispyware definition: 1.81.258.0
Alert Details:
Summary:
Internet Explorer Configurations change occurred.
This agent monitors end user and security related configuration changes made to Internet Explorer, including the default home page.
Detected changes:
New: http://intranet
Original: Not available
iemain (New):
HKCU@S-1-5-21-1875276754-736967864-1233803906-3097\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
Advice:
Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.
Detected by:
Definition file
Checkpoint:
Internet Explorer Home Page
Category:
Configuration Change
And
New: http://www.google.com
HKCU@S-1-5-21-1875276754-736967864-1233803906-3097\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
Thank you...
GREAT ARTICLE!!