Forefront Client Security FAQ

Leave a Comment
  • Please add 2 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Carsten Siemens edited Revision 57. Comment: Fixed misspelling and added tag: has comment

  • Richard Mueller edited Revision 56. Comment: Removed (en-US) from title, added tag

  • Guowen Su edited Revision 53. Comment: new vulnerabilities

  • Ed Price MSFT edited Revision 46. Comment: This is really a portal, so I added that. Also added some tags.

Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Does anyone know how to stop FCS from warning everytime a GPO Refresh rewrites my IE Home page and Search Page?  It seems odd that FCS warns about a standard GPO configuration.

    I tried to make an ADM file and apply it.  Didnt have any effect.

    My ADM Attempt is here:

    ----------------------------------------------------------------------------------------------------------------------------------

    CLASS MACHINE

    CATEGORY !!FCSCategory

                 POLICY !!AgentKeys_Name

                        KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection"

                        EXPLAIN !!AgentKeys_Explain

                        VALUENAME IEConfigurationAgent

                          VALUEON NUMERIC 0

                          VALUEOFF NUMERIC 1

                 END POLICY

    END CATEGORY

    [strings]

    FCSCategory="Microsoft Forefront Client Security"

    AgentKeys_Name="Configuring Real-time protection agent"

    AgentKeys_Explain="If enabled or set to true, the agent will watch/scan Internet Explorer configuration related resources."

    ----------------------------------------------------------------------------------------------------------------------------------

    Added it to computer policies / policies / Administrative Templates and set the value to disabled to turn off the screening for IE config.  Applied the GPO to my machine's OU and ran GPUpdate /force a few times.  Each time still fired off FCS Warnings

    Client Version:  1.5.1981.0

    Engine Version: 1.1.5703.0

    Antivirus definition: 1.81.258.0

    Antispyware definition: 1.81.258.0

    Alert Details:

    Summary:

    Internet Explorer Configurations change occurred.

    This agent monitors end user and security related configuration changes made to Internet Explorer, including the default home page.

    Detected changes:

    New: http://intranet

    Original: Not available

    iemain (New):

    HKCU@S-1-5-21-1875276754-736967864-1233803906-3097\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL

    Advice:

    Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

    Detected by:

    Definition file

    Checkpoint:

    Internet Explorer Home Page

    Category:

    Configuration Change

    And

    Summary:

    Internet Explorer Configurations change occurred.

    This agent monitors end user and security related configuration changes made to Internet Explorer, including the default home page.

    Detected changes:

    New: http://www.google.com

    Original: Not available

    iemain (New):

    HKCU@S-1-5-21-1875276754-736967864-1233803906-3097\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar

    Advice:

    Permit this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to deny this change.

    Detected by:

    Definition file

    Checkpoint:

    Internet Explorer Home Page

    Category:

    Configuration Change

  • Ed Price MSFT edited Revision 46. Comment: This is really a portal, so I added that. Also added some tags.

  • Thank you...

  • Guowen Su edited Revision 53. Comment: new vulnerabilities

  • GREAT ARTICLE!!

  • Richard Mueller edited Revision 56. Comment: Removed (en-US) from title, added tag

  • Carsten Siemens edited Revision 57. Comment: Fixed misspelling and added tag: has comment

Page 1 of 1 (7 items)