Today we published another Security State Assessment (SSA) definition update on Microsoft Update!
Included in this release is a new check that will provide visibility into end-user configuration of the Windows Firewall. When used with Group Policy, this new functionality aids in firewall management.
The Windows Firewall check reports on:
· Firewall status (on/off)
· User-defined exceptions
· Applicability to each network interface
Determining firewall status:
· If Windows Firewall is disabled on any network interface, the score is “High”
· If Windows Firewall is configured by Group Policy, the score is “Informational
Visibility into firewall exceptions:
· Enumerates each port and application exception
· Any exception not configured via Group Policy, the score is “Medium”
· If configured by Group Policy, the score is “Informational”
Another update included in this release is a change to the Unapproved Updates check. In an earlier version, this check enumerated any updates that were available but not yet approved, to provide a complete view on overall vulnerability state. Based on customer feedback, we updated the check to report only on unapproved security updates with a Critical severity.
Please give your SSA summary report a look, and find out more about what these new checks are discovering in your organization!
Program Manager, Forefront Client Security
While you’ve always had the ability to use MOM 2005 to monitor things like IIS and SQL for your Client Security servers, this management pack gives you the additional ability to monitor some key FCS services:
I should clarify; the management pack is installed in your MOM 2005 environment to extend existing MOM functionality, not on your FCS servers.
Of course, loading the management pack doesn’t impact how you’ll be monitoring your client computers. In other words, you won’t need to redeploy your implementation in order to add this additional monitoring functionality. You’ll continue to use the Client Security consoles you’re familiar with for your client monitoring. The Health Management pack is just for monitoring your FCS servers, not client computers. And just for environments that choose to implement a MOM 2005 monitoring solution. (notice, it’s a MOM 2005 management pack, not a SCOM management pack, just in case you were wondering “Hey, will this work with SCOM?”)
The FCS management pack is ready for download at this location: http://www.microsoft.com/downloads/details.aspx?FamilyID=0672b4ca-c6dc-4093-bae6-30eb1560a429&DisplayLang=en
Exciting news! Forefront Client Security is a finalist for Info Security's 2008 Global Excellence in Anti-Malware Solution! The Forefront family of products made finalist in four categories - two more than a certain other big security company.
You can read more about the Forefront Info Security 2008 Global Excellence finalists here.
Using WSUS is likely the easiest and most popular way to deploy the FCS client to computers. As described in the deployment guide, after deploying FCS policy and approving the package Client Update for Microsoft Forefront Client Security (1.0.1703.0) on your WSUS 2.0 or 3.0 server, the FCS client is downloaded and installed on the machine according to your company’s Windows Update policy.
The FCS package has the ability to detect the language of the machine contacting the WSUS server and install the same FCS language; for example if you have a French Vista machine you will receive French FCS, or a Japanese Windows Server 2003 server you will receive Japanese FCS. This works great for the languages that FCS was localized to, but what about the other Windows languages?
The FCS team received great feedback from its customers using non-FCS localized Windows languages who also wanted to take advantage of the easy deployment through WSUS. In response to that feedback, the FCS team has made changes to the FCS client WSUS installation package to support installing English FCS on those machines running a non-FCS localized Windows language (for example Swedish, Russian, or Finnish). The exceptions to this are Arabic and Hebrew; the package will not be offered to those because of known issues with the FCS client on those bi-directional languages.
Support for WSUS FCS client deployment for these additional languages should be a great benefit for customers in many parts of the world. Additional technical documentation on the update will be provided in future TechNet documentation or a knowledge base article, and will include:
· WSUS deployment still requires that FCS policy is already deployed
· For non-FCS localized Windows languages, the new installation package does not automatically install the required KB914882 update on x86 Windows XP SP2. Therefore, prior to WSUS deployment you must deploy the correct OS language version of update (found in the \client directory of the FCS CD media) to XP machines. No additional work is required for other operating systems.
The original client installation package was changed to include detection for these additional languages. During this process, a new update package was released and the old package was expired. For this reason, you may notice on your WSUS server that the previous update package is either no longer shown or shows as expired (depending on your view). You may also see the current package is shown as “Not Approved”. This is because the Forefront Client Security distribution server role creates an auto-approval rule for the Definition Updates WSUS classification; however the client installation package has a classification of Updates. Therefore, when the new package is downloaded it will not be automatically approved unless your WSUS administrator has created an auto-approval rule for Updates as well. This should not affect FCS definition updates and can be easily returned to its previous state by manually approving the new package Client Update for Microsoft Forefront Client Security (1.0.1703.0) on your WSUS 2.0 or 3.0 server (dated Wednesday, October 03, 2007).
Best of luck and happy deployments.
Craig WiandMicrosoft Forefront Client Security Support