Forefront Endpoint Protection Blog

All the latest news and information on Forefront Client Security, Forefront Endpoint Protection and System Center Endpoint Protection 2012

Microsoft SpyNet?

Microsoft SpyNet?

  • Comments 13
  • Likes

So have you ever wondered what the Microsoft SpyNet opt in page is really all about?

image

Microsoft SpyNet is a cloud service that allows the FEP or MSE client on your computer to report information about programs that exhibit suspicious behavior to the Microsoft Malware Protection Center (MMPC) researchers. When this information is reported, definitions for previously unknown threats can be created and distributed, minimizing the time that a new threat is spreading in the wild before protection is available. (Note: older clients, like FCS and Windows Defender, also participate in SpyNet, but to get the full benefits of SpyNet, which includes Dynamic Signature Service, you should move to FEP or MSE.)

Additionally, when your FEP or MSE client reports new malware to the Microsoft SpyNet cloud service, the Dynamic Signature Service can recognize when a definition is available but not yet released, and deliver that definition for that specific threat in real-time from the cloud. Upon delivery of the dynamic signature, the threat will be detected and can be removed from the system

Hey – here’s a thought. Take 3 minutes and watch this – Microsoft SpyNet and the Dynamic Signature Service in action:

Click here to play this video

Comments
  • This is awesome.

    Microsoft has not done a good job of communicating the specific benefits of this feature. First time I knew this.

  • Great post!  Can you provide some more detail about the difference between Basic and Advanced membership?

  • Thanks folks!

    Adam: Great idea for another blog post. Stay tuned!

  • Thanks for a great post, I was aware of how it worked at a basic level but had no idea it did so much so quickly - does it work the same way if I am using WSUS to push out definition updates? I have Advanced SpyNet configured.

  • Hi Eric!

    Thanks! There is no difference in how SpyNet works based on your Defintion Update configuration.

    Thanks!

  • Quick question: We initally deploied FEP to systems and had the SpyNet feature disabled.  A few weeks ago our main FEP policy was modified to enable the basic membership.  Existing and newly deploied clients are still showing that SpyNet is off.  Is this normal?

  • spy net is awsome

  • Hi LM,

    This sounds like perhaps policies are not updating at the clients. You should contact support to help troubleshoot this...

    support.microsoft.com/.../default.aspx

    Thanks!

  • MSE and FEP does offer the option to opt out of joining SpyNet. But the Microsoft Security Essentials 2010 Privacy Statement states that to continue using Microsoft Security Essentials, you will need to remain a member of this online community.

    Could you clarify this apparent contradiction?

  • Hi there,

    The privacy statement is in the process of being revised - you can continue to use MSE while opted out of SpyNet.

    Hope this helps!

  • Thanks for the quick response Kim. My post www.thewindowsclub.com/what-is-microsoft-spynet has been updated with your comments :)

  • Can you opt out from the begining, then OPT in later?

  • Thanks for the question!

    Absolutely - either from the FEP policy in the Config Mgr console, or directly from the FEP client.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment