Analysts at the Microsoft Malware Protection Center ( MMPC ) apply objective criteria to software to determine if it should be classified as malicious or potentially unwanted. When software is classified as malicious or potentially unwanted, Microsoft adds it to a definition library used by Client Security...

The final installment in our series on registry keys for FCS is a big one – there are a lot of registry keys that can be used to control the behavior of the FCS real-time protection agent. The following tables describe the keys (these are in addition to the ones described here and here , in...

Continuing in the registry key series, let’s talk about DisableEmailScanning . By default, the antimalware engine included with FCS will not scan email archives (email archives are file-based containers that contain email messages). FCS is an enterprise-level product – and in an enterprise...

Trust me, one of these days you will need to exclude a process from being scanned by FCS. Or maybe you already crossed that bridge. You added a process exclusion using the GUI, it worked like a charm. As you need to have this exclusion set on all your systems, you opened the FCS console and edited...

Since the August 2009 antimalware engine update we support wildcards in path exclusions for on-demand scans (quick/full/custom scan). It is important to note that Wildcards in path exclusions will not work for Real Time Protection and will be ignored (this does not apply to extension exclusions)....

Next up in our registry key series: setting definition update keys via policy. On the FCS TechNet library, the following registry key is described: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0 Description Registry Key New value when...

Next up in our registry key series: enabling definition updates upon service start. By default (out of box), the FCS client will check for definition updates: Before starting a scan At the configured interval Manually However, there is a registry key available that you can use to...

Next in our series: how to enable scanning of reparse points , also known as junctions , or mount points . (For more information about what exactly reparse points, junctions and mount points are , see http://msdn.microsoft.com/en-us/library/aa365006(VS.85).aspx and http://msdn.microsoft.com/en...

In response to a recent question via this blog, I’d like to explain a setting for antimalware scanning in Forefront Client Security that you can configure via a registry key. FCS scans removable drives at certain times. When you insert a removable drive, the boot sector of that drive is scanned...

We’re tracking an issue where the latest FCS antimalware client update won’t install on Windows 2000 when the installation is run as Local System (i.e. Automatic Updates installing at 3am). When this issue occurs, the update uninstalls the previous version of the antimalware client, and then tries...

After installing the most recent antimalware update ( KB971026 ), some Client Security customers have reported that their managed Windows XP SP2 and SP3 clients take longer to logon after a reboot. Our support and sustained engineering teams have researched this issue and wanted to provide additional...

Did you know that Microsoft has an open source hosting website? Codeplex ( www.codeplex.com ) is a Microsoft website that hosts customer-driven projects, and allows customer collaboration on these projects. The cool thing about Codeplex is that it allows YOU, our customers, to share your FCS solutions...

Using WSUS is likely the easiest and most popular way to deploy the FCS client to computers. As described in the deployment guide , after deploying FCS policy and approving the package Client Update for Microsoft Forefront Client Security (1.0.1703.0) on your WSUS 2.0 or 3.0 server, the FCS client is...