The Official Microsoft Forefront Endpoint Protection Team Blog

Your official source for all the latest news and tech tips for System Center Endpoint Protection.

Browse by Tags

Related Posts
  • Blog Post: Scanning email archives

    Continuing in the registry key series, let’s talk about DisableEmailScanning . By default, the antimalware engine included with FCS will not scan email archives (email archives are file-based containers that contain email messages). FCS is an enterprise-level product – and in an enterprise...
  • Blog Post: FCS v1 March 2011 update

    Update 10 March 2011 We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it. Symptom: ...
  • Blog Post: Setting a process exclusion in your network

    Trust me, one of these days you will need to exclude a process from being scanned by FCS. Or maybe you already crossed that bridge. You added a process exclusion using the GUI, it worked like a charm. As you need to have this exclusion set on all your systems, you opened the FCS console and edited...
  • Blog Post: Scanning reparse points

    Next in our series: how to enable scanning of reparse points , also known as junctions , or mount points . (For more information about what exactly reparse points, junctions and mount points are , see http://msdn.microsoft.com/en-us/library/aa365006(VS.85).aspx and http://msdn.microsoft.com/en...
  • Blog Post: Forefront Client Security Offline Asset Removal Tool available

    Our support folks have created a tool that enables you to remove permanently offline computers from your FCS database. Client computers go offline for many reasons, including decommission, re-tasking, and re-imaging. After a day, these computers are shown in the "Not Reporting" section of the...
  • Blog Post: Checking for definition updates when starting

    Next up in our registry key series: enabling definition updates upon service start. By default (out of box), the FCS client will check for definition updates: Before starting a scan At the configured interval Manually However, there is a registry key available that you can use to...
  • Blog Post: Microsoft SpyNet?

    So have you ever wondered what the Microsoft SpyNet opt in page is really all about? Microsoft SpyNet is a cloud service that allows the FEP or MSE client on your computer to report information about programs that exhibit suspicious behavior to the Microsoft Malware Protection Center (MMPC) researchers...
  • Blog Post: Setting the Collection server during WSUS deployment

    Last month in the Client Security blog the Forefront Client Security team announced the availability of a revised installation package, which is available via WSUS. More information about the new installation package is found in Microsoft Knowledge Base article 976669 . In that article I wrote a section...
  • Blog Post: Wildcards in path exclusions: FCS

    Since the August 2009 antimalware engine update we support wildcards in path exclusions for on-demand scans (quick/full/custom scan). It is important to note that Wildcards in path exclusions will not work for Real Time Protection and will be ignored (this does not apply to extension exclusions)....
  • Blog Post: FCS - Upcoming solution for installation issues with March 2011 Update

    We have been working hard on a solution for customers that encountered issues with our update in March. I wanted to let you know what we are planning to address this. We are authoring a package that is specifically designed to find systems that have a failed upgrade to our March update. To do this...
  • Blog Post: Logparsing FCS to find files that were infected

    Happy New Year! Kurt Falde, one of our CSS Support Engineers, posted a great blog post about how to parse FCS logs to discover the names of the infected files. The post can be found on Kurt's blog, Stuff n Things (http://blogs.technet.com/kfalde/archive/2009/12/22/logparsing-fcs-to-find-files-that...
  • Blog Post: Keeping FCS up to date

    FCS antimalware updates are classified in WSUS as critical updates. Therefore, if you want to automatically approve these updates you must create a rule for the Forefront Client Security product and the Critical Updates category in WSUS. There are two items to note: Antimalware client updates (not definition...
  • Blog Post: Have FCS? Moving to FEP?

    Hey folks! I wanted to let you know that we have guidance for migrating from FCS v1 to FEP 2010 here ( http://technet.microsoft.com/en-us/library/gg477033.aspx ). The process involves the following high level steps: Document the policy settings you want to preserve from FCS to FEP. There is no policy...
  • Blog Post: Event ID 81 and FCS

    Are you occasionally seeing this in the Application log in Event Viewer on your FCS server? Event ID: 81 The execution of the following DTS Package failed: Error Source: Microsoft Data Transformation Services (DTS) Package Error Description: Execution was canceled by user The Problem: This event can...
  • Blog Post: Ever wonder what's in a definition update?

    And what the various files in the update do ? And what the different types of udpates are? If you're reading this, I bet you have. And our friends over on the CSS team have authored a KB article (977939) that answers all those questions. You can find the article here: http://support.microsoft.com...
  • Blog Post: Support Clarification

    As Windows 2000 nears the end of it’s support cycle, we wanted to make sure you had the most up to date info on running FCS on computers running Windows 2000: Customers using Forefront Client Security (FCS) who are unable to migrate to OS versions beyond Windows 2000 before July 13, 2010 will...
  • Blog Post: Setting definition update keys via policy

    Next up in our registry key series: setting definition update keys via policy. On the FCS TechNet library, the following registry key is described: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0 Description Registry Key New value when...
  • Blog Post: FEP, MSE and FCS - and Windows 7 SP1

    Hello folks! Did you know that Windows 7 SP1 is available for download ? Windows 7 SP1 brings some great features to the platform, and everyone's pretty excited about it. We want to make absolutely clear that Windows 7 SP1 is supported by the following endpoint security products: FCS with...
  • Blog Post: Scanning removable drives

    In response to a recent question via this blog, I’d like to explain a setting for antimalware scanning in Forefront Client Security that you can configure via a registry key. FCS scans removable drives at certain times. When you insert a removable drive, the boot sector of that drive is scanned...
  • Blog Post: QFE9 KB2394433 introduces RTP error 0x8007007f on Windows 2000

    There is an issue with the changes made in QFE9 (KB2394433) that prevents the Antimalware minifilter mpfilter.sys from loading properly on Windows 2000. This causes a failure to provide On Access Real-Time Protection. If you do not have any Windows 2000 computers in your organization, this issue does...
  • Blog Post: FCS Path based exclusions do not apply to mount points

    Hi, If you’ve configured path based exclusions in FCS 1.0, you may notice that mount points in the path tree are still scanned. This happens because the mount point resides on a different volume than the parent folder. When a file is accessed on the mount point, FCS receives a device path that...
  • Blog Post: New updates coming!

    Greetings blog readers! I’m happy to announce that we will release a new antimalware engine update for FCS. Full information on the updates included with the release will be published in a KB article once the update is released. The KB article is Microsoft Knowledge Base article 979536 ( http://support...
  • Blog Post: FCS v1 Update

    Hello all, A short note, but on October 12 th , we released an update to FCSv1. This update contains: This update is supported on Windows 7 SP1 RC or greater. Windows 7 Service Pack 1 will check for the presence of this update or a superseding update before installing. This update contains...
  • Blog Post: Can’t find it? Write it!

    Hey Folks, I wanted to point out a new resource available to you to find information, and, if you can’t find it, write it! The TechNet Wiki is open for business. Contribute boldly. Edit gently. It is the TechNet Wiki way. Enjoy!
  • Blog Post: FCS: 64-Bit Clients do not report the antimalware version in the Computer Details report in the Forefront Client Security management console

    An issue has been identified in Forefront Client Security (FCS) where when viewing the computer details report from the Forefront Client Security management console, the antimalware client version on 64-bit clients is not reported accurately. This is because of an error in the way the Operations Manger...