So have you ever wondered what the Microsoft SpyNet opt in page is really all about?
Microsoft SpyNet is a cloud service that allows the FEP or MSE client on your computer to report information about programs that exhibit suspicious behavior to the Microsoft Malware Protection Center (MMPC) researchers. When this information is reported, definitions for previously unknown threats can be created and distributed, minimizing the time that a new threat is spreading in the wild before protection is available. (Note: older clients, like FCS and Windows Defender, also participate in SpyNet, but to get the full benefits of SpyNet, which includes Dynamic Signature Service, you should move to FEP or MSE.)
Additionally, when your FEP or MSE client reports new malware to the Microsoft SpyNet cloud service, the Dynamic Signature Service can recognize when a definition is available but not yet released, and deliver that definition for that specific threat in real-time from the cloud. Upon delivery of the dynamic signature, the threat will be detected and can be removed from the system
Hey – here’s a thought. Take 3 minutes and watch this – Microsoft SpyNet and the Dynamic Signature Service in action:
From Ariel Katz, Director of Program Management:
I am pleased to announce that Forefront Endpoint Protection 2010 Beta is publicly available for everyone to download.
FEP, the next generation release of Forefront Client Security, will simplify and improve endpoint protection while greatly reducing infrastructure costs. It builds on System Center Configuration Manager 2007 R2, enabling you to use the existing client management infrastructure to deploy and manage endpoint protection. This shared infrastructure lowers ownership costs while providing improved visibility and control over endpoint management and security.
Key new features that you will be able to evaluate in this beta release are:
Integration with Configuration Manager - Single interface for managing and securing endpoints reduces complexity and improves troubleshooting and reporting insights.
New Antivirus Engine - Highly accurate and efficient threat detection protects against the latest malware and rootkits with low false positive rate.
New behavioral threat detection - Protection against “unknown” or “zero day” threats provided through behavior monitoring, emulation, and dynamic translation.
Dynamic Cloud Updates: On-demand signature updates from the cloud for suspicious files and previously unknown malware
Windows Firewall management - Ensures Windows Firewall is active and working properly on all endpoints, and allows administrators to more easily manage firewall protections across the enterprise.
The download is available now on our download center (http://www.microsoft.com/downloads/details.aspx?FamilyID=8b46c3ff-d9a0-4741-8ba5-458c1b3d2257) and I invite you to install and test in your environment today. We look forward to hearing what you think.
Ariel Katz, Director of Program Management
Greetings blog readers!
I’m happy to announce that we will release a new antimalware engine update for FCS. Full information on the updates included with the release will be published in a KB article once the update is released. The KB article is Microsoft Knowledge Base article 979536 (http://support.microsoft.com/kb/979536).
Currently, we are slated to release the update (and the KB) on 13 April 2010 – if there is a change in this schedule, this blog post will be updated.
The items included in the update are summarized below:
This update also replaces some earlier fixes and updates – the full list is in the KB article.
The update is available via Microsoft Update and WSUS. The KB article also includes instructions for downloading it separately for distribution via some other method.
Just a heads up that the way in which the FCS definition updates are packaged is being revised. We wanted to announce that the antimalware definitions team has released a set of improvements that will drastically reduce both the size of the definition downloads for:
and the network utilization during those transfers.
We will be releasing an update to Microsoft Knowledge Base article 977939 in the near future that details the specifics with regards to the change, but we wanted to make you are aware that this is already in place and working properly.
The short description is that we are no longer downloading the full base set of definitions and engine with each download to WSUS. Instead, there is a monthly base package that is downloaded and then deltas that revolve around that monthly base are downloaded by the WSUS server for each definition release. The result of this is that instead of seeing hundreds of megabytes per day downloaded by WSUS, the downloads should instead be in the low tens of megabytes. For those with WSUS servers on slower WAN links or for those with restricted bandwidth on internet connections, this is much needed relief in regards to our definition distribution mechanism.
Kurt Falde, Microsoft Forefront Support Escalation Engineer
Today we are pleased to announce the availability of Forefront Client Security Service Pack 1 (SP1).
FCS SP1 adds support for:
Agent protection on Windows Server 2008 – both Server and Core.
Server role support on Windows Server 2008 (server only) for FCS server components.
FCS Enterprise Manager on Windows Server 2008 (server only).
To obtain FCS SP1, first install FCS. After successfully installing FCS, you will be offered SP1 via Microsoft Update. For more information, read the FCS SP1 Release Notes (http://go.microsoft.com/fwlink/?LinkID=126287) or see Microsoft Knowledge Base article 951951 (http://support.microsoft.com/default.aspx/kb/951951)