Archive

Archive for the ‘Anti-Spam’ Category

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 Comments off

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 No comments

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 No comments

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 No comments

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 for FOREFRONT PROTECTION FOR EXCHANGE

November 29th, 2010 No comments

On behalf of the Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Protection 2010 for Exchange.

 

On November 30th Microsoft shipped Hotfix Rollup 2 for Forefront Protection 2010 for Exchange to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: .http://support.microsoft.com/kb/2420647.

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
CSS Microsoft Security

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 for FOREFRONT PROTECTION FOR EXCHANGE

November 29th, 2010 Comments off

On behalf of the Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Protection 2010 for Exchange.

 

On November 30th Microsoft shipped Hotfix Rollup 2 for Forefront Protection 2010 for Exchange to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: .http://support.microsoft.com/kb/2420647.

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
CSS Microsoft Security

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 for FOREFRONT PROTECTION FOR EXCHANGE

November 29th, 2010 No comments

On behalf of the Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Protection 2010 for Exchange.

 

On November 30th Microsoft shipped Hotfix Rollup 2 for Forefront Protection 2010 for Exchange to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: .http://support.microsoft.com/kb/2420647.

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
CSS Microsoft Security

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 for FOREFRONT PROTECTION FOR EXCHANGE

November 29th, 2010 No comments

On behalf of the Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Protection 2010 for Exchange.

 

On November 30th Microsoft shipped Hotfix Rollup 2 for Forefront Protection 2010 for Exchange to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: .http://support.microsoft.com/kb/2420647.

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
CSS Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 Comments off

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Forefront Server Protection RSS feeds are now available!

September 23rd, 2010 No comments

Hello,

 

I’d like to take a moment and encourage each of you to check out Microsoft’s latest efforts to save you support costs and time.

 

Introducing Forefront Server RSS feeds:   Forefront Server RSS Feeds

 

By subscribing to our Forefront Server RSS feed, you allow Microsoft to give you the answers without having to ask the questions. Our goal is to provide insight into the top Forefront Server solutions as early as possible while saving you the time, resources, and effort of opening a support case. Our Solution Center list page ( Solution Centers ) provides an RSS icon in the upper right hand corner of your browser that points to the feed subscription page as well.

 

Empower yourself! Subscribe, ask questions, and provide feedback!

 

 

And remember, the bad guys never sleep and are busy developing new ways to wreak havoc on your network. Forefront developers work tirelessly to give you the latest means to defend against these attacks. Make sure you are incorporating these shields into your environment with the latest updates for Forefront Server products: Forefront Server Product Updates.

 

 

Rob McCarthy

Sr. Support Engineer
CSS Security

Forefront Server Protection RSS feeds are now available!

September 23rd, 2010 No comments

Hello,

 

I’d like to take a moment and encourage each of you to check out Microsoft’s latest efforts to save you support costs and time.

 

Introducing Forefront Server RSS feeds:   Forefront Server RSS Feeds

 

By subscribing to our Forefront Server RSS feed, you allow Microsoft to give you the answers without having to ask the questions. Our goal is to provide insight into the top Forefront Server solutions as early as possible while saving you the time, resources, and effort of opening a support case. Our Solution Center list page ( Solution Centers ) provides an RSS icon in the upper right hand corner of your browser that points to the feed subscription page as well.

 

Empower yourself! Subscribe, ask questions, and provide feedback!

 

 

And remember, the bad guys never sleep and are busy developing new ways to wreak havoc on your network. Forefront developers work tirelessly to give you the latest means to defend against these attacks. Make sure you are incorporating these shields into your environment with the latest updates for Forefront Server products: Forefront Server Product Updates.

 

 

Rob McCarthy

Sr. Support Engineer
CSS Security

Forefront Server Protection RSS feeds are now available!

September 23rd, 2010 Comments off

Hello,

 

I’d like to take a moment and encourage each of you to check out Microsoft’s latest efforts to save you support costs and time.

 

Introducing Forefront Server RSS feeds:   Forefront Server RSS Feeds

 

By subscribing to our Forefront Server RSS feed, you allow Microsoft to give you the answers without having to ask the questions. Our goal is to provide insight into the top Forefront Server solutions as early as possible while saving you the time, resources, and effort of opening a support case. Our Solution Center list page ( Solution Centers ) provides an RSS icon in the upper right hand corner of your browser that points to the feed subscription page as well.

 

Empower yourself! Subscribe, ask questions, and provide feedback!

 

 

And remember, the bad guys never sleep and are busy developing new ways to wreak havoc on your network. Forefront developers work tirelessly to give you the latest means to defend against these attacks. Make sure you are incorporating these shields into your environment with the latest updates for Forefront Server products: Forefront Server Product Updates.

 

 

Rob McCarthy

Sr. Support Engineer
CSS Security

Forefront Server Protection RSS feeds are now available!

September 23rd, 2010 No comments

Hello,

 

I’d like to take a moment and encourage each of you to check out Microsoft’s latest efforts to save you support costs and time.

 

Introducing Forefront Server RSS feeds:   Forefront Server RSS Feeds

 

By subscribing to our Forefront Server RSS feed, you allow Microsoft to give you the answers without having to ask the questions. Our goal is to provide insight into the top Forefront Server solutions as early as possible while saving you the time, resources, and effort of opening a support case. Our Solution Center list page ( Solution Centers ) provides an RSS icon in the upper right hand corner of your browser that points to the feed subscription page as well.

 

Empower yourself! Subscribe, ask questions, and provide feedback!

 

 

And remember, the bad guys never sleep and are busy developing new ways to wreak havoc on your network. Forefront developers work tirelessly to give you the latest means to defend against these attacks. Make sure you are incorporating these shields into your environment with the latest updates for Forefront Server products: Forefront Server Product Updates.

 

 

Rob McCarthy

Sr. Support Engineer
CSS Security

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 No comments

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 No comments

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 No comments

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 Comments off

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX