Archive

Archive for the ‘Forefront Security for Exchange’ Category

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 Comments off

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Information about the new antivirus engine for Forefront and Antigen products

September 29th, 2010 No comments

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.  The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine. 

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.  In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

        Include the new antivirus engine

        Ensure that any engine that publishes update files in a subdirectory will update correctly

Customers must install the rollups by Jan. 31, 2011.

 

Krishnan Venkatasubramanian

Senior Program Manager, Forefront Server Protection

 

Information about the new antivirus engine for Forefront and Antigen products

September 29th, 2010 No comments

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.  The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine. 

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.  In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

        Include the new antivirus engine

        Ensure that any engine that publishes update files in a subdirectory will update correctly

Customers must install the rollups by Jan. 31, 2011.

 

Krishnan Venkatasubramanian

Senior Program Manager, Forefront Server Protection

 

Information about the new antivirus engine for Forefront and Antigen products

September 29th, 2010 No comments

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.  The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine. 

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.  In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

        Include the new antivirus engine

        Ensure that any engine that publishes update files in a subdirectory will update correctly

Customers must install the rollups by Jan. 31, 2011.

 

Krishnan Venkatasubramanian

Senior Program Manager, Forefront Server Protection

 

Information about the new antivirus engine for Forefront and Antigen products

September 29th, 2010 Comments off

Microsoft is upgrading the multi-engine protection in all Forefront server security products to support a newer version of the antivirus engine.  The newer version will provide customers with improved scanning times and reduced signature file size. The new engine replaces the older engine. 

This new engine publishes update files in a subdirectory – the first engine in the Forefront engine mix to do so.  In order to accommodate this new publishing model, Microsoft is releasing a series of roll-ups that will:

        Include the new antivirus engine

        Ensure that any engine that publishes update files in a subdirectory will update correctly

Customers must install the rollups by Jan. 31, 2011.

 

Krishnan Venkatasubramanian

Senior Program Manager, Forefront Server Protection

 

Problems downloading updates for the antivirus engine after installing FSSMC Hotfix Rollup 5 and FSE Service Pack 2 Rollup 2

September 15th, 2010 No comments

Some customers have reported problems downloading updates for the antivirus engine after installing the Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 and the Forefront Security for Exchange Server (FSE) Service Pack 2 Rollup 2.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

Michel LaFantano

BPSG iX

Problems downloading updates for the antivirus engine after installing FSSMC Hotfix Rollup 5 and FSE Service Pack 2 Rollup 2

September 15th, 2010 No comments

Some customers have reported problems downloading updates for the antivirus engine after installing the Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 and the Forefront Security for Exchange Server (FSE) Service Pack 2 Rollup 2.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

Michel LaFantano

BPSG iX

Problems downloading updates for the antivirus engine after installing FSSMC Hotfix Rollup 5 and FSE Service Pack 2 Rollup 2

September 15th, 2010 Comments off

Some customers have reported problems downloading updates for the antivirus engine after installing the Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 and the Forefront Security for Exchange Server (FSE) Service Pack 2 Rollup 2.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

Michel LaFantano

BPSG iX

Problems downloading updates for the antivirus engine after installing FSSMC Hotfix Rollup 5 and FSE Service Pack 2 Rollup 2

September 15th, 2010 No comments

Some customers have reported problems downloading updates for the antivirus engine after installing the Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 and the Forefront Security for Exchange Server (FSE) Service Pack 2 Rollup 2.

The basic symptom is that antivirus engine updates fail. If you are experiencing this problem, please refer to the Microsoft support KB article #2410444 for information on how to resolve the problem. The KB will guide you through steps that will enable FSE to use the previous version of the antivirus engine and updates until a permanent fix is created.

If you continue having problems after trying the measures in the KB article, you should contact CSS for additional help.

Michel LaFantano

BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 No comments

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 No comments

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 Comments off

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Information about the virus Worm:Win32/VB.WF

September 10th, 2010 No comments

Customers have been asking about how to best defend against the new e-mail virus Worm:Win32/VB.WF. This virus uses a link in the message body that looks like a link to a PDF file but is actually a link to a *.scr file. When you click the link, it begins sending e-mails using the GAL or contacts. (Information about the virus can be found on the Microsoft Malware Protection Center.)

If you are using the Cloudmark antispam engine in Forefront Protection 2010 for Exchange Server (FPE) or Antigen 9.2 AND your engine updates are up-to-date, your environment should be protected from this virus. If you are using Forefront Security for Exchange Server (FSE) or are not using the antispam features in FPE or Antigen, you can block these virus e-mails in several ways:

1.       During the Transport scan (Messages in Transport):

·      Subject line filtering on FPE (FSE doesn’t provide subject line filtering on the Transport Scan Job. This also assumes the messages do not contain an AV stamp.) The subject line of the e-mail is typically Here you have”. You should create a subject line filter to block/delete messages using this subject line.

·      Exchange Transport rules. You can use Exchange transport rules to block messages based on their subject line.

2.       During the Mailbox scan (Messages in transit at the Store level via the Realtime scan job as well as cleaning up what’s already in the Store via the Scheduled scan job.)

·         Use FPE and/or FSE Realtime and Scheduled Scan subject line filters.

·         Use the Exchange PowerShell command: Get-TransportServer | Get-Queue | get-message | where{$_.MessageSubject -eq “Here you have”} | remove-message

For more information about using subject line filtering to stop this worm, please refer to this TechNet wiki article:

http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-email-virus-defending-with-forefront-security-forefront-protection-antigen.aspx

Note: If you are using FPE, be sure to disable the “Scan only messages with attachments” option, which is enabled by default, so that it will actually scan and remove these e-mails as they do not contain attachments and will be overlooked if this option is not disabled.  You should also be aware of the “Scan only messages received in the last” configuration if you plan on running these scans this weekend.  By default, the Scheduled scan will only scan messages received within the past 2 days and may miss these messages depending on when you run or schedule the scan.

Michel LaFantano
BPSG iX

Hotfix Rollup 2 for Microsoft Forefront Security for Exchange Service Pack 2 is available

July 21st, 2010 Comments off

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 2 for Microsoft Forefront Security for Exchange Service Pack 2!

On July 20th, 2010 Microsoft shipped Hotfix Rollup 2 for Microsoft Forefront Security for Exchange Service Pack 2.

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:

·         Description of Hotfix Rollup 2 for Microsoft Forefront Security for Exchange Service Pack 2:  http://support.microsoft.com/kb/2270641

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security