Archive

Archive for the ‘Forefront’ Category

NIS & Anti-Malware Info is not updated as expected in Update Center

April 12th, 2012 No comments

Today I would like to describe an easy way to solve a small visualization mismatch related to the Update Center of TMG 2010.

If you are a Forefront Threat Management Gateway administrator in a country where English regional settings are not used, it could be possible that, when entering the TMG Update Center section, you’re going to find something like this:

clip_image002

NIS and Malware Inspection are two powerful mechanisms which allow Forefront TMG 2010 to provide full protection against potential network attacks and malicious content.

In case you’re experiencing the above info reported, in particular, there are two possibilities:

1. The checking for and download of up-to-date NIS & Malware versions have really failed.

2. The reported info in the Update center is not up-to-date.

In the first case, the following article could be very useful to troubleshoot signature update failures:

http://technet.microsoft.com/en-us/library/ff358608.aspx

In particular, check in the Update Center Properties form if the server is correctly configured to get the updates from the Microsoft Update servers and/or an internal WSUS server:

clip_image004

When you have excluded any kind of connectivity issue, you’re pretty sure that the new definitions have been correctly downloaded and installed, but you can’t figure out why the info reported in the Update Center section are not correct, you’re probably in the kind of situation which can be solved with the hints described in this article.

The pictures below represent two examples of abstracts of the ISA_UpdateAgent.log file (in the %Windir%\Temp folder) in which the installation of NIS and anti-Malware new signatures has been performed correctly:

clip_image006

clip_image008

You can use the above log file in order to check the NIS/Malware signatures’ last installations status.

The TMG Management console reads the status of the “Last Update Status” and “Last updated” fields, for both NIS and Malware Inspection, from the information contained under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates registry key on each TMG node.

Note: this key actually contains two sub-keys: one for Malware inspection, another one for NIS.

The date and time format used here are related to the regional settings defined for the system accounts of the TMG node. This is because the TMG service, which is responsible for writing this information in the registry, runs under a local system account.

The issue described here where a “Never” status appears for “Last Update status” and “Last Updated”, might occur when the regional settings of the user account executing the MMC are different than the regional settings defined for the system accounts of the TMG node.

For instance, the problem will appear if the Format setting of the system accounts on the TMG nodes is Italian, while the Format setting of the user account executing the MMC is English (United States) – as in the example below:

clip_image009

clip_image010

To solve this, you should make sure that there is a match between the Format setting of the user executing the MMC and the Format setting of the system accounts defined on the TMG nodes. In our example above, this could be solved, for instance, by changing the Format setting of both the user account executing the TMG MMC and of the system accountWelcome screen– to English (United States).

In order to do that, follow this procedure:

Open the “Region & Language” settings panel from the server’s Control Panel and select English (United States) in the Format box:

clip_image012

Click APPLY and go in the “Administrative” section:

clip_image013

Click on “COPY SETTINGS

In the following form, check the “Welcome screen and system accounts” check-box and click OK.

clip_image015

If needed, the above procedure can be implemented considering Italian language – or any other – instead of English, just be sure to apply this to both current user’s and system accounts.

Now reboot the server.

After this procedure, the format of the registry key which is read by the TMG Update Center can be well interpreted.

Coming back to the Update Center, check for new definitions and install them:

clip_image016

clip_image017

The final result should be a correct status, reported in the two columns:

clip_image019

In case you’re running an Array of TMG nodes, and you use the local TMG MMC on EMS machine, you’ll have to change the current user regional settings (Format) of the EMS machine so that they match the system accounts regional settings (Format) of the TMG array members.

In some cases, it’s possible that the registry key values related to the NIS update status still fail to converge. This could be due to a persistent “wrong” value set in the above mentioned registry keys.

It’s quite easy to manually solve this problem:

From Regedit, open the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates\{464716F5-0BAB-494a-A51A-30400DDF127F}

clip_image021

If the UpdateStatus value is set to “b” (in HEX format) this means an un-correct status.

You should now change this UpdateStatus value to “7” and insert in the UpdateTime word a valid value (for example the same value of the CheckTime field).

Now the info in the Update Center should be perfectly reported as “Up-to-date”.

Perform a new check for updated definitions and install them, if needed.

This is for sure not a big problem, and it doesn’t impact the functional level of the NIS & Malware mechanisms, but for sure it’s always beautiful to see a green “Up-to-date” comment in our Update Center 🙂

Hope you enjoyed it and found it useful!

Let’s see you back with the next topic !!

Ciao,

Daniele Gaiulli – MS Support Engineer

Reviewer: Eric Detoc – Senior Escalation Engineer

Forefront TMG Service Pack 2 Now Available

October 12th, 2011 No comments

We are happy to announce the availability of Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). The service pack is available for download from the Microsoft Download Center.

Here are some of the improvements we are introducing in Forefront TMG SP2:

  • Site activity report – Forefront TMG SP2 includes a new site activity report that enables you to generate a report showing the data transfer between users and specific websites. This report displays the amount of data transferred to and from different websites, for any
    period that you specify, per user. In addition, you can also display the total data transfer to and from a specific website, per user. 
  • Improved error pages – Forefront TMG SP2 improves the look and feel of web browser error pages and makes it easier to customize the pages.
  • Kerberos authentication for NLB arrays – Forefront TMG SP2 enables you to allow users to authenticate to a Forefront TMG array with Network Load Balancing (NLB) enabled using the Kerberos version 5 protocol.

Visit our TechNet Library for more information.

– The Forefront TMG Team

Categories: Forefront, Forefront TMG, SP2, update Tags:

FCS – Upcoming solution for installation issues with March 2011 Update

March 31st, 2011 Comments off

We have been working hard on a solution for customers that encountered issues with our update in March. I wanted to let you know what we are planning to address this.

We are authoring a package that is specifically designed to find systems that have a failed upgrade to our March update. To do this, we will be pushing a package from Microsoft Update that looks for several specific conditions:

  1. The SSA package from Forefront Client Security to be present.

  2. Several Antimalware registry keys are present, even though Antimalware software had been removed due to an upgrade.

  3. You are running Vista or higher OS (including Server OS like Windows Server 2008)

If all of these items are true, then we will reinstall the update package and return the system to normal.

If a system fails any one of these conditions, we aren’t going to install. The first case is a safe check because only FCSv1 customers have this particular package. The second one is equally important, because if a admin has actually intentionally removed FCSv1, the Antimwalware keys we are looking for would no longer exist. The third obviously focuses the package on machines that it applies to.

We are planning to release this package on 4/5. Our intention is to make this available and visible before the upcoming patch Tuesday window so administrators and users can choose to deploy it ahead of any other updates pending the following Tuesday. WSUS admins will be able to find this package by its KB number 2524280.

Please note that this package is intended to fix only a very specific case of an upgrade failure. There are many technical reasons that a package may fail to upgrade that we cannot address in this manner. Examples include a damaged registry, Windows installer repository issues or binaries being held by external processes beyond our control. If you need additional assistance please contact your support professional or visit http://support.microsoft.com/ph/12632 .

Forefront Client Security Engineering team

Categories: FCS, FCS Support, Forefront, KB, known issue, WSUS Tags:

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 FOR FOREFRONT SECURITY FOR OFFICE COMMUNICATIONS SERVER

December 15th, 2010 Comments off

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 FOR FOREFRONT SECURITY FOR OFFICE COMMUNICATIONS SERVER

December 15th, 2010 No comments

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 FOR FOREFRONT SECURITY FOR OFFICE COMMUNICATIONS SERVER

December 15th, 2010 No comments

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

RELEASE ANNOUNCEMENT FOR HOTFIX ROLLUP 2 FOR FOREFRONT SECURITY FOR OFFICE COMMUNICATIONS SERVER

December 15th, 2010 No comments

On behalf of the Security team at Microsoft, I am please to announce the release of Hotfix Rollup 2 for Microsoft’s Forefront Security for Office Communications Server.

 

On December 15th, Microsoft shipped Hotfix Rollup 2 for Forefront Security for Office Communications Server (FSOCS) to provide a series of product enhancements and new features.

 

For a complete list of the new features and enhancements included in this rollup, along with directions for download, please see the following Knowledge Base article: http://support.microsoft.com/kb/2482040  

 

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this Hotfix Rollup.

 

Regards,

Robert McCarthy

CSS Microsoft Security

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 No comments

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 No comments

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 No comments

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Please let us know about how you use email security solutions in your workplace

December 6th, 2010 Comments off

Hello everyone,

The Microsoft Forefront team is currently conducting a survey and would like to hear your opinions about email security, especially how you use email security solutions in your organization. We would appreciate it if you would take the time to respond to this survey.  This information will help us improve Forefront Protection for Exchange.

Please consider taking a few minutes at this time to complete the survey. This survey should take about 10 -15 minutes to complete.

 

To participate, please click here.

 

Carolyn Liu
Senior Program Manager, Forefront Server Protection

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 Comments off

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Updates to the Forefront Server Protection documentation in the TechNet library (August 2010)

August 5th, 2010 Comments off

Hi, my name is Scott Floman, and I’m a technical writer in the Forefront Server Protection group. Every few months or so, we update our existing “legacy” documentation on our TechNet Web site, and this post is to make you aware of our recent August 2010 update. (p.s. By “legacy” content I mean products that are already supported in production environments, such as Forefront Protection 2010 for Exchange Server (FPE), Forefront Protection 2010 for SharePoint (FPSP), and our Forefront Server Security Version 10 and Antigen Version 9 products).

 

Some of the topics we added or provided updated information about are:

 

·         FPE capacity planning: http://technet.microsoft.com/en-us/library/ff921060.aspx

·         Supported operating systems and Exchange Server versions: http://technet.microsoft.com/en-us/library/ff921059.aspx

·         Best practices for configuring FPE operations: http://technet.microsoft.com/en-us/library/ff716689.aspx

·         Managing performance and health. We added recommended resolutions for when your health monitors are not green (“healthy”).

·         FPE: http://technet.microsoft.com/en-us/library/ee358897.aspx

·         FPSP: http://technet.microsoft.com/en-us/library/ee358924.aspx

·         Submitting malware to Microsoft for analysis. The documentation was revised because customers are advised to use the Microsoft Malware Protection Center Portal to submit malware for analysis.

·         FPE: http://technet.microsoft.com/en-us/library/dd639384.aspx

·         FPSP: http://technet.microsoft.com/en-us/library/dd639465.aspx

·         Maximizing FPSP scan engine performance: http://technet.microsoft.com/en-us/library/ff729711.aspx

 

These are just some of the updates we made. We also made smaller-scale updates in many areas, for example we updated the Forefront Server Security Management Console (FSSMC) system requirements, the FPSP Performance Monitor topic, and the FPE cluster documentation.

In addition, the Table Of Contents (TOC) on TechNet has recently undergone a reorganization, and we are also continuing to seek out ways to optimize search results so that our customers can more easily find the information that they are looking for. 

Also, our team has been busy in creating videos that we hope you will find useful in learning about our products. Here are some recent FPE videos: 

 

So, that’s that, I just wanted to say a few words about our latest TechNet update, the TechNet TOC reorg, and our increased use of the video format. Please used the feedback feature on TechNet, because we do attempt to address all feedback received.

 

Also, another good resource for information is the Forefront Server Security Forum (http://social.technet.microsoft.com/Forums/en-us/category/forefront) where you can read and answer questions about our products. A passport account is needed to access the Forum.

There are other Microsoft forums, blogs, and online technology sites that might prove useful as well; for more information, read this blog article:

http://blogs.technet.com/fss/archive/2009/03/10/other-blogs-and-content-of-interest-for-fss-users.aspx

 

Finally, I want to call your attention to the TechNet wiki, which you can access at the following URL: http://social.technet.microsoft.com/wiki/

 

This is a new community where Forefront employees and customers can post technical articles and interact with one another, much like how wikipedia works. We’re excited about the possibilities of this wiki, which we feel will be a great resource of information, so please stop by and check it out. I recently posted the following wiki articles which I hope will help customers configure our products in multi-server environments (there are also videos for these topics if you want to see a visual demonstration):

Again, thanks for your time, and feel free to e-mail me with any feedback.


Scott Floman
scfloman@microsoft.com