Archive

Archive for October, 2010

UAG 2010 SP1: The New and Improved DirectAccess Features

October 27th, 2010 Comments off

We received some great feedback from customers about deploying DirectAccess in their organizations. One notable quote was “it works like magic!” Our customers also told us how we can make the product better by adding features and making existing features easier to manage.

After discussions and prioritization we are now proud to present the DirectAccess enhancements in service pack 1:

  • One-time-password support including: Integrated RSA SecurID agent and support for other 3rd party RADIUS based OTP products
  • Added optional settings in each step for advanced deployment scenarios
  • Support for deploying DirectAccess Group Policy across multiple domains, and pre-created GPOs
  • Support for the “I only want to manage my computers” scenario using integrated UAG UI
  • Support for Force Tunneling scenario using integrated UAG UI
  • Integrated NAP for simplified endpoint policy enforcement with simple “for dummies” setup of NAP+DA and integrated NAP troubleshooting tools included in Web Monitor
  • Improved monitoring and troubleshooting

 

One Time Password Integration

We’ve been hearing this request a lot from customers and potential customers – so we’ve gone ahead and did it.

Server side

On the server side UAG now provides a choice between smartcards and OTP. We did this by adding support for OTP in the UAG UI as part of the UAG DA Wizard’s optional settings. UAG comes out-of-the-box with an RSA SecureID agent so you can be up and running in no time if you have SecurID tokens.

OTP

Figure 1: UAG DA UI with OTP

You can use OTP solutions from other 3rd party vendors as long as they are RADIUS based (OATH compliant).

Client side

On the client side the users are given the same experience and look & feel as the smartcard authentication “pop-up”. Our implementation is not based on credential provider so that requiring OTP for authentication in the UAG DA server UI does not enable the user to login to Windows on the client using an OTP token.

f2

Figure 2: OTP authentication balloon

clip_image005

Figure 3: OTP authentication popup

Deployment

When deploying OTP you need to set up a dedicated Certificate Authority server (CA) and cannot use an existing CA. UAG makes life easier by generating a script which you can apply on the dedicated CA for use with OTP instead of performing CA configuration manually. Another bonus is that you do not need to make changes to the existing RSA ACE servers.

 

NAP Integration

NAP setup

NAP integration in UAG 2010 seemed easy enough. All you had to do was select a checkbox and NAP was enforced. In reality, there is more to it than that. Someone needs to install and configure an NPS, HRAs and CAs. This is not a simple task. In SP1 we decided to ask a few more questions, but have UAG do the bulk of the work for you. We did this by installing and configuring NAP roles on the UAG server, and by adding the NAP settings to the client GPO. You still need to set up a dedicated CA server and health template, and point to them in the UAG UI.

In the wizard you can choose between enforcing and monitoring health. If you select to enforce, client machines cannot create the second (intranet) tunnel until they can obtain a health certificate. Monitor only, on the other hand, will make sure that client health is checked and reported, but unhealthy clients will not be blocked.

NAP client health troubleshooting

Another non-trivial task that administrators face when using NAP is trying to understand why a particular client machine is considered unhealthy. Although the data exists, it is buried in the Windows EventLog and the actual events are not very clear. We’ve decided to add NAP troubleshooting to the UAG DA UI, specifically to the Web Monitor. You can query the last event for a specific machine, the last five events, or all of the events in a range of dates.

Existing NAP infrastructure

If you already have a NAP infrastructure or just want to have separate NAP and UAG servers, you can select not to use the internal NAP server, no questions asked. You then have to:

  • Setup the NPS, HRA and CA server
  • Create your own client GPO to turn on NAP client settings
  • Use Event Viewer on your NPS server to troubleshoot client health problems
  • Replicate the NPS configuration if you have more than one deployed

Integrated Multi Domain Support

Many of our customers have more than one domain. We have added support for managing DirectAccess in a multi domain deployment.

Using the UAG DirectAccess UI you can specify which domains the DirectAccess GPOs will be applied to. You can also specify which GPO the UAG will use, allowing for better role separation between the DirectAccess admin and the UAG admin. In addition, the GPOs can now be linked to OUs, not only to whole domains.

clip_image007

clip_image009

Figure 4: Selecting client computer domains

Figure 5: Selecting OUs/Security groups

 

 clip_image010

Figure 6: Selecting Preconfigured/New GPO

Domain controller auto-discovery has also been extended to discover DCs across all selected domains.

 

Always managed

Some customers wanted to deploy DirectAccess for the purpose of managing remote client machines, but do not wish to have users connect to application servers on the intranet. Using a new setting located on the first page of the client wizard, the admin can now choose to enable only the first (infrastructure) tunnel, without enabling the second (intranet) tunnel.

 

Force tunneling

Some customers want to enable client machines to connect via DirectAccess, but while connected they do not want the clients to connect to anywhere else (i.e. creating a split tunnel). The UAG DirectAccess UI enables you to specify force tunneling in one of two flavors:

  • Web-only through the intranet web proxy
  • All traffic, using DNS64 and NAT64 to translate every IPv4 address returned in DNS

If you are thinking of utilizing this feature, please read Tom Shinder’s blog post (http://blogs.technet.com/b/tomshinder/archive/2010/03/30/more-on-directaccess-split-tunneling-and-force-tunneling.aspx) in full prior to deployment.

 

Improved monitoring and troubleshooting

Server side

Since UAG has a built in monitoring tool called Web Monitor, we’ve integrated DirectAccess information into it, providing a unified monitoring experience. The information is stored in an internal SQL database. You can display a list of currently logged on users, access level (infrastructure/intranet), NAP health status, machine account, user account and other fields.

At the array level, there is a “SCOM-like” health indication for each UAG array member. Everything is presented at the array level so that the admin can access all the information from the console of any node of the array.

The user monitoring PowerShell snap-in can now present the user and server monitoring information at the array-level, without enabling the Security auditing event logs.

Client side

DirectAccess Connectivity Assistant (DCA) is an application that runs on the DirectAccess clients. DCA enables the user to easily check the status of the DirectAccess connection to the corporate network and resources. It also provides troubleshooting features that will help in solving connectivity issues.

In SP1 you can centrally configure the DCA using the UAG DirectAccess UI. Configuration is propagated to clients via GPO. The DCA binary distribution is not done by UAG – you need to do it manually or automate it via GPOs, SCCM or other means.

We’ve added 7 new diagnostics to DCA, E.g. “IPv6 is disabled on the client” and now provide an HTML based troubleshooting summary.

f7

Figure 7: HTML Summary with Hyperlinks

We are excited about this new release and we encourage you to share with us any feedback you have.

Noam

Categories: DirectAccess, UAG 2010 SP1 Tags:

Fake Microsoft Security Essentials software on the loose. Don’t be fooled by it!

October 25th, 2010 No comments

Last week, we saw the re-emergence of another new trojan that is disguising itself as Microsoft’s no-cost antimalware program Microsoft Security Essentials. This imposter is known in the technical world of antimalware combat as “Win32/FakePAV”. FakePAV is a rogue that displays messages that imitate Microsoft Security Essentials threat reports in order to entice the user into downloading and paying for a rogue security scanner. The rogue persistently terminates numerous processes such as Windows Registry Editor, Internet Explorer, Windows Restore and other utilities and applications.

This fake software is distributed by a tactic commonly described as a “drive-by download” and shows up as a hotfix.exe or as an mstsc.exe file. Additionally, after the fake Microsoft Security Essentials software reports it cannot clean the claimed malware infection, it offers to install additional antimalware rogues (with names such as AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross). Lastly, this fake program will try to scare you into purchasing a product.

Before we get to the detailed view of how this trojan works, we want the message to be very clear: This software is a fake. Do not be fooled by this scam. This malware can potentially cause consumers and small business owners harm. Microsoft Security Essentials can be downloaded and used at no cost by users running genuine Windows (Download here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly up to no good.

If you have not already updated your security software please do so. Making sure your security software is up-to-date and has the latest definitions is the best way to prevent infections.

And now onto a detailed look at FakePAV. While different FakePAV distributions have different payloads, here is how the current one imitating Microsoft Security Essentials works:

1. It modifies the system so that it runs when Windows starts

2. When you go to execute something it’s watching for, it opens the alert window claiming the program is infected and blocks it from running.

3. You can expand it out for “additional details”

4. If you click “Clean computer” or “Apply actions”, it simulates an attempt to clean the claimed infection

5. You’ll then get an ‘unable to clean’ alert and be instructed to click ‘Scan Online’

6. Clicking this, a list of antimalware programs appears, including several fake removal tools, and you’d need to click Start Scan

7. Once the simulated scan completes, it will claim a solution was found and list products that can ‘clean’ the system (the listed products are fake removal tools).

8. Clicking ‘Free install’ on one of those downloads will download its installer and start installing

If you believe your machine has become infected, we encourage you to use Microsoft Security Essentials to check your PC for malware and to help remove them from your system. You can also find out how to get virus-related assistance at no charge from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.

For more information on this FakePAV please visit our encyclopedia entry at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakePAV. It contains a lot of information that may help answer questions about this rogue.

And remember: Microsoft does not charge for Microsoft Security Essentials. You can find the legitimate version of Microsoft Security Essentials at http://www.microsoft.com/security_essentials.

Fake Microsoft Security Essentials software on the loose. Don’t be fooled by it!

October 25th, 2010 No comments

Last week, we saw the re-emergence of another new trojan that is disguising itself as Microsoft’s no-cost antimalware program Microsoft Security Essentials. This imposter is known in the technical world of antimalware combat as “Win32/FakePAV”. FakePAV is a rogue that displays messages that imitate Microsoft Security Essentials threat reports in order to entice the user into downloading and paying for a rogue security scanner. The rogue persistently terminates numerous processes such as Windows Registry Editor, Internet Explorer, Windows Restore and other utilities and applications.

This fake software is distributed by a tactic commonly described as a “drive-by download” and shows up as a hotfix.exe or as an mstsc.exe file. Additionally, after the fake Microsoft Security Essentials software reports it cannot clean the claimed malware infection, it offers to install additional antimalware rogues (with names such as AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross). Lastly, this fake program will try to scare you into purchasing a product.

Before we get to the detailed view of how this trojan works, we want the message to be very clear: This software is a fake. Do not be fooled by this scam. This malware can potentially cause consumers and small business owners harm. Microsoft Security Essentials can be downloaded and used at no cost by users running genuine Windows (Download here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly up to no good.

If you have not already updated your security software please do so. Making sure your security software is up-to-date and has the latest definitions is the best way to prevent infections.

And now onto a detailed look at FakePAV. While different FakePAV distributions have different payloads, here is how the current one imitating Microsoft Security Essentials works:

1. It modifies the system so that it runs when Windows starts

2. When you go to execute something it’s watching for, it opens the alert window claiming the program is infected and blocks it from running.

3. You can expand it out for “additional details”

4. If you click “Clean computer” or “Apply actions”, it simulates an attempt to clean the claimed infection

5. You’ll then get an ‘unable to clean’ alert and be instructed to click ‘Scan Online’

6. Clicking this, a list of antimalware programs appears, including several fake removal tools, and you’d need to click Start Scan

7. Once the simulated scan completes, it will claim a solution was found and list products that can ‘clean’ the system (the listed products are fake removal tools).

8. Clicking ‘Free install’ on one of those downloads will download its installer and start installing

If you believe your machine has become infected, we encourage you to use Microsoft Security Essentials to check your PC for malware and to help remove them from your system. You can also find out how to get virus-related assistance at no charge from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.

For more information on this FakePAV please visit our encyclopedia entry at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakePAV. It contains a lot of information that may help answer questions about this rogue.

And remember: Microsoft does not charge for Microsoft Security Essentials. You can find the legitimate version of Microsoft Security Essentials at http://www.microsoft.com/security_essentials.

Fake Microsoft Security Essentials software on the loose. Don’t be fooled by it!

October 25th, 2010 Comments off

Last week, we saw the re-emergence of another new trojan that is disguising itself as Microsoft’s no-cost antimalware program Microsoft Security Essentials. This imposter is known in the technical world of antimalware combat as “Win32/FakePAV”. FakePAV is a rogue that displays messages that imitate Microsoft Security Essentials threat reports in order to entice the user into downloading and paying for a rogue security scanner. The rogue persistently terminates numerous processes such as Windows Registry Editor, Internet Explorer, Windows Restore and other utilities and applications.

This fake software is distributed by a tactic commonly described as a “drive-by download” and shows up as a hotfix.exe or as an mstsc.exe file. Additionally, after the fake Microsoft Security Essentials software reports it cannot clean the claimed malware infection, it offers to install additional antimalware rogues (with names such as AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross). Lastly, this fake program will try to scare you into purchasing a product.

Before we get to the detailed view of how this trojan works, we want the message to be very clear: This software is a fake. Do not be fooled by this scam. This malware can potentially cause consumers and small business owners harm. Microsoft Security Essentials can be downloaded and used at no cost by users running genuine Windows (Download here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly up to no good.

If you have not already updated your security software please do so. Making sure your security software is up-to-date and has the latest definitions is the best way to prevent infections.

And now onto a detailed look at FakePAV. While different FakePAV distributions have different payloads, here is how the current one imitating Microsoft Security Essentials works:

1. It modifies the system so that it runs when Windows starts

2. When you go to execute something it’s watching for, it opens the alert window claiming the program is infected and blocks it from running.

3. You can expand it out for “additional details”

4. If you click “Clean computer” or “Apply actions”, it simulates an attempt to clean the claimed infection

5. You’ll then get an ‘unable to clean’ alert and be instructed to click ‘Scan Online’

6. Clicking this, a list of antimalware programs appears, including several fake removal tools, and you’d need to click Start Scan

7. Once the simulated scan completes, it will claim a solution was found and list products that can ‘clean’ the system (the listed products are fake removal tools).

8. Clicking ‘Free install’ on one of those downloads will download its installer and start installing

If you believe your machine has become infected, we encourage you to use Microsoft Security Essentials to check your PC for malware and to help remove them from your system. You can also find out how to get virus-related assistance at no charge from Microsoft here: http://www.microsoft.com/protect/support/default.mspx.

For more information on this FakePAV please visit our encyclopedia entry at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakePAV. It contains a lot of information that may help answer questions about this rogue.

And remember: Microsoft does not charge for Microsoft Security Essentials. You can find the legitimate version of Microsoft Security Essentials at http://www.microsoft.com/security_essentials.

Forefront Protection Server Management Console 2010 Update

October 25th, 2010 No comments

My name is Andrew Schiano, and I work in Test for the Forefront Protection team. I would like to tell you a little bit about the soon-to-be released Forefront Protection Server Management Console 2010 (FPSMC). FPSMC provides centralized management for the Forefront Protection 2010 for Exchange (FPE) and Forefront Protection 2010 for SharePoint (FPSP) servers in your environment. FPSMC is expected to be available as a free download in Q4 2010.

 

FPSMC provides multi-server management through a browser-based interface, and supports the following features:

Signature redistribution

The signature redistribution job is used to deploy antivirus signature updates to the FPE/FPSP servers in an environment. The most efficient way to update engine signatures on all your servers is to create a redistribution job to download them to the FPSMC server. The FPSMC server is then used as the retrieval point for all the other servers in the environment.

 

Policy (configuration) deployment

FPSMC supports deploying a centralized set of configuration settings to one or more FPE or FPSP servers in your environment. This is accomplished by configuring one of your FPE/FPSP servers to the desired configuration and then exporting these settings in xml format.  The xml file is then imported into FPSMC, which can deploy these same settings to your other FPE/FPSP servers.

 

Patch deployment

FPSMC supports deploying FPE and FPSP roll ups and service packs. Patch packages can either be .MSP or .EXE file types.

 

Centralized incident reporting

The Incident Detection report presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. This includes the five most common malware types detected in your organization and the most recent detection date and time.

 

Centralized spam reporting

The Spam Detection report presents data about the number of spam messages blocked by FPE. This includes a pie-chart breakdown by filter type and a line graph showing the number of spam messages detected over time.

 

Centralized engine versions reporting

The Engine and Definition Versions report presents data about the antivirus engine versions and definitions on selected servers running FPE and FPSP. This report compares the current engine versions of the managed servers to determine which, if any, of your signatures are out of date.

 

Quarantine management

FPSMC supports retrieving quarantine data from managed Forefront Protection servers for local analysis and management, including delivering Exchange quarantine and restoring SharePoint quarantine.

 

Integration with Forefront Online Protection for Exchange (FOPE).

If you are using FOPE in your organization, you can use FPSMC to access the FOPE Administration Center to monitor your email flow. FPSMC provides access to the FOPE home page, quarantine, reports, and mail tracing facilities.

 

Auto discovery of servers

On a nightly basis, FPSMC will automatically detect new FPE and FPSP servers that have been added to your network.

 

Exchange Clusters — CCR, SCC, and DAG 
FPSMC supports clustered Exchange servers, including E14 Database Availability Groups.

 

FPSMC will initially be available in English.  Localized versions in all 11 languages (Chinese-Simplified, Chinese-Traditional, English, French, German, Italian, Japanese, Korean, Portuguese-Brazil, Russian, and Spanish) will be released at a later date (to be announced).  

 

Thank you for your time, and I hope you found this article helpful.

 

Andrew Schiano

Software Development Engineer in Test

Forefront Protection Server Management Console 2010 Update

October 25th, 2010 No comments

My name is Andrew Schiano, and I work in Test for the Forefront Protection team. I would like to tell you a little bit about the soon-to-be released Forefront Protection Server Management Console 2010 (FPSMC). FPSMC provides centralized management for the Forefront Protection 2010 for Exchange (FPE) and Forefront Protection 2010 for SharePoint (FPSP) servers in your environment. FPSMC is expected to be available as a free download in Q4 2010.

 

FPSMC provides multi-server management through a browser-based interface, and supports the following features:

Signature redistribution

The signature redistribution job is used to deploy antivirus signature updates to the FPE/FPSP servers in an environment. The most efficient way to update engine signatures on all your servers is to create a redistribution job to download them to the FPSMC server. The FPSMC server is then used as the retrieval point for all the other servers in the environment.

 

Policy (configuration) deployment

FPSMC supports deploying a centralized set of configuration settings to one or more FPE or FPSP servers in your environment. This is accomplished by configuring one of your FPE/FPSP servers to the desired configuration and then exporting these settings in xml format.  The xml file is then imported into FPSMC, which can deploy these same settings to your other FPE/FPSP servers.

 

Patch deployment

FPSMC supports deploying FPE and FPSP roll ups and service packs. Patch packages can either be .MSP or .EXE file types.

 

Centralized incident reporting

The Incident Detection report presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. This includes the five most common malware types detected in your organization and the most recent detection date and time.

 

Centralized spam reporting

The Spam Detection report presents data about the number of spam messages blocked by FPE. This includes a pie-chart breakdown by filter type and a line graph showing the number of spam messages detected over time.

 

Centralized engine versions reporting

The Engine and Definition Versions report presents data about the antivirus engine versions and definitions on selected servers running FPE and FPSP. This report compares the current engine versions of the managed servers to determine which, if any, of your signatures are out of date.

 

Quarantine management

FPSMC supports retrieving quarantine data from managed Forefront Protection servers for local analysis and management, including delivering Exchange quarantine and restoring SharePoint quarantine.

 

Integration with Forefront Online Protection for Exchange (FOPE).

If you are using FOPE in your organization, you can use FPSMC to access the FOPE Administration Center to monitor your email flow. FPSMC provides access to the FOPE home page, quarantine, reports, and mail tracing facilities.

 

Auto discovery of servers

On a nightly basis, FPSMC will automatically detect new FPE and FPSP servers that have been added to your network.

 

Exchange Clusters — CCR, SCC, and DAG 
FPSMC supports clustered Exchange servers, including E14 Database Availability Groups.

 

FPSMC will initially be available in English.  Localized versions in all 11 languages (Chinese-Simplified, Chinese-Traditional, English, French, German, Italian, Japanese, Korean, Portuguese-Brazil, Russian, and Spanish) will be released at a later date (to be announced).  

 

Thank you for your time, and I hope you found this article helpful.

 

Andrew Schiano

Software Development Engineer in Test

Forefront Protection Server Management Console 2010 Update

October 25th, 2010 No comments

My name is Andrew Schiano, and I work in Test for the Forefront Protection team. I would like to tell you a little bit about the soon-to-be released Forefront Protection Server Management Console 2010 (FPSMC). FPSMC provides centralized management for the Forefront Protection 2010 for Exchange (FPE) and Forefront Protection 2010 for SharePoint (FPSP) servers in your environment. FPSMC is expected to be available as a free download in Q4 2010.

 

FPSMC provides multi-server management through a browser-based interface, and supports the following features:

Signature redistribution

The signature redistribution job is used to deploy antivirus signature updates to the FPE/FPSP servers in an environment. The most efficient way to update engine signatures on all your servers is to create a redistribution job to download them to the FPSMC server. The FPSMC server is then used as the retrieval point for all the other servers in the environment.

 

Policy (configuration) deployment

FPSMC supports deploying a centralized set of configuration settings to one or more FPE or FPSP servers in your environment. This is accomplished by configuring one of your FPE/FPSP servers to the desired configuration and then exporting these settings in xml format.  The xml file is then imported into FPSMC, which can deploy these same settings to your other FPE/FPSP servers.

 

Patch deployment

FPSMC supports deploying FPE and FPSP roll ups and service packs. Patch packages can either be .MSP or .EXE file types.

 

Centralized incident reporting

The Incident Detection report presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. This includes the five most common malware types detected in your organization and the most recent detection date and time.

 

Centralized spam reporting

The Spam Detection report presents data about the number of spam messages blocked by FPE. This includes a pie-chart breakdown by filter type and a line graph showing the number of spam messages detected over time.

 

Centralized engine versions reporting

The Engine and Definition Versions report presents data about the antivirus engine versions and definitions on selected servers running FPE and FPSP. This report compares the current engine versions of the managed servers to determine which, if any, of your signatures are out of date.

 

Quarantine management

FPSMC supports retrieving quarantine data from managed Forefront Protection servers for local analysis and management, including delivering Exchange quarantine and restoring SharePoint quarantine.

 

Integration with Forefront Online Protection for Exchange (FOPE).

If you are using FOPE in your organization, you can use FPSMC to access the FOPE Administration Center to monitor your email flow. FPSMC provides access to the FOPE home page, quarantine, reports, and mail tracing facilities.

 

Auto discovery of servers

On a nightly basis, FPSMC will automatically detect new FPE and FPSP servers that have been added to your network.

 

Exchange Clusters — CCR, SCC, and DAG 
FPSMC supports clustered Exchange servers, including E14 Database Availability Groups.

 

FPSMC will initially be available in English.  Localized versions in all 11 languages (Chinese-Simplified, Chinese-Traditional, English, French, German, Italian, Japanese, Korean, Portuguese-Brazil, Russian, and Spanish) will be released at a later date (to be announced).  

 

Thank you for your time, and I hope you found this article helpful.

 

Andrew Schiano

Software Development Engineer in Test

Forefront Protection Server Management Console 2010 Update

October 25th, 2010 Comments off

My name is Andrew Schiano, and I work in Test for the Forefront Protection team. I would like to tell you a little bit about the soon-to-be released Forefront Protection Server Management Console 2010 (FPSMC). FPSMC provides centralized management for the Forefront Protection 2010 for Exchange (FPE) and Forefront Protection 2010 for SharePoint (FPSP) servers in your environment. FPSMC is expected to be available as a free download in Q4 2010.

 

FPSMC provides multi-server management through a browser-based interface, and supports the following features:

Signature redistribution

The signature redistribution job is used to deploy antivirus signature updates to the FPE/FPSP servers in an environment. The most efficient way to update engine signatures on all your servers is to create a redistribution job to download them to the FPSMC server. The FPSMC server is then used as the retrieval point for all the other servers in the environment.

 

Policy (configuration) deployment

FPSMC supports deploying a centralized set of configuration settings to one or more FPE or FPSP servers in your environment. This is accomplished by configuring one of your FPE/FPSP servers to the desired configuration and then exporting these settings in xml format.  The xml file is then imported into FPSMC, which can deploy these same settings to your other FPE/FPSP servers.

 

Patch deployment

FPSMC supports deploying FPE and FPSP roll ups and service packs. Patch packages can either be .MSP or .EXE file types.

 

Centralized incident reporting

The Incident Detection report presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. This includes the five most common malware types detected in your organization and the most recent detection date and time.

 

Centralized spam reporting

The Spam Detection report presents data about the number of spam messages blocked by FPE. This includes a pie-chart breakdown by filter type and a line graph showing the number of spam messages detected over time.

 

Centralized engine versions reporting

The Engine and Definition Versions report presents data about the antivirus engine versions and definitions on selected servers running FPE and FPSP. This report compares the current engine versions of the managed servers to determine which, if any, of your signatures are out of date.

 

Quarantine management

FPSMC supports retrieving quarantine data from managed Forefront Protection servers for local analysis and management, including delivering Exchange quarantine and restoring SharePoint quarantine.

 

Integration with Forefront Online Protection for Exchange (FOPE).

If you are using FOPE in your organization, you can use FPSMC to access the FOPE Administration Center to monitor your email flow. FPSMC provides access to the FOPE home page, quarantine, reports, and mail tracing facilities.

 

Auto discovery of servers

On a nightly basis, FPSMC will automatically detect new FPE and FPSP servers that have been added to your network.

 

Exchange Clusters — CCR, SCC, and DAG 
FPSMC supports clustered Exchange servers, including E14 Database Availability Groups.

 

FPSMC will initially be available in English.  Localized versions in all 11 languages (Chinese-Simplified, Chinese-Traditional, English, French, German, Italian, Japanese, Korean, Portuguese-Brazil, Russian, and Spanish) will be released at a later date (to be announced).  

 

Thank you for your time, and I hope you found this article helpful.

 

Andrew Schiano

Software Development Engineer in Test

Announcing Forefront UAG 2010 Service Pack 1

October 21st, 2010 Comments off

We are happy to announce Forefront UAG 2010 Service Pack 1 (SP1) and the availability of its final release candidate. This service pack includes many enhancements to the product, designed to ease DirectAccess deployments and to enable secure collaboration scenarios using Active Directory Federation Services (AD FS) 2.0.

Among the new features for DirectAccess:

  • One-time-password support for DirectAccess.
  • Simplified DirectAccess deployment with an improved admin UI, which includes new functionality that previously required scripting and manual tweaking.
  • Increased flexibility in creating and distributing DirectAccess Group Policy Objects (GPO)
  • Support for DirectAccess deployments which enable only the “always managed” functionality, allowing remote management of the DirectAccess client machines from the Corporate network without also enabling corporate access for the DirectAccess clients
  • Support for forced tunneling, which means that all of the traffic from DirectAccess clients is routed through the DirectAccess server to the corporate network, and from there, if needed, back to the Internet.
  • Integration of the DirectAccess Connectivity Assistant (DCA) configuration and deployment into the admin process.
  • Integrated NAP for simplified endpoint policy enforcement.
  • Improved monitoring and troubleshooting by adding new DCA diagnostics and server-side reports.

The new AD FS 2.0 secure collaboration scenarios in SP1 enable the following:

  • One-time-password support for DirectAccess.
  • Claims-based authentication to the UAG portal
  • Publishing of claims-aware applications
  • Claims-based authorization
  • SSO to legacy applications for users authenticated using claims
  • Single Sign-out
  • Publishing AD FS 2.0 server

SP1 is not only about features – it’s also about the user experience and the quality of the product. We addressed many customer requests and improved the stability and robustness of the system – not only for the new functionality but also for the existing scenarios. We also invested in completing the localization of the end-user experience. We are confident that you and your users will notice the improvement.

You can start experimenting with UAG 2010 SP1 RC right now by downloading the Release Candidate (RC). It includes all of the new features and is available both as an upgrade from a previous UAG 2010 releases, or as a clean install. You can find updated documentation that reflects all SP1 changes in our TechNet Library. We recommend you begin with the new installation guide.

We are eager to get your feedback and to assist with your deployments via our TechNet forum. Our team as well as our MVPs and partners monitor the forum. Please post any issues you might encounter. Compliments are also welcome 😉

Over the next few weeks we will publish a series of blog posts to introduce SP1. Stay tuned!

Categories: UAG 2010 SP1 Tags:

Forefront UAG 2010 – Update 2.

October 17th, 2010 Comments off

I’m very happy to announce that on September 21st we released Forefront UAG 2010 – Update 2.

In this update we deliver enhancements to existing UAG functionality, and solutions for major deployment blockers for a broad set of customers, addressing 18 customer requests.

Some of the major functionality added in this update:

· Client Components Enhancement—The Forefront UAG SSL Application Tunneling component is now supported on Windows 7 64-bit operating systems for 32-bit applications.

· Virtual Desktop Infrastructure (VDI)—Forefront UAG fully supports publishing remote desktops using VDI.

· Citrix publishing support—Forefront UAG fully supports Citrix Presentation Server 4.5 and its replacement Citrix XenApp 5.0.

· Citrix client computer support—Forefront UAG supports client computers with 64-bit operating systems accessing Citrix XenApp applications.

· SSTP user and group access control—Forefront UAG now provides a finer authorization mechanism allowing administrators to authorize individual users or groups for SSTP access.

· SSL handshake—Forefront UAG now provides better handling of the SSL handshake including the case when the application server requires client certificate credentials for the negotiation.

· MAC addresses support—Forefront UAG Network Connector supports a wider range of network adapters with a larger valid MAC address range.

We know that there are a significant number of customers and partners who are eager to get Update 2. Download it at Forefront Unified Access Gateway (UAG) Update 2.

Apologies for posting this notification late, and we will ensure more timely notification in the future.

 

Eyal Peri

Senior Program Manager

Categories: Uncategorized Tags:

LiveKd for Virtual Machine Debugging

October 14th, 2010 No comments

When Dave Solomon and I were writing the 3 rd edition of the Windows Internals book series Inside Windows 2000 back in 1999, we pondered if there was a way to enable kernel debuggers like Windbg and Kd (part of the free Debugging Tools for Windows package…(read more)

Categories: Uncategorized Tags:

Download MED-V 2.0 Beta Today!

October 12th, 2010 No comments

Hi, I’m Dave Trupkin, Senior Product Manager for Microsoft Enterprise Desktop Virtualization (MED-V) and Microsoft Application Virtualization (App-V), the two desktop virtualization components of the Microsoft Desktop Optimization Pack (MDOP). …(read more)

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 No comments

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Hotfix rollup 3 for Forefront Security for Exchange Server SP2 and hotfix rollup 3 for Forefront Security for SharePoint SP3 are now available

October 8th, 2010 Comments off

On behalf of the Forefront Server Protection team at Microsoft, I am pleased to announce the release of Forefront Security for Exchange Server (FSE) SP2 Rollup 3 and Forefront Security for SharePoint (FSSP) SP3 Rollup 3.

 

On October 8th, 2010 Microsoft shipped both builds to address a performance issue with version 8 of the Kaspersky antivirus engine.

 

For a detailed description of the updates please see the following Knowledge Base articles:

As the installer runs, server service restarts may be necessary, so please plan accordingly when applying this hotfix rollup. 

 

Regards,

Robert McCarthy
Sr. Support Engineer
Microsoft Security

Microsoft Security Essentials available to Small Businesses on October 7

October 6th, 2010 No comments

We announced back in September that Microsoft Security Essentials would be changing its licensing terms and would soon become available to small business on up to 10 PCs. We are happy to announce that beginning tomorrow, October 7, the change will go into effect and small business owners will be able to download and install Microsoft Security Essentials. This new availability will allow small businesses that operate outside of the home to take advantage of Microsoft’s no-cost antimalware service that will help them save time, save money and remain productive while protecting them from viruses, spyware and other malicious threats. If you operate a small business with more than 10 PCs, we do recommend that you consider using the Forefront line products to address your security needs.

In just one year on the market, more than 30 million customers are now enjoying the quiet protection Microsoft Security Essentials provides, and Microsoft is excited to now offer Microsoft Security Essentials to the small business community.

For more information about this new availability, check out the Microsoft SMB Community blog and the feature story on Microsoft.com.

Microsoft Security Essentials available to Small Businesses on October 7

October 6th, 2010 No comments

We announced back in September that Microsoft Security Essentials would be changing its licensing terms and would soon become available to small business on up to 10 PCs. We are happy to announce that beginning tomorrow, October 7, the change will go into effect and small business owners will be able to download and install Microsoft Security Essentials. This new availability will allow small businesses that operate outside of the home to take advantage of Microsoft’s no-cost antimalware service that will help them save time, save money and remain productive while protecting them from viruses, spyware and other malicious threats. If you operate a small business with more than 10 PCs, we do recommend that you consider using the Forefront line products to address your security needs.

In just one year on the market, more than 30 million customers are now enjoying the quiet protection Microsoft Security Essentials provides, and Microsoft is excited to now offer Microsoft Security Essentials to the small business community.

For more information about this new availability, check out the Microsoft SMB Community blog and the feature story on Microsoft.com.

Microsoft Security Essentials available to Small Businesses on October 7

October 6th, 2010 Comments off

We announced back in September that Microsoft Security Essentials would be changing its licensing terms and would soon become available to small business on up to 10 PCs. We are happy to announce that beginning tomorrow, October 7, the change will go into effect and small business owners will be able to download and install Microsoft Security Essentials. This new availability will allow small businesses that operate outside of the home to take advantage of Microsoft’s no-cost antimalware service that will help them save time, save money and remain productive while protecting them from viruses, spyware and other malicious threats. If you operate a small business with more than 10 PCs, we do recommend that you consider using the Forefront line products to address your security needs.

In just one year on the market, more than 30 million customers are now enjoying the quiet protection Microsoft Security Essentials provides, and Microsoft is excited to now offer Microsoft Security Essentials to the small business community.

For more information about this new availability, check out the Microsoft SMB Community blog and the feature story on Microsoft.com.

New IT GRC solutions for Microsoft System Center Service Manager now available for download!

October 4th, 2010 No comments

Start shifting the enforcement and management of IT GRC requirements from people to Microsoft technologies with the IT GRC Process Management Pack and the IT Compliance Management Series
The Microsoft ® Solution Accelerators team is pleased to…(read more)

Categories: Uncategorized Tags: