Archive

Archive for August, 2010

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Forefront Server Security Management Console (FSSMC) Hotfix Rollup 5 is now available

August 27th, 2010 Comments off

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 5 for the Forefront Server Security Management Console (FSSMC)!

 

Microsoft shipped Hotfix Rollup 5 for the FSSMC on August 26th, 2010.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:  http://support.microsoft.com/kb/2302023

 

·         Description of Hotfix Rollup 5 for Forefront Server Security Management Console: 

 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

Regards,

Robert McCarthy
Microsoft Security

Hotfix Rollup 3 for Antigen 9 for Exchange Service Pack 2 is Now Available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2!

 

On August 27th 2010 Microsoft shipped Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:
http://support.microsoft.com/kb/2302001

  •  Description of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2: 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

 

Regards,

Robert McCarthy
Microsoft Security

Hotfix Rollup 3 for Antigen 9 for Exchange Service Pack 2 is Now Available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2!

 

On August 27th 2010 Microsoft shipped Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:
http://support.microsoft.com/kb/2302001

  •  Description of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2: 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

 

Regards,

Robert McCarthy
Microsoft Security

Hotfix Rollup 3 for Antigen 9 for Exchange Service Pack 2 is Now Available

August 27th, 2010 No comments

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2!

 

On August 27th 2010 Microsoft shipped Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:
http://support.microsoft.com/kb/2302001

  •  Description of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2: 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

 

Regards,

Robert McCarthy
Microsoft Security

Hotfix Rollup 3 for Antigen 9 for Exchange Service Pack 2 is Now Available

August 27th, 2010 Comments off

On behalf of the Forefront Server Security team at Microsoft, I am pleased to announce the release of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2!

 

On August 27th 2010 Microsoft shipped Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2.

 

For a complete list of the new features and fixes included in this rollup along with directions for download, please see the following Knowledge Base article:
http://support.microsoft.com/kb/2302001

  •  Description of Hotfix Rollup 3 for Antigen 9 for Exchange, Service Pack 2: 

As the installer runs, server service restarts may be necessary so please plan accordingly when applying this Hotfix Rollup. 

 

 

Regards,

Robert McCarthy
Microsoft Security

New AGPM and DaRT Videos

August 23rd, 2010 No comments

You can find a series of new step by step videos for both Advance Group Policy Management (AGPM) and the Diagnostics and Recovery Toolset (DaRT) on the MDOP video page .
If your new to AGPM or DaRT, or just looking to get up to speed on a particular…(read more)

Categories: AGPM, DaRT, MDOP, MDOP 2009 R2, MDOP 2010, videos Tags:

Authenticating to UAG with an email address instead of user ID

August 23rd, 2010 Comments off

Summary

I recently had a customer ask about how to do SSO with an email address and not the samAccountName. Knowing that Forefront Unified Access Gateway (UAG) is VERY flexible, the answer is of course yes, and this blog outlines how.

Why authenticate with email?

My customer has a need to hold non-employee accounts in their directory. Specifically, they use Active Directory (AD) for SharePoint. They have both employees and non-employees in the directory. Their challenge was to get the non-employees to remember their AD user id. The answer was to have the non-employee use their company email address, something they can remember.

While AD understands Universal Principal Name (UPN), it is not a free text field allowing you to type anything you choose. In addition, you cannot include a “@” in your samAccountName, as AD does not allow this.

How does UAG address this?

UAG can be configured to do a lookup of the email address and return the samAccountName. This is no different than many LDAP login mechanisms, but the important thing is that UAG does know the real samAccountName, which is required to perform SSO login to most applications.

To enable UAG to do this “switch email for samAccountName” function we add a prevalidate.inc file, as discussed on page 99 of IAG_AdvancedUserGuide.pdf. (Note: IAG was the prior name for UAG).

Setting up UAG for email login

For this demonstration, we will assume you already have SharePoint setup and protected by UAG. We assume that the user can log in successfully with their userid (samAccountName), we just want to add e-mail address support.

Step 1. Create the file <TrunkName><0 or 1>PreValidate.inc, where the TrunkName is the name you created in UAG, and 0 stand for HTTP and 1 stands for HTTPS. In my case, my trunk was named “UAG” and it was HTTPS, so my filename is UAG1PreValidate.inc. This file is placed in the \von\InternalSite\inc\CustomUpdate directory.

Step 2. Add code similar to the following in the file. Note you will need to change the userid and password (on the Ads Provider line) and LDAP string (on the oConn.Execute line) to match your settings. See security note below*.

<%

If instr(Session(“user_name”&num),”@”) > 0 then

Dim oConn

Dim rs

Set oConn = Server.CreateObject(“ADODB.Connection”)

oConn.Provider = “ADSDSOObject”

oConn.Open “Ads Provider”, “scd-labs\serviceaccount”, “servicepassword”

Set rs = oConn.Execute(“<LDAP://dc=SCD-LABS,dc=net>;(&(objectClass=user)(mail=” & Session(“user_name”&num) & “));sAMAccountName”)

if not rs.eof then

if rs.recordcount = 1 then ‘ we found our user!

Session(“user_name”&num) = trim(rs(“sAMAccountName”).value) ‘ Required for SSO and change password

user_name = trim(rs(“sAMAccountName”).value) ‘ Required to pass CheckCredentials()

else

response.write “<font color=””red””><b><center>More than one user was found with the e-mail address ” & Session(“user_name”&num) & “<br></center></font></b>”

end if

else

response.write “<font color=””red””><b><center>No user was found with the e-mail address ” & Session(“user_name”&num) & “<br></center></font></b>”

end if

set oConn = nothing

set rs = nothing

End if

%>

Step 3. Activate the configuration.

Step 4. Create an account in Active Directory with a known email address.

Step 5. Log in using the email address as the account name and the real password.

If you have an error, and the UAG portal gives you an “Error 500”, then verify the code above, looking for any special characters that can be common in Unicode files.

*Security Note: Neither Microsoft or I are recommending having clear text passwords in text files on product servers.  The goal of this blog was to show how it could be done in the simplest form.  There are many ways to encrypt the password, but that is beyond the scope of this blog.

Author: Kevin Saye, Security Technical Specialist – Microsoft

Reviewer:Yuri Diogenes, Senior Support Escalation Engineer– Microsoft

Categories: Uncategorized Tags:

Microsoft Security Essentials Receives AV-Test Certificate

August 18th, 2010 No comments

Anti-virus research and data security organization AV-Test recently spent three months testing 19 security products in the areas of protection, repair and usability. On Monday, August 16th they released the test results, and we’re excited that Microsoft Security Essentials has received another certification, this time from AV-Test.org.

According to the AV-Test Product Review and Certification Report, the "Protection" category covers static and dynamic malware detection, including testing for real-world 0-Day attacks. "Repair" evaluates the system disinfection and rootkit removal in detail, which is critical for ensuring AV solutions effectively clean malware off of consumers’ computers. The "Usability" testing criteria includes the amount of system slow-down caused by the tools and the number of false positives. You can read the full set of test reports here.

As we mentioned last week, the most important validation of AV quality comes from independent certification organizations like VB100, AV-Test and others. With the current version of Microsoft Security Essentials and the new version now available in beta, our commitment remains constant: to provide security you can trust that is easy to use and provides protection that runs quietly and efficiently in the background, ensuring a great Windows user experience.

You can get the current version of Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here.

Microsoft Security Essentials Receives AV-Test Certificate

August 18th, 2010 No comments

Anti-virus research and data security organization AV-Test recently spent three months testing 19 security products in the areas of protection, repair and usability. On Monday, August 16th they released the test results, and we’re excited that Microsoft Security Essentials has received another certification, this time from AV-Test.org.

According to the AV-Test Product Review and Certification Report, the "Protection" category covers static and dynamic malware detection, including testing for real-world 0-Day attacks. "Repair" evaluates the system disinfection and rootkit removal in detail, which is critical for ensuring AV solutions effectively clean malware off of consumers’ computers. The "Usability" testing criteria includes the amount of system slow-down caused by the tools and the number of false positives. You can read the full set of test reports here.

As we mentioned last week, the most important validation of AV quality comes from independent certification organizations like VB100, AV-Test and others. With the current version of Microsoft Security Essentials and the new version now available in beta, our commitment remains constant: to provide security you can trust that is easy to use and provides protection that runs quietly and efficiently in the background, ensuring a great Windows user experience.

You can get the current version of Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here.

Microsoft Security Essentials Receives AV-Test Certificate

August 18th, 2010 Comments off

Anti-virus research and data security organization AV-Test recently spent three months testing 19 security products in the areas of protection, repair and usability. On Monday, August 16th they released the test results, and we’re excited that Microsoft Security Essentials has received another certification, this time from AV-Test.org.

According to the AV-Test Product Review and Certification Report, the "Protection" category covers static and dynamic malware detection, including testing for real-world 0-Day attacks. "Repair" evaluates the system disinfection and rootkit removal in detail, which is critical for ensuring AV solutions effectively clean malware off of consumers’ computers. The "Usability" testing criteria includes the amount of system slow-down caused by the tools and the number of false positives. You can read the full set of test reports here.

As we mentioned last week, the most important validation of AV quality comes from independent certification organizations like VB100, AV-Test and others. With the current version of Microsoft Security Essentials and the new version now available in beta, our commitment remains constant: to provide security you can trust that is easy to use and provides protection that runs quietly and efficiently in the background, ensuring a great Windows user experience.

You can get the current version of Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here.

Active Directory Certificate Services Monitoring Management Pack

August 16th, 2010 Comments off
Categories: SCOM Tags:

Forefront Security for SharePoint (FSSP) registry setting information and defaults

August 13th, 2010 Comments off

Forefront Security for SharePoint (FSSP) includes a number of registry settings that control most of the configuration settings. The charts below provide information about the various settings.

·         The first table gives information about several registry settings that are recommended and/or frequently used to improve FSSP’s performance.

·         The second table gives information about registry settings related to blocking unwanted files.

·         The third table gives information about registry settings used to set file size limits.

·         The fourth table gives information about registry settings used to control the actions FSSP takes when infected files are detected.

Please Note: You should only make changes to registry settings if you are comfortable working in the registry. If you are uncertain, you should open a support case for assistance.

Recommended settings to maximize performance

Settings

Recommendation

Description

SumInternalSizesOfCompressedArchive DWORD set to 1

MaxUnCompressedFileSize (Default 100MB, represented in the registry as 100,000,000 decimal.)

DeleteCorruptedCompressedFiles Set to ON

Recommended

A combination of these three settings will allow compressed files that expand to less than 100 MB to be scanned, while ensuring that those that expand to over 100 MB are blocked.

SkipLargeCompressedFileDeletion DWORD set to 1

User discretion. Enabling this setting will allow large compressed files to bypass antimalware scanning. This will improve server performance, but it will reduce security.

By default this option is off (0).  If set to on (1), then compressed files that expand to over 100MB will be bypassed instead of being blocked.

RecycleSPScanJobs DWORD set to 345,600 (decimal)

Recommended

In the event that the scan process has leaked any memory or resources, we recommend restarting scan processes every 4 days.  The restart will reclaim any lost resources. Recycle Forefront scan processes every 4 days (345,600 seconds equals 96 hours equals 4 days)

DeleteCorruptedCompressedFiles

 

Interim workaround: to be used only if necessary.

In Service Pack 3, compressed files should only be reported as corrupted compressed if they are truly corrupted.   If for some reason files are mistakenly identified as corrupted compressed, the workaround is to set this setting to 0 (zero), which is OFF. After changing this setting, it is a good idea to contact support for help diagnosing the root cause of the problem.

ActionOnEngineError

Interim workaround: to be used only if necessary.

In Service Pack 3, all known engine errors are resolved.   In the event of these errors, the workaround is to set ActionOnEngineError to 0 (zero), which is “Ignore”. Other possible settings are 1 (detect/skip) and 2 (delete). After changing this setting, it is a good idea to contact support for help diagnosing the root cause of the problem.

 

Settings used to block unwanted files

This section details the various settings that FSSP uses to block specific files.  This section is provided as a quick reference on how to configure FSSP to bypass these settings in the event of unexpected behavior.  It is not recommended that you make any changes to these settings unless you are experiencing a particular problem that is leading to detections that you think are in error.

 

Forefront detection

What does this mean

How to set to skip detect

CorruptedCompressedFile

 

FSSP does not fully understand how to parse a container file.

Uncheck “Block/Delete Corrupted Compressed files” in the General Options work pane.

CorruptedCompressedUuencodeFile

 

FSSP does not fully understand how to parse a UUENCODE file.

Uncheck “Block/Delete Corrupted Compressed Uuencode files” in the General Options work pane.

UnwritableCompressedFile

FSSP encounters an error updating a container file.

This error will only occur when FSSP is updating a container file.  There is no need to set this to Skip/Detect because FSSP was going to update the contents of a file, but instead FSSP will block the file.

UnreadableCompressedFile

A specific read error condition when reading a container file

Uncheck “Block/Delete Corrupted Compressed files” in the General Options work pane.

Highly Compressed Files

There are two categories of highly compressed files:

1)       Highly compressed formats that FSSP is aware of, but is unable to parse.

2)       Highly compressed formats that FSSP is unaware of.

In either case, FSSP does not understand the compression algorithm used in a container file.

Case 1:  Uncheck “Treat Zip archives containing highly compressed files as Corrupted Compressed” in the General Options work pane.

 

Case 2: These files are always reported as CorruptedCompressed.  Uncheck “Block/Delete Corrupted Compressed files” in the General Options work pane.

Multipart RAR files

RAR files that are split across multiple archives cannot be scanned by FSSP.

Uncheck “Treat multipast RAR archives as Corrupted compressed” in the General Options work pane.

Concatenated Gzip files

FSSP cannot completely scan concatenated Gzip files.

Uncheck “Treat concatenated gzips as corrupted compressed” in the General Options work pane.

EncryptedCompressedFile

FSSP cannot scan a container file because it is password protected.

Uncheck “Block/Delete Encrypted Compressed files” in the General Options work pane.

EngineError, EngineExceptionError, EngineLoopingError

A third-party engine encountered an error scanning a file, or in the case of a looping error, has exceeded the maximum number of reads imposed by FSSP.

Set the DWORD registry key named “ActionOnEngineError” to 0 (zero).

ScanTimeExceeded

This error occurs only on compressed files (zips, tar, gzip, uuencode, office files, etc.)  It indicates that FSSP has exceeded the number of milliseconds in the MaxContainerScanTime registry key when scanning a container file.

 

 

There is no way to configure FSSP to ignore a compressed file that is taking too long to scan, but FSSP can be configured to avoid this error by increasing MaxContainerScanTime  to a maximum value of 0x7FFFFFFF.  As long as MaxContainerScanTime is longer than the SharePoint timeout value, this error will never occur.  If a compressed file takes a long time to scan, then FSSP will return “ExceededRealtimeTimeout” during the scan. 

ExceededRealtimeTimeout

Indicates that FSSP has timed out while scanning a file.  The time limit is specified in the SharePoint administrator console.

Create a DWROD registry key named “UploadDocNoTimeout” and set it to 1. If you set this key, files that would have been blocked by a timeout will instead be uploaded without being scanned.

Sharepoint timeout

Indicates SharePoint has timed out waiting for FSSP to scan a file.  In this case, SharePoint kills the thread in the w3wp.exe process that originated the scanning request.  The user’s http request will fail.  The user will have to resubmit a duplicate http request to recover.

n/a

 

Settings used to configure file size limits

Currently there is no way to set FSSP to skip these limit checks, but the limits can be increased if necessary.  If a file exceeds these limits, then the file will be blocked.

ExceedinglyCompressedSize

This error occurs only on compressed files (zips, tar, gzip, uuencode, office files, etc.).  It indicates that one of the compressed files within a container file has a compressed file size that is greater than the default value set by FSSP.  The default value is 0x01312d00 (20,000,000 decimal or approximately 20 MB) and is stored in the DWORD registry key MaxCompressedArchivedFileSize.  This value can be increased, but increasing it could cause Denial of Service attacks, more timeouts, and/or performance issues.

SkipLargeCompressedFileDeletion

When set to 1, ExceedinglyCompressedSize errors will be ignored, effectively allowing these large files to be bypassed. The default is 0 (zero).

LargeUncompressedSize

 

This error occurs only on compressed files (zips, tar, gzip, uuencode, office files, etc.).  It indicates that one of the compressed files within a container file has an uncompressed file size that is greater than the default value set by FSSP.  The default value is 0x05F5E100 (100,000,000 decimal or approximately 100 MB) and is stored in the DWORD registry key MaxUnCompressedFileSize.  This value can be increased, but increasing it could cause Denial of Service attacks, more timeouts, and/or performance issues.

ExceedinglyNested ExceedinglyNestedFolderStructure

 

This error occurs only on compressed files (zips, tar, gzip, uuencode, office files, etc.)  It indicates that a container recursively nests other container files more than then maximum nesting value set by FSSP.  FSSP has a default MaxNestedCompressedFile value of five, and a default MaxNestedAttachments value of 30.  These values can be increased, but it recommended to limit the increases to 10 and 60 respectively.  Increasing these values further could result in stack overflow crashes, Denial of Service attacks, more timeouts, and/or performance issues.

 

 

Settings used to control how FSSP behaves when updating infected files

These settings control the action FSSP takes for large infected container files and exceedingly nested container files.

LargeInfectedContainerFile

This error occurs only on compressed files (zips, tar, gzip, uuencode, office files, etc.)  When this error occurs, it means FSSP was attempting to update a file within a container file, but the container file is too big.  Instead of replacing one file in the container, the entire container will be replaced with deletion text.

FSSP has a default value to only clean compressed files under 25 MB, stored in the registry value MAX_COMPRESSED_FILE_SIZE.  Increasing this value could cause Denial of Service attacks, more timeouts, and/or performance issues.

ExceedinglyInfected

This error occurs only on compressed files (zips, tar, gzip, uuencode, office files, etc.)  When this error occurs, FSSP has detected numerous viruses within the same container file, and rather than continuing to scan this container file, the entire container file is blocked. FSSP uses a default of five, stored in the registry key MaxContainerFileInfections.  Increasing this value could cause Denial of Service attacks, more timeouts, and/or performance issues.

 

Forefront and Memory usage

Another important consideration when evaluating the performance of your SharePoint servers running FSSP is the impact of the antivirus scanning engines. Forefront utilizes many third-party virus scanning engines and components to provide virus and keyword filtering of the SharePoint server.  The Forefront team has automated backend systems that are constantly stressing these 3rd party components to ensure that they are behaving correctly and utilizing memory as efficiently as possible.  There have been incidents in the past, however, where a memory leak has been introduced through the update of one of our third-party engines.  We are continually improving our back end tests to be able to detect these memory leaks before they are published.

If FSSP is unable to allocate memory while scanning a file, it currently does not differentiate between a large memory allocation that failed (because it is just too big) vs. a small allocation that failed (because a leak has consumed all usable memory).   Depending on the type of file being scanned, and where in the scanning the memory allocation failure occurs, FSSP may report the problem as a “corrupted compressed” file, as an engine error, or as a scanning process exception.

A new feature has been added to FSSP SP3 to provide an additional layer of protection in the event a third-party vendor releases an update with a leak that is not detected by our back-end testing.  The new feature is to periodically recycle the FSSP scanning processes in a controlled manner.  This new registry key (named RecycleSPScanJobs) limits the life of our scanning processes to a finite time.  By recycling the FSSP scanning processes, any leaked memory is recovered, thus reducing the probability of encountering a memory allocation failure.  This feature will sequentially restart one scanning processes at a time, and the scanning load is shared among the other scanning processes during the recycle.  We recommend setting this new registry key to 96 hours. 

The registry key is a DWORD named “RecycleSPScanJobs” and is specified in seconds.  To set this value to 96 hours, you will need to create the key and enter a value of 345,600 (which is 60 seconds * 60 minutes * 24 hours * 4 days).  This will cause Forefront to reset its scanning processes every 4 days.

John Oesterle  
Senior Development Lead

Michel LaFantano           
Senior Writer – BPSG iX

Microsoft Security Essentials Earns August VB100 certification

August 12th, 2010 No comments

By way of introduction, I’m Eric Foster and have recently joined my colleagues on The Windows Blog to write on ‘all things’ security. I thought it only fitting that my first blog be about one of my favorite personal product recommendations, Microsoft Security Essentials.

Not sure how many of you know about the VB100 award but it’s a public test conducted by Virus Bulletin, a highly reputable testing organization in the industry, designed to measure the detection effectiveness and quality of antivirus (AV) products. The most important validation of AV quality comes from independent certification organizations like Virus Bulletin. 

And so it is no surprise that we are very excited to share that Microsoft Security Essentials, our no-cost anti-malware service for consumers, achieved the VB100 award for the August 2010 Edition of Virus Bulletin.  

There are a number of different methodologies that can be used to test the effectiveness of an anti-virus solution. In order for a product to be awarded the VB100 certification, it needs to detect 100% of the WildList malware samples (a prevalent malware subset contributed by a group of researchers in AV community) and must not have any false positives (FP or incorrect detections) on the Virus Bulletin clean file collection. According to Virus Bulletin, “Detection rates were strong as ever…with no problems in the WildList or clean sets, Microsoft earns another VB100 award with ease.” [Page 50, Virus Bulletin August 2010 Edition]

Microsoft products including Microsoft Security Essentials and Forefront Client Security, have received VB100 awards since June 2007, demonstrating Microsoft’s dedication to quality and our commitment to providing effective anti-malware protection to consumers and enterprise customers alike.

If you don’t already have an AV solution installed on your PC – and its estimated that over 80% of consumers report having up-to-date AV installed but market data shows that less than 50% of consumers actually do – you can get Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here .

Microsoft Security Essentials Earns August VB100 certification

August 12th, 2010 No comments

By way of introduction, I’m Eric Foster and have recently joined my colleagues on The Windows Blog to write on ‘all things’ security. I thought it only fitting that my first blog be about one of my favorite personal product recommendations, Microsoft Security Essentials.

Not sure how many of you know about the VB100 award but it’s a public test conducted by Virus Bulletin, a highly reputable testing organization in the industry, designed to measure the detection effectiveness and quality of antivirus (AV) products. The most important validation of AV quality comes from independent certification organizations like Virus Bulletin. 

And so it is no surprise that we are very excited to share that Microsoft Security Essentials, our no-cost anti-malware service for consumers, achieved the VB100 award for the August 2010 Edition of Virus Bulletin.  

There are a number of different methodologies that can be used to test the effectiveness of an anti-virus solution. In order for a product to be awarded the VB100 certification, it needs to detect 100% of the WildList malware samples (a prevalent malware subset contributed by a group of researchers in AV community) and must not have any false positives (FP or incorrect detections) on the Virus Bulletin clean file collection. According to Virus Bulletin, “Detection rates were strong as ever…with no problems in the WildList or clean sets, Microsoft earns another VB100 award with ease.” [Page 50, Virus Bulletin August 2010 Edition]

Microsoft products including Microsoft Security Essentials and Forefront Client Security, have received VB100 awards since June 2007, demonstrating Microsoft’s dedication to quality and our commitment to providing effective anti-malware protection to consumers and enterprise customers alike.

If you don’t already have an AV solution installed on your PC – and its estimated that over 80% of consumers report having up-to-date AV installed but market data shows that less than 50% of consumers actually do – you can get Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here .

Microsoft Security Essentials Earns August VB100 certification

August 12th, 2010 Comments off

By way of introduction, I’m Eric Foster and have recently joined my colleagues on The Windows Blog to write on ‘all things’ security. I thought it only fitting that my first blog be about one of my favorite personal product recommendations, Microsoft Security Essentials.

Not sure how many of you know about the VB100 award but it’s a public test conducted by Virus Bulletin, a highly reputable testing organization in the industry, designed to measure the detection effectiveness and quality of antivirus (AV) products. The most important validation of AV quality comes from independent certification organizations like Virus Bulletin. 

And so it is no surprise that we are very excited to share that Microsoft Security Essentials, our no-cost anti-malware service for consumers, achieved the VB100 award for the August 2010 Edition of Virus Bulletin.  

There are a number of different methodologies that can be used to test the effectiveness of an anti-virus solution. In order for a product to be awarded the VB100 certification, it needs to detect 100% of the WildList malware samples (a prevalent malware subset contributed by a group of researchers in AV community) and must not have any false positives (FP or incorrect detections) on the Virus Bulletin clean file collection. According to Virus Bulletin, “Detection rates were strong as ever…with no problems in the WildList or clean sets, Microsoft earns another VB100 award with ease.” [Page 50, Virus Bulletin August 2010 Edition]

Microsoft products including Microsoft Security Essentials and Forefront Client Security, have received VB100 awards since June 2007, demonstrating Microsoft’s dedication to quality and our commitment to providing effective anti-malware protection to consumers and enterprise customers alike.

If you don’t already have an AV solution installed on your PC – and its estimated that over 80% of consumers report having up-to-date AV installed but market data shows that less than 50% of consumers actually do – you can get Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here .

New video available about using PowerShell to export and import Forefront Protection 2010 for SharePoint configuration settings

August 10th, 2010 Comments off

If you are managing multiple SharePoint servers with Forefront Protection 2010 for SharePoint (FPSP) installed and would like to share your FPSP configuration settings among your various installations, you can use PowerShell to export the settings from one configured instance of FPSP and then import the settings into other instances of FPSP.

 

Micah LaNasa, a tech writer on the BPSG iX team, recently posted a video that takes you through the process step-by-step. You can find the export/import video here:

 

 http://edge.technet.com/Media/Importing-Configuration-Settings-in-Forefront-Protection-2010-for-SharePoint/

 

You can find the export/import documentation in the TechNet library here:

http://technet.microsoft.com/en-us/library/dd639448.aspx

 

I hope you find both the video and the documentation helpful.

 

Michel LaFantano

BPSG iX

Microsoft Security Advisory (2264072): Elevation of Privilege Using Windows Service Isolation Bypass – Version: 1.0

Revision Note: V1.0 (August 10, 2010): Advisory published.
Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help to protect against this issue. This advisory also offers a non-security update for one of the potential attack scenarios through Windows Telephony Application Programming Interfaces (TAPI).

Categories: Uncategorized Tags: