This msi file will add close to all (read the included ReadMe file) of the recommended scanning exclusions when running Forefront Client Security on an Microsoft Exchange 2007 server. Including file extension, process and folder path exclusions.
The setup will add the exclusions to the reg keys below and create a folder “Johan Blom, Truesec” under program files with the ReadMe file and an url shortcut to the Microsoft document describing the recommended scanning exclusions.
- HKEYLOCALMACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Extensions
- HKEYLOCALMACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Paths
- HKEYLOCALMACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes
The msi does not run on Windows server 2008 yet.
Included in the zip file is one 32bit msi for testing on the eval version of Exchange 2007 and one 64bit msi for production environment.
Download this great add-on for FCS on Microsoft CodePlex http://www.codeplex.com/fcscompete/Release/Project...=14026
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Forefront Client Security SP1 fixes the following issues:
An exception is thrown when you deploy a Forefront Client Security (FCS) policy on Windows Server 2008
When you deploy an FCS policy to an organizational unit (OU), an exception is thrown, and the policy is not deployed.
When you deploy an FCS policy on Windows Server 2008 to the Users tab, an exception is thrown
The Browse dialog box for a Group Policy object (GPO) on Windows Server 2008 includes a Users tab. This tab does not exist in Windows Server 2003. If you deploy an FCS policy to a user or to a group, an exception is thrown.
FCS policies that are deployed to an existing GPO are tied to a specific domain controller (DC)
FCS policies that are deployed to an existing GPO are tied to a specific DC. If the DC is decommissioned, you cannot change or undeploy that policy.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
All operating systems need to be updated. It’s the nature of Man that no perfect software can be created. That’s a fact that will never change. However, the difference between a good and responsible software company, and one that throws its product against the wall and see’s if it sticks, is the level of diligence that company makes in discovering issues with its software and correct those issues over time. In this area, Microsoft is clearly the thought and action leader, especially when it comes to security updates.
On first blush, it might seem that patch management is a “no-brainer”. You just set up a WSUS server on your network and approve everything that comes down over the wire. The problem is that after the blush fades, the complexity of patch management becomes clearer. You have to think about how patches should be deployed in your environment with your unique requirements.
To help you organize your thoughts around a coherent patch management plan, Microsoft has come up with 10 principles of patch management:
- Service packs should form the foundation of your patch management strategy
- Make Product Support Lifecycle a key element in your strategy
- Perform risk assessment using the Severity Rating System as a starting point
- Use mitigating factors to determine applicability and priority
- Only use workarounds in conjunction with deployment
- Issues with Security Updates are documented in the Security Bulletin Master Knowledge Base Article
- Test updates before deployment
- Contact Microsoft Product Support Services if you encounter problems in testing or deployment
- Use only methods and information recommended for detection and deployment
- 10. The Security Bulletin is always authoritative
Microsoft takes patch management seriously. Unlike other software and hardware vendors who take security for granted because they haven’t suffered high-profile security issues that Microsoft has in the last decade and a half, Microsoft makes a significant investment in time, money and manpower to make sure its software as secure as possible out of the box, and during the entire lifecycle of that software. The Microsoft patch management system is just a piece of the overall solution, but a critically important one.
For more information on these 10 principles, check out the article by Christopher Budd, Ten Principles of Microsoft Patch Management, at http://technet.microsoft.com/en-us/library/cc512589.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Join the Microsoft IAG team to learn everything you need to know about remote access and how the Microsoft Intelligent Application Gateway (IAG) provides a highly customizable and easy-to-use solution for secure remote access for all users. We go through key customer scenarios, IAG features and functionality, and the future road map. The IAG product stands out in the secure sockets layer (SSL) virtual private network (VPN) market for its focus on strong policy management, end point security, and application optimization. The IAG 2007 SSL VPN gateway is the most secure SSL VPN solution on the market today. Make sure you’re up to speed on this exceptional product so that secure remote access is not just a dream, but a reality, for your organization.
http://msevents.microsoft.com/cui/WebCastEventDeta...ode=US
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated SQL injection attacks and we have been busy since refining it with the help of our customers, community and MVPs. You can download the bits at the links below.
UrlScan v3.0 RTW for x86
UrlScan v3.0 RTW for x64
For more information on UrlScan features and configuration options, check out the IIS Security Blog at http://blogs.iis.net/nazim/archive/2008/08/19/urls...d.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
While this tip is aimed at end users who lack a security admin’s sophistication regarding network security issues, it’s worth reading even for the most seasoned security specialist. Why? Because many of us in the security industry forget that the Internet is a public place, and everything you put on the Internet, especially on social networking sites, can come back to haunt you some day.
My best advice for you is to use social networking sites as a way to promote yourself with good personal “image” management. Don’t use them for “socializing”; use them to promote yourself and your career. In that way, you’re less likely to say something stupid that will get you into hot water some day in the future.
http://blogs.msdn.com/securitytipstalk/archive/200...k.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
As most serious students of network security and security administrators know, the value of the ”many eyes” theory of open source security is more apparent than real. In this excellent article by Pat Edmonds, he shows how a codified and repeatable collection of security processes, carried out by incentivized and responsible individuals, trumps the “many eyes” approach of secure application development.
Check out this interesting article at http://technet.microsoft.com/en-us/library/cc512608.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Are you deploying or migrating to Microsoft SQL Server 2008? Microsoft System Center Data Protection Manager 2007 is designed for the database administrator or the IT generalist. Data Protection Manager 2007 uses wizards and workflows to help ensure that you can protect your organization’s data, and it doesn’t require an advanced degree, training, or certification in storage and backup technologies. Attend this webcast to learn more.
Head on over to http://msevents.microsoft.com/CUI/WebCastEventDeta...ode=US to register for and view the event.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
While not a security article, I found this article timely as I was in the process last week of trying to migrate a number of Virtual PC 2007 machines to Hyper-V. In this article Tarek Majdalani give you the step by steps, complete with screenshots!
http://elmajdal.net/win2k8/Migrate_A_Virtual_Machi...V.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Given the recent problems the city of San Francisco has had with a criminal network admin, what have you done to protect yourself from getting into a similar situation? I found an interesting article at TechRepublic that can help you with this problem at http://blogs.techrepublic.com.com/security/?p=569&...l.e036
The key take home messages from this article include:
- Use the principle of least privilege. Restrict network admins to only those resource they actually manage and no more
- Everyone on the IT team doesn’t need to have access to the domain admin passwords
- Daily checks of addition to admin-level groups should be performed and compared with previous days’ lists
- Every admin activity on the network should be logged
- When a member of the IT team leaves the company, the employee to be escorted to his desk to collect his belongings, badges and keys. However, before that, an account admin should be removing his accounts, by disabling them first and subsequently removing them.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
