(imported topic written by naveedm)
Hi All,
Details on our new blog at:
Enjoy!
Naveed
(imported comment written by SystemAdmin)
Hello, thanks for this.
Looking at the analysis I’ve noticed that it’s only taking into account the key
"HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Signature Updates"
and doesn’t include:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates"
Which is what we’ve been using as referenced in a post about Forefront before the CMEP site was updated.
We have about 2500 machines using Forefront and have been getting back good data on their definition dates from this last key. With the new analysis activated none of my Forefront machines are showing up as relevant because of the last relevance check in the analysis:
(exist key
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" whose (value
"ProductName" of it as string starts with
"FEP") of registry) OR (exist key
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" whose (value
"ProductName" of it as string starts with
"FEP") of x64 registry)
Are there any plans to update the CMEP to account for this? Or am I missing something and just need to flip a switch somewhere to get this to work correctly?
thanks,
Baraq
(imported comment written by JasonHonda)
Thanks Baraq, the dev team for this will be looking into this immediately.
What version of Forefront are you using?
(imported comment written by SystemAdmin)
We have started to work on supporting this version of Forefront (Forefront Client Security), the new content is expected to be published in a week’s time. Thanks.
(imported comment written by SystemAdmin)
Just to re-confirm with you that the Forefront product is Forefront Client Security. According to the registry keys provided by you, the product should be Forefront Client Security, but you also mentioned “Forefront 3.0”, I have searched for Forefront products, for endpoint Security there are only two products: Forefront Client Security, Forefront Endpoint Protection. Right now I’m working on adding support for Forefront Client Security, please let me know if the product you are using is another product, thanks. Anyway, the support for Forefront Client Security will be release in a couple of days. Thanks.
(imported comment written by SystemAdmin)
The content for supporting Forefront Client Security is published. New site version: 2017. Thanks.
(imported comment written by SystemAdmin)
Forefront client security should be correct. I mentioned Forefront 3.0 because that’s what was reported in the catalog in dss-sam. I believe they are one in the same.
I’ll check out the update and let you know.
thanks alot!!
-Baraq
(imported comment written by SystemAdmin)
So far this is working perfectly, i’ll update the post if something changes.
thanks again,
Baraq