I understand that this is applied through The Security Policy Manager Fixlet site. However, my question is, what happens if you don’t have this site? We run reports using baseline and this always picks up the tool as missing. I then have to the servers and download this via windows Update.
Am I doing something wrong or am I right in what I say.
Do you know when this decision will be made as I believe this is quite important. As I said the MBSA reports this as a critical patch and we then have to go back to all our servers to manually patch them…if you have one or two this is not too bad but we have going on 30 odd servers all around the world.
This to me could decide whether we go with the system or not…its a pointless process if we still have to go and manually patch the servers.
I would suggest that you also consider NOT using MBSA for your baselines… It seems that you care more about compliance to the arbitrary MBSA baseline rather than caring about the Windows Malicious Software Removal tool… It seems that you can run your baseline reports through BigFix and you can customize your reports to show you only patches that you care about.
I understand totally where you are coming from, but you also have to understand that we have to prove to auditors that we are compliant when patching our servers each month, based on the critical patches Microsoft pass down each month. We can customise reports as you say, but these will be based on our own view of compliance and we would have to justify why we are saying that the tool in our view is not critical. Microsoft put the Mailicious Tool in the must have patched section and that must mean that they are saying that this is a minimum baseline. An auditor could base their baseline on the Microsoft version. At least then we can turn round and say this is what Microsoft are telling us is needed. I am just trying to cover all bases.
A lot of companies that I have spoken with use the scheme of “all Microsoft critical security bulletins”, which hopefully is easy to justify to your auditors… In my humble opinion, the critical security bulletin approach is more objective and reasonable than listing to whatever MBSA tells you because it makes its own decisions about things like whether or not the malicious software removal tool matters (which you arguably won’t need if you are running a different AV tool)…