IT Core Blog

Never stop questioning. Curiosity has its own reason for existing…

Posts Tagged ‘Security

Microsoft Network Monitor 3.4 available for download

leave a comment »

Microsoft Network Monitor 3.4 available for download

Check out the new features at the Network Monitor Team Blog Beta announcement.

Additionally check the related Network Monitor Resources:

  1. Network Monitor Experts
  2. Network Monitor Parsers
  3. Network Monitor Blog
  4. Network Monitor Forums

Written by IT Core

July 1, 2010 at 9:12 PM

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

leave a comment »

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 was released at 6/23/2010.
The service pack includes the following new features and feature improvements:

New Reports
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel.

Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization’s needs.

Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server.

Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.

Read some interesting articles about the new features included in TMG SP1:
Forefront TMG (ISA Server) Product Team Blog
Forefront Team Blog
Richard Hicks

Written by IT Core

July 1, 2010 at 8:58 PM

TechNet Wiki – AV Exclusion List

leave a comment »

Wouldn’t it be handy to have one place on the web where you could find an updated list of ALL the AV exclusions you might want to configure? This wiki stub topic is meant to be that list. Feel free to add to the list, it is the wiki way!  

  

Windows:
KB822158 Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

Windows / Active Directory: 
http://support.microsoft.com/kb/822158
http://support.microsoft.com/kb/837932
http://support.microsoft.com/kb/943556

Cluster:
http://support.microsoft.com/kb/250355

Forefront: Considerations when using antivirus software on FF Edge
Products

http://support.microsoft.com/kb/943620
http://technet.microsoft.com/en-us/library/cc707727.aspx

FRS:
http://support.microsoft.com/kb/815263

SQL:
http://support.microsoft.com/kb/309422

IIS:
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442

DHCP:
http://support.microsoft.com/kb/927059

SCOM / MOM:
http://support.microsoft.com/kb/975931

Hyper-V:
http://support.microsoft.com/default.aspx/kb/961804

Exchange:
Exchange 2010: http://technet.microsoft.com/en-us/library/bb332342.aspx
Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
http://support.microsoft.com/kb/328841
http://support.microsoft.com/kb/823166
http://support.microsoft.com/kb/245822
http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/bb332342.aspx

SharePoint:
http://support.microsoft.com/kb/952167
http://support.microsoft.com/kb/320111
http://support.microsoft.com/kb/322941

SMS:
http://support.microsoft.com/kb/327453

ISA:
http://support.microsoft.com/kb/887311

WSUS:
http://support.microsoft.com/kb/900638

SBS:
http://support.microsoft.com/kb/885685

 Med-V
Recommended Anti-Virus exclusions for MED-V client and workspace installations

System Center:
Recommendations for antivirus exclusions in MOM 2005 and Operations Manager 2007

How to configure OpsMgr for intrusion detection and security hardening

leave a comment »

Another great article from Kevin Holman, this time Kevin explains how to configure Opsmgr to alert you when security is compromised.

Because I have a lab, that is exposed to the internet over port 3389, I get a LOT of hacking attempts on this lab. Mostly the source is from bots running on other compromised systems. These bots just do brute force attacks against the typical Admin accounts and passwords via RDP. In this article, I am going to show how OpsMgr can not only alert on this condition, but also respond by configuring the Windows Firewall to block these attacks.

Read more at: “Using OpsMgr for intrusion detection and security hardening

Written by IT Core

April 12, 2010 at 8:40 PM

Sysinternals Updates: AdExplorer v1.3, VMMap v2.6, Disk2vhd v1.5, LiveKd v3.14, Sigcheck v1.66

leave a comment »

AdExplorer v1.3: This update to AdExplorer, an Active Directory editor, has major node expansion performance improvements and a number of minor bug fixes.

VMMap v2.6: VMMap, a powerful process virtual and physical memory analysis tool, now shows both graphical and numeric breakdowns of private virtual memory, as well as heap configuration flags.

Disk2vhd v1.5: Disk2Vhd v1.5 works with Hyper-V SCSI direct-attached volumes and reports an error when a snapshot includes offline volumes.

LiveKd v3.14: This version of LiveKd has better detection of the Debugging Tools package installation and launches the debugger in a mode that skips the unnecessary root-cause analysis of the virtual dump file.

Sigcheck v1.66: This update to Sigcheck, a file version and signature checking utility, fixes a bug in the certificate revocation check logic.

From Sysinternals

Forefront Threat Management Gateway Web Access Protection

leave a comment »

Yuri and Tom describe how Forefront Threat Management Gateway is a web access protection solution. They dive into:
HTTPS inspection: privacy concerns, how it works
Process of how TMG protects unmanaged clients against malware
Basics on URL Filtering and NIS
Check out the TMG Book
Download a trial of TMG

Check out the video 🙂

Written by IT Core

February 22, 2010 at 11:00 PM

Blue Screen of Death – Microsoft’s Initial Response To MS10-015 / KB977165

leave a comment »

Microsoft’s security operation have issued an initial response to the issue with machines blue screening and failing to reboot correctly after installing MS10-015.

While we work to address this issue, customers who choose not to install the update can implement the workaround outlined in the bulletin. CVE-2010-0232 was publicly disclosed and we previously issued Security Advisory 979682 in response. Customers can disable the NTVDM subsystem as a workaround and we have provided an automated method of doing that with a Microsoft Fix It that you can find here.

Customers who are experiencing issues after installing any of our security updates can get help resolving the issues by either going to this site or by calling 1-866-PCSafety (1-866-727-2338). International customers can find local support contact numbers here.

Written by IT Core

February 12, 2010 at 9:00 AM