The Security Wizard

Forefront MVP announced

First, I must begin with apologies for not updating the blog for a few weeks, but as some of you might know I've been very busy with a lot of new projects. Do not worry, I have plenty of new stuff to write and will do it as soon as I'll have some time.

In the mean while, I was very pleased to receive today the following E-Mail:
========================================
Dear Yaniv Feldman,
Congratulations! We are pleased to present you with the 2009 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others.

The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say "Thank
you for your technical leadership."
Toby Richards
General Manager
Community Support Services
=======================================

Which means... I finally got my Forefront MVP!

Thanks a lot you guys for helping me to help you all and for making my life harder with all your complicated questions :-)

Tamper Protection in Forefront Client Security

Every Anti-Virus has a mechanism called tamper protection that helps administrator keep users from mishandling there antivirus settings and services. Forefront Client Security only offers basic control over what the user can or cannot do with the FCS Client Console on his client machine. What the FCS System doesn’t provide is a built-in mechanism to protect FCS services from being stopped or prevent FCS from being removed by the user.

It’s true that some of these are possible to prevent by not giving administrative privileges on the client workstation, but some of us don’t have that luxury.

Windows Group Policy has built-in settings that allow you both protect your services and disable removal by unauthorized users. This is how it’s done.

Protecting Forefront Client Security Services

1. Start Active Directory Users and Computers.
2. Right-click the domain in which you want to add the OU, click New, and then click Organizational Unit.
3. Give the OU an appropriate name, and then click OK. The new OU is listed below the domain.
4. Right-click the new OU, and then click Properties.
5. The OU properties are now displayed. On the Group Policy tab, click New. Give the new Group Policy an appropriate name (for example, the name of the OU for which it is implemented).
6. After the policy is created, make sure it is highlighted, and then click Edit.
7. Click Computer Configuration, click Windows Settings, click Security Settings, and then click System Services.
8. Double-click the Forefront Client Security Anti-Malware service  and specify the security policy setting that you wish to allow for this service. The important thing is not to allow Administrators group to stop the service.

This will take care of the services problem.

How to prevent FCS from being Uninstalled?

1. Click Start, and then click Run.
2. In the Open box, type regedt32, and then click OK.
3. In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
4. Click the Edit menu, and select Find. on the Find what line type: Microsoft Forefront Client Security Antimalware Service” and click find next. This will locate the subkey where FCS uninstall information is located.
5. Right-Click that subkey and select Permissions.
6. Set the permissions by which you want users to be able to uninstall FCS. Each user who has read permission for that subkey will be able to uninstall FCS.

This setting can also be introduced via Group policy:

1. Start Active Directory Users and Computers.
2. Right-click the domain in which you want to add the OU, click New, and then click Organizational Unit.
3. Give the OU an appropriate name, and then click OK. The new OU is listed below the domain.
4. Right-click the new OU, and then click Properties.
5. The OU properties are now displayed. On the Group Policy tab, click New. Give the new Group Policy an appropriate name (for example, the name of the OU for which it is implemented).
6. After the policy is created, make sure it is highlighted, and then click Edit.
7. Click Computer Configuration, Click Windows Settings, Click Security Settings, Click Registry.
8. Right click the Registry and select Add Key.
9. Locate the Registry key you found earlier, select it and Click OK.
10. Configure the appropriate permissions and Click OK.
11. Make the appropriate selection from the Add Object dialog box and Click OK.

The credit for this one deserves to a couple of colleagues of mine (Thanks Naor and Gal) who are in charge of administrating one of the largest FCS deployments in the world.

IAGServer.org is alive!

I want to announce about a new Forefornt Edge Intelligent Application Gateway (IAG) Knowledge Center and Forums that includes Videos, Articles, Links and more !

http://www.IAGserver.ORG - The First Place To Share Great Minds

http://forums.IAGserver.ORG

There are so many new things in this Application Aware Remote Access SSL VPN product! for example: Active Directory Federation Services (ADFS) gateway, Kerberos Constrained Delegation (KCD) with Smart Cards, OTP and Soft Certificates, Application Filtering and Content Inspection and more!

 See you there ...

Microsoft Forefront Intelligent Application Gateway (IAG) is the new Microsoft Application Aware SSLVPN product formally known as Whale Communication SSL VPN

Forefront Client Security Deployment Tool

After a lot of work, I am very pleased to finally announce the release of "Forefront Client Security Deployment Tool". FCS Deployment Tool is a free toolkit provides additional deployment capabilities in addition to those which are available with the RTM Version of FCS . This tool gives network and security administrators the ability to scan their network and/or AD, discover existing installed Anti-Virus solutions (currently supporting Mcafee, Symantec and Trend-Micro) that are already installed on their clients, uninstall existing AV solution and install FCS Client – all in one.

Nothing much to add, just that the Downloads of the Complete Toolkit and the User Guide are available at Codeplex via of the following link:

http://www.codeplex.com/fcscompete/Release/ProjectReleases.aspx?ReleaseId=14440

Always appreciate any feedback.

Forefront Client Security Remote Definitions Update Using MOM Tasks

Overview

This Guide explains how to create a process of remote updating forefront client security definitions using MOM2005 Tasks. This ability to MOM2005 gives you the ability to "Right Click à Update Definitions" on each and every installed client and by that gives you the ability to update and control your client definitions outside "windows update".

Note: This update method is not a replacement for the Windows update method. You can take the scripts and the first part of this process (the definition download) and use it with any other distribution application you have deployed in your organization.

Part 1: Creating the definitions download process.

Scripts setup

1. Download DefinitionsDownload.zip and extract the file to C:\FCSDef (it is possible to extract to a different folder, but this will require a change of path in the scripts).

2. Open C:\FCSDef and Right-Click the Definitions Folder -> Sharing. Share the folder with default permissions.

Scheduled Job Creation

1. Go to Control Panel and Open Scheduled Tasks.

2. Click Add Scheduled task and on the schedule task wizard page, click next.

3. On the choose program page, click browse and browse to the location where you extracted the zip file. Click on the DownloadDefinitions.vbs script and Click Open.

4. On the schedule page, choose daily for now. We will go back and change it later on.

5. On the time and day, just click next. We will configure this later on.

6. On the user page, type the username and password for the user you wish this task will run under. Notice that this user does not have to be administrator on the computer, but it does need to have the ability to run scripts and appropriate permissions on the definitions folder.

7. On the summery page, check the open advanced properties check-box and click finish.

Scheduled Job Configuration

1. On the advanced properties window, go to the schedule tab and click advanced.

2. On the advanced scheduling options, set your schedule for checking and downloading new definitions. Notice that the Microsoft Anti-Malware Team updates the definitions on the security portal EVERY 2 HOURS!
On the until check boxes, click Duration and choose 2 hours and 30 minutes.
make sure that "if the task is still running, stop it…" checkbox is cleared

3. Click ok and go to the settings page. Change the "stop the task if…" setting to 30 minutes and click ok.

Now the first part is completed, your FCS server will contact the security portal every scheduled hour and download the new definitions and delete the old ones.

Creating MOM2005 Task to update client definitions

1. Open the MOM 2005 Administrator Console and expand Console Root -> Microsoft Operations Manager -> Management Packs -> Tasks

2. Right Click Tasks -> Create Task.

3. On the welcome wizard, click next.

4. On the Task Run Location and Type page, choose run location: "Agent-Managed computer" and Task Type: "Command line"

5. On the task configuration page, type the application Task name,"mpam-fe.exe".

6. On the task configuration window, select "Microsoft Forefront Client Security Agent" Target Role.
On the Task command line, type the full UNC path of the definitions file you configured at the scheduled download phase earlier. Leave the task remote start and task output behavior as is.

7. Last, type the task name, and put a shortcut key if you wish.

Deploy definitions to FCS Client using MOM 2005

1. Open MOM2005 Operator Console and enter the state view.
2. Now you click each and every one of the computers where FCS client is installed and choose "updating forefront client security definitions" from the task list.
   
3. On the welcome to launch task wizard, click next.
   
4. On the command line task paramaters, click next.
   
5. On the task target page, verify that the targets are indeed those you have chosen to deploy definitions to and click next.
   
6. Click finish on the completing page, will deploy FCS definitions file to the designated target.
   

Important Note: This Guide explains how to download and distributes the full version of the definitions update (about 20MB). You should take this under consideration when scheduling your downloads, client definitions deployment.

ISA Firewall Dirty Dozen

There are a handful of questions asked repeatedly on the ISAServer.org message boards and mailing list. Thomas Shinder's (One of the greatest ISA experts in world) answers a collection of the top 12 most frequently asked questions.

This one is for all of you who ever worked with ISA and got stuck configuring your settings...

http://www.isaserver.org/tutorials/ISA-Firewall-Dirty-Dozen-FAQ.html

Forefront @ Tech-Ed 2008

Just a little bit more then 48 hours until the first unveiling of Forefront Stirling, the second generation of Forefront Security line of solutions at RSA.

But we are not in RSA, we are going to Tech-ED!

for the first time ever, we will present stirling a few hours before the rest of the world so you guys will be the first people in world (outside of MS) that will get the first glance about the most amazing security solution youv'e seen a great while....

in addition to that, those of you who are not yet familier with the current generation of forefront products will get the chance to know them a bit better with Idan Plotnik's and my own lectures about Forefront Client, Server and Edge Security.

and the best part is yet to come, since security track is the coolest track it tech-ed, we have managed to get unbelievable giveaways for our lectures... I cannot reveal everything for now, but I can say that I am bringing some of my own stuff like forefront heats and a forefront beach bag as prizes and I am bringing a voucher for a MCTS exam in forefront for whom ever that will be able to answer find the most original answer to the question:
"What is the greatest feature you can think of for Forefront v2?"... try to think a bit outside the box... and who knows, you might see your  idea in there somewhere :-)

So... for those of you who think of not attending my lectures... beware, I might install XXXXXXXX Antivirus on your systems and then you will really suffer :-)

Updating Forefront Client Security Definitions using SMS2003 or SCCM2007

For the first time, you can deploy FCS definitions in an automated process using SMS 2003. with this procedure you can download the definitions from the security portal and distribute them using SMS in an automatic way without any human intervention.

Notice that this procedure can be used in a similar way in SCCM2007 (or any other distribution method) as well.

If you have any questions, feel free to call :-)

Part 1: Creating a scheduled job for definitions download.

1. Download DefinitionsDownload.zip from my blog and extract the zip file to C:\FCSDef
Note: This is suggested as the default but it is possible to extract to a different folder. Notice that if you do so, you will need to change the some operators inside the scripts).

2. Open Folder you've extracted the files to and Right-Click the Definitions Folder -> Sharing. Share the folder with default permissions.

3. Go to Control Panel and Open Scheduled Tasks.

4. Click Add Scheduled task and on the schedule task wizard page, click next.

5. On the choose program page, click browse and browse to the location where you extracted the zip file. Click on the DownloadDefinitions.vbs script and Click Open.

6. On the schedule page, choose daily for now. We will go back and change it later on.

7. On the time and day, just click next. We will configure this later on.

8. On the user page, type the username and password for the user you wish this task will run under. Notice that this user does not have to be administrator on the computer, but it does need to have the ability to run scripts and appropriate permissions on the definitions folder.

9. On the summery page, check the open advanced properties check-box and click finish.

10. On the advanced properties window, go to the schedule tab and click advanced.

11. On the advanced scheduling options, set your schedule for checking and downloading new definitions. Notice that the Microsoft Anti-Malware Team updates the definitions on the security portal EVERY 2 HOURS!
On the until check boxes, click Duration and choose 2 hours and 30 minutes.
make sure that "if the task is still running, stop it…" checkbox is cleared

12. Click ok and go to the settings page. Change the "stop the task if…" setting to 30 minutes and click ok.

Now the first part is completed, your FCS server will contact the security portal every scheduled hour and download the new definitions and delete the old ones.

Part 2: Creating the Definitions Deployment Package

1. Open the SMS 2003 Administrator Console and go to Site Database -> right click Packages -> New -> Package.

2. Right-Click Packages -> New -> Package and type all the required information.

3. On the Data source tab, check the package contains source files and click the Set button. Select the network path and type the path for the shared folder where the downloaded definitions are located (if you went through the default of this guide, this should be "\\fcservername\defintions")

4. Now set the schedule for updating the distribution point with new version of the package. Set this schedule by the schedule you've set earlier for the definitions download and click ok.

5. Expand the package you’ve just created and right-click distribution points -> new -> distribution points.

6. On the new distribution point wizard, select all of your distribution points where you wish to distribute client definitions updates from.

7. Now Right click programs -> new -> program

8. Fill all the program details and on the command line, click browse and select the DeployDefinitions.vbs from the directory. Then change the run type to hidden and click ok.

9. The Next phase is to create an advertisement and assign it to the appropriate collection. It is recommended to create a separate collection in SMS for Forefront Definitions Deployment distribution (filter it by whatever criteria you want, but create a separate one). In this case, we've created a collection called forefront for that purpose.
In order to create the advertisement, right click advertisements -> new -> advertisements.

10. On the general tab fill the advertisement name, and select the package and program to run. Then select the collection where you wish to advertise the package.

11. On the schedule tab, create new mandatory assignments with the button.

The first assignment should be as soon as possible. The second assignment should be an interval by your choice (recommended once a day).
Leave the rest of the tabs on default settings and Click OK.

That is it. You now have an automatic mechanism to update forefront client security definitions using SMS 2003.

Important Note: This Guide explains how to download and distributes the full version of the definitions update (about 20MB). You should take this under consideration when scheduling your downloads, DP updates and client deployment.
The Anti-Malware team should update the security portal, sometime soon, with a way to download delta definition updates. When they do, I'll post an update to this guide explaining how to utilize this new option.

Server 2008 is only 3 days away...

we are now only 3 days away from the first virtual launch ever of Windows Server 2008 and the excitement just keeps on going up.

As a security consultant I just can't sit down quietly while the next level of security comes out officially into the air of the IT world.

This Virtual event will include live broadcasts of the keynote and will give you the ability to really "walk around" the floor of the convention center in LA watching all the stands and the exhibitions on the spot.

I am going to be there. are you?

Deploying Forefront Client Security - One install on two platforms

One of the issues with FCS Client installation is that you have two separate versions of the FCS client agent (32/64Bit) and you need to deploy each one of them to the appropriate computers. that means that if you want to deploy FCS client agent using anything different then WSUS, you need to create two different installation packages/script.

Here is a script for installation of FCS Client, that checks for operating system version (32/64Bit) and installs the appropriate version accordingly.

You can use this script as a logon script, start-up script or for activating the installation on a SMS/SCCM distribution.

Download the installation script here.

Enjoy!

Deploying Forefront Client Security Using SCCM2007 - Video Guide

This is Video guide that Explains how to deploy Forefront Client Security Client Agent using System Center Configuration Manager 2007. the video details all the stages of creating a package from the client source files, creating a task sequence that includes old AV removal script and package deployment and advertising the task sequence to the appropriate collection.

hope you'll like it. good luck!

I am very excited since it is my first ever video guide. I know I sound a bit funny on the recording but I hope the message is clear and it helps you understand what it is that this video is trying to say.

I'd like to receive any complaints, remarks (or maybe even complements) about this so I can learn and improve my work in the future.

Deploying Forefront Client Security Using SCCM 2007 - Step-By-Step

This is a Step-By-Step guide for using SCCM2007 to Deploy Forefront Client Security Client Agents.

Pre-Requisites:

1. Installed and configured FCS management server.

2. FCS Policy configured and deployed on client machines.

3. Windows Update policy Configured and deployed on client machines.

4. Client Installation Files (the Client directory on the installation CD) on a shared directory on the FCS server (only read permissions needed).

Creating the Installation Package

1. Open SCCM 2007 Console and then go to Computer Management -> Software Distribution -> and right click Packages -> New -> Package.

2. Configure all package details and click next.

3. On the Data Source tab, configure the data source as the file share you've created with the client setup files on the installation server. On the scheduling part, you can choose to leave it by default, or configure a schedule for updating the client package.
After finished with all the settings, click finish.
I've chosen 6 hours since I'm downloading the new definitions every days using a script and updating the installation package everyday to be installed with the newest definitions.

4. Now go back and expand the newly created package. The first thing we need to do is to configure a distribution point for the package. For that, right click the distribution points -> New Distribution points.

5. On the distribution points wizard, walk through the welcome screen and on to the Copy package window. Then select the specified distribution point you wish to distribute your package from (the default choice should be the SCCM server itself). Then click next and close.

6. The next phase is creating the program to run the clientsetup.exe. in order to that, go back to the SCCM console and expand the FCS package. Right click programs ->New -> Program.

7. On the general page, type a program name and comment and then configure the command line you need to run the clientsetup.exe with. It should be something like:
clientsetup.exe /CG ForefrontClientSecurity /MS fcsserver.domain.com.
On the Run selection, I recommend using hidden in order not to disturb your users while deploying FCS.
Then click next.

8. On the requirements page, enter a 350MB disk space limit (the limitation by FCS pre-requisites). Then limit the platforms this program can run upon: since we are currently building a package using the x86 client agent version, we need to select only x86 platforms. In addition, we cannot select all x86 2000 and XP since the FCS client is limited to 2000SP4 and XPSP2, so pay attention and check only the proper platforms.
Then click next.

9. On the Environment page, choose that program can run whether or not the user is logged on (which automatically checks the "Run with administrative rights" option.
Note: you should have configured by the administrative account used to install programs. If not, you can find more information about configuring SCCM accounts on: http://technet.microsoft.com/en-us/library/bb680323.aspx .
Then Click next.

10. Go through the Adavanced, Windows Installer ,MOM Maintenance and summery pages and click close.
Note: you configure things you want under advanced or mom maintenance if you wish, but this is not necessary.

Note: The package with just created is used for installing the x86 client agent. In case you have x64 platforms in your domain you need to repeat the process and create a x64 package. Just pay attention when choose the running platforms, only select the x64 systems.

Creating a Task Sequence to Removing existing AV solution and Deploy FCS Package

1. Open SCCM 2007 Console and then go to Computer Management -> Operating System and right click Task Sequence -> New -> Task Sequence.

2. On the create new task sequence page, select "Create a new custom task sequence" and click next.

3. On the task sequence informatino page, type the task sequence name choose the x86 boot image (or x64 – depends on your client agent deployment). Then click next and close.

4. Now go back to the console and on the task sequence window, right click the newly created task sequence and select edit.

5. Now we create the task sequence that will run on the client.
Click Add-> General run command line.

6. Fill in the proper details and on the command line, write the full path to the removal script.

Note: Some AV solutions require a reboot and won't let anything else get installed on the system after removing them before your reboot the system.
If your case is one of those, then after adding the remove XXX task, click Add -> General Restart Computer.

7. Now we need to add the FCS deployment package. Click add -> General -> Install software

8. Now feel the name and description of the Installation task and select install single application, click browse and select the FCS package your created earlier.

9. This phase is optional, although I recommend working through it since this is one of the greatest added values of deploying FCS using SCCM.
After configuring the SCCM WSUS Distribution Point settings and syncing with Microsoft Update, you need to be able to see Forefront Updates (hotfixes) in the Software Update Deployment part of the SCCM console.
Go to Computer Management -> Software Updates -> Update Repository -> Updates -> Microsoft -> Forefront Client Security.

10. Select the Updates that relate to FCS and right click -> Deploy Software Updates. Make sure you choose only updates named "Update for Microsoft Forefront Client Security" and not the "Client Update for Microsoft Forefront Client Security".

11. On the Software updates general page, type a name for the software update deployment and click next.

12. On the deployment template, click create new (unless you already have a deployment template you wish to use – then you can skip this step).

13. On the collection page, choose the collection where you wish to deploy forefront and click next.

14. On the Display/Time Settings, choose Suppress display notifications on client, client local time and set the deadline to 1 hour. Then click next.

15. On the Restart settings page, check the suppress restart on servers and workstation and click next.

16. Go through the Event Generation and Download Settings (leaving them in default settings) and on the create template, give a new name to the template and click next.

17. On the deployment Package page, name the newly created package and fill out the package source UNC (Specifies the location of the software update source files. When the deployment is generated, the source files are compressed and copied to the distribution points that are associated with the deployment package).
Note: The shared folder for the deployment package source files must be manually created before proceeding to the next page.

18. On the distribution points page, click browse and add your default Distribution point. Then click next.

19. On the download location page, choose from the internet and click next.

20. On the language selection page, select the relevant languages and click next.

21. Move thorugh the schedule, Nap evaluation and summery pages, and click close.

22. Now what we want to do is to add all the updates to the installation package and by that, making sure our clients are installed from the beginning with the most up-to-date version of all the client engines.
Go back to the task sequence you've created earlier and edit it. Click add -> General -> Install Software Updates.

23. Type the name for this task, choose mandatory software updates and click ok.

Note: another optional way of adding the updates to the package is downloading the update directly from Microsoft update catalog (http://catalog.update.microsoft.com/v7/site/Search.aspx?q=forefront), packaging them and adding them is an install software task in the task sequence.

Advertising the Task sequence

1. Go back to the SCCM console and right click the task sequence you created and choose advertise.

2. Fill the name and comment for the advertisement and choose the collection where you wish to distribute FCS. Then click next.

3. On the schedule page, select your preferred schedule for deployment. I usually work with "as soon as possible. Then click next.

4. On the distribution point page, select the Access content directly option and click next.

5. Go through the Interaction, Security and summery pages leaving everything in default settings and click close.

That’s it! You've deployed FCS using SCCM2007. Congratulations!

Deploying Forefront Client Security Using SMS 2003 - Step-By-Step

This is a Step-By-Step guide for using SMS 2003 to Deploy Forefront Client Security Client Agents.

you can also find here a script to run that will kick in another script to remove the current AV solution and only then deploy FCS client agent on the target computer.

Open SMS 2003 Administrator Console (Start->All Programs->Systems Management Server 2003->SMS Administrator Console.

Right-Click Packages -> New -> Package

On the general tab, Update Package details.

On the Data source tab, check the package contains source files and click the Set button.

Choose the location where your FCS Client setup is located (network path \\fcswsus\fcsclient)

and click ok.

Leave the Always obtain files from source directory checked.

Leave the rest of the tabs on default settings click ok.

Expand the package you’ve just created and right-click distribution points -> new -> distribution points.

Check the distribution points where you wish the package will be, and click finish.

Right click programs -> new -> program.

On the General tab, type the package name and command line for installation. It is recommended to use a script that runs the full command line and removes the current AV installation.

Here is a sample for an installation script that also runs a removal scripts and then installs FCS:

Change the run type to hidden.

The Next phase is to create an advertisement and assign it to the appropriate collection. It is recommended to create a separate collection in SMS for Forefront distribution (filter it by whatever criteria you want, but create a separate one).

In this case, we've created a collection called forefront for that purpose.

In order to create the advertisement, right click advertisements -> new -> advertisements.

On the general tab fill the advertisement name, and select the package and program to run. Then select the collection where you wish to advertise the package.

On the schedule tab, create new mandatory assignments with the button.

1. The first assignment should be as soon as possible.
2. The second assignment should be an interval by your choice (recommended once a day).

Leave the rest of the tabs on default settings and Click OK.

Who wants to be a Microsoft Forefront Client and Server Technology Specialist ?

brand new exam... fresh from the oven.

I've taken 70-557 exam today and passed. 

indeed, not a 1000 score, but I think they had a mistake in one of the questions...

who the hell uses a script to distrbute scanjob templates? thats why FSSMC exists.... oh well. this will have to do :-)

BTW, a little preview for those of you who will have the pleasure of being in my lectures at Tech-ED... I have an Exam Voucher for the 70-557 that I'm planning to give away as one of the prizes in one of the lectures...

if you have any questions regarding the exam, feel free to ask :-)

Configuration Changes in Antigen/Forefront Due CA Engine Consolidation

Molly Gilmore (a program manager on the Forefront Rapid Response Engineering team) has published a reminder on the new behavior expcted from antigen/forefront now that CA has consolidated their two AV engines.

First, I would like to mention that there is a KB Article was created that outlined the change and the associated product benefits communicated by CA http://support.microsoft.com/kb/931373).

after the consolidation was made, the FFRRE team has recommended to disable the CA InoculateIT engine (and by that Forefront Security Server Customers gain the option of selecting another AV Engine for additional protection).

In case you didn't read the message and/or didn't do any change in your config, the FFRRE team has re-packaged the CA Vet engine as the CA InoculateIT engine so it would be loaded by FSS/Antigen as CA InoculateIT but updated with CA Vet signatures. As a result, Customers who have both CA InoculateIT and CA Vet enabled for scanning, are scanning with two instances of the same engine, CA Vet.

The best way to "get-rid-of" this engine is to upgrade to the most recent service packs available for each of our products; Antigen 9.0 SP1 for Antigen for Exchange Customers, FSSE SP1 for Forefront Security for Exchange Server Customers and FSSSP SP1 for Forefront Security for SharePoint Customers. These product versions are shipped without the CA InoculateIT engine and will remove the CA InoculateIT scanner update scheduled jobs during the installation process.

if you still wish to manualy disable the engine and not to update it, here are the Steps to do it:

1. Open The Forefront/Antigen Administrator Client.
2. Under Settings, Click On “Antivirus”.
3. Deselect The CA InoculateIT Engine Under “File Scanners” For Each Scan Job.
4. Click the Save button.

Remove Scanner Update Scheduled Jobs for CA InoculateIT

1. Open The Forefront/Antigen Administrator Client.
2. Under Settings, Select Scanner Updates.
3. Select CA InoculateIT and click the Disable button on the right-hand side to disable scheduled updates for this engine.

Important NOTE: In several months, Microsoft will discontinue signature update support for the CA InoculateIT engine so it is advised that Customers upgrade to the most recent service packs available for each product version.