Can SCEP 2012 SP1 detect malware name "Backdoor.Win32.Carbanak"

Similar Messages

• Can I get the detecting malware alert by System Center 2012 Endpoint Protection in Azure RemoteApp ?

  Can I get the detecting malware alert by System Center 2012 Endpoint Protection in Azure RemoteApp ?
  I want to get the alert and cleanup malware and alert our Azure RemoteApp users.
  the System Center 2012 Endpoint Protection exist Azure Virtual Machine gallery "Windows Server Remote Desktop Session Host”.
  I test the behavior of System Center 2012 Endpoint Protection by TrendMicro Malware sample "EICAR".
  Regards,
  Yoshihiro Kawabata

  Thank you Pavithra for reply.
  I have 3 points for alerting users and admins of Azure RemoteApp template image.
  point 1: Fix action.
    When the user detect a malware, There are some reasons,
    like viewing a malicious web site, like using the vulnerable applications.
    The User must fix his action in Azure RemoteApp session.
    "Hey, the reason is that you open this web site, Don't open this web site"
  point 2: Fix server.
    When the user detect a malware, ITpro of Azure RemoteApp fix the current Azure Virtual Machine of Azure RemoteApp.
    There may be infected with other malwares.
    ITpro need to fix the current Azure Virtual Machine of Azure RemoteApp before infecting other users.
    "Hey, This Azure RemoteApp collection will update with the template image after ten minutes."
  point 3: Fix damage.
    When the user detect a malware, ITpro of Azure RemoteApp research the damage of all system,
    like whether or not sent the infected email to other persons by other malware,
    like whether or not broken other related systems by other malwares.
    "Hey, Are other systems OK ?"
  Regards,
  Yoshihiro Kawabata     

• SCEP 2012 trojan detection but no action taken.

       
  We had a recent detection of a trojan but the remediation was no action, we are not sure what this is trying to tell us since the severity is set to remove.
  Malware Name: Trojan:Win32/Ropest
  Number of infections: 2
  Last detection time(UTC time): 8/28/2014 11:56:22 PM
  Remediation action: NoAction
  Action status: Succeeded

  It could be that No Action is necessary because the infection is already gone.  To be sure, feel free to scan the device with another tool.  When I have doubts about something being cleaned, I prefer to use an offline scanner so that its unlikely
  an infection can interfere with the scan:
  http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline
  http://support.kaspersky.com/us/viruses/rescuedisk/
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you found a bug or want the product to work differently,
  share your feedback.
  <-- If this post was helpful, please click the up arrow or propose as answer.

• SCCM Device Query for SCEP 2012 SP1 CU5

  Dear all,
  I want to create a device query rule for SCEP client agent installed machines , SCCM version we are using SCCM 2012 SP1 CU5. If any one has the query , please let me know.
  Thanks,
  Sengottuvel M

  select distinct SMS_R_System.Name from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId full join SMS_G_System_ADD_REMOVE_PROGRAMS_64 on SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID = SMS_R_System.ResourceId where (SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "System Center 2012 Endpoint Protection" or SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName = "System Center 2012 Endpoint Protection")

• SCEP 2012 and VDI offline servicing

  I've seen this question being asked before in another thread (Best practice to run Microsoft Endpoint Protection client in VDI environment) however the answer doesn't provide enough information (for me at least)
  We are planning to use a Citrix XenDesktop environment with Provisioning services providing VDI clients. As far as I know the SCCM client will be installed in the VDI golden image and after some adjustments SCCM client registration will go well. We will
  also use SCCM 2012 and deploy SCEP 2012 for anti-malware scanning.
  SCCM 2012 provides offline servicing for Software Updates in WIM images, but what is a best practice in keeping the VDI's up-to-date? I can't find any good information about this, so maybe the answer is very simple?... Is there a way to offline service the
  VDI image so Software Updates and Anti-Malware updates are injected in the image?
  Or do the VDI's get updated as physical systems, at the time they are logged in to the network, discarding all changes when logging off. This doesn't seem the right way to go.
  Any help would be appreciated.
  thx. Niels

  I struggled with this same problem for a while, and likewise didn't find a great answer anywhere. In our case, this is for an RDS VDI environment, but the solution I ended up employing should work anywhere.
  First, set up SCCM/WSUS to download the updates to a UNC share (if you haven't already; here's a helpful guide:
  http://blog.thesysadmins.co.uk/sccm-2012-scep-unc-definition-updates-automation-powershell.html). Also, create an antimalware policy for the VDI machines with the definition updates source set to UNC only, and set the UNC Path section accordingly.
  Here's the key part: create a scheduled task in your master image to run based on boot or resume (RDS puts the VDI VMs in a Saved state rather than Off). Here are the settings I used for the task:
  General tab: I set it to run as the SCCM Network Access Account; Run whether user is logged on or not
  Triggers tab: Begin the task On an event; Basic; Log: System; Source: Kernel-General; Event ID: 1 (this pops up on a startup or resume event); Delay task for: 5 minutes (during VM creation, it boots the machine for just a couple minutes, and I
  didn't want this task to be interrupted by a shutdown halfway through); Enabled
  Actions tab: Action: Start a program; Program/script: "C:\Program Files\Microsoft Security Client\MpCmdRun.exe"; Add arguments: -SignatureUpdate
  I left the other tabs with their defaults
  In RDS, the VMs on creation are spun up briefly and then put into a Saved state. It then spins up just a few, waiting for users to connect. By the time a user logs in, the machine should have the latest updates, but even if it doesn't, it should be
  no more than ~5 minutes before it does.
  Hope this helps!
  Ryan

• CAVA integration with MS SCEP 2012 R2 ?

     EMC CAVA is a storage antivirus which connects to a single remote windows machine with compatible antivirus. (McAfee, Symantec....).
    Can SCEP 2012 be used instead because we are replacing McAfee with System Center End Point Protection 2012.
  Shahid Roofi

  Endpoint Protection is just that, protection for the endpoint (and only the endpoint). If you need or require protection beyond the endpoint, SCEP is not going to help you and Microsoft does not have a solution for you for this particular need/requirement.
  It's simply not part of what they have chosen to focus on.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Installing DPM 2012 SP1 onto Server 2012 R2 (Compatible / Supported)?

  Hi,
  Can DPM 2012 SP1 be installed onto Server 2012 R2? i.e. is it compatible and also is it supported by Microsoft?
  If so are there any official documents or links provided by Microsoft for this installation scenario?
  I would have installed DPM 2012 R2 onto Server 2012 R2 but this is not possible due to DPM 2012 R2 not supporting Server 2008 protected servers!
  Thanks,
  Microsoft Partner

  Hi,
  DPM 2012 SP1 is not supported running on Windows server 2012 R2.
  System requirements for System Center 2012 SP1 - DPM
  http://technet.microsoft.com/en-us/library/jj651645.aspx
  Can you tell me how many Windows 2008 servers you need to protect and what is preventing you from upgrading them to Windows 2008 R2 ?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT]
  This posting is provided "AS IS" with no warranties, and confers no rights.

• System Center Virtual Machine Manager SC VMM 2012 SP1 Installation fails: Unable to assign the name NO_PARAM to this host because this name is already in use.

  I'm trying to install VMM 2012 SP1 on a Windows Server 2012 machine and it fails with this error,
  the scenario is as follows,
  Old database (from 2012 RTM) exists on remote SQL 2012 SP1 server
  Server was 2008 R2 SP1 so I decided to make a fresh installation of 2012 with the same name
  installed ADK
  specific error: 01:42:13:VMMPostinstallProcessor threw an exception: Threw Exception.Type: Microsoft.VirtualManager.Setup.Exceptions.BackEndErrorException, Exception.Message: Unable to assign the name NO_PARAM to this host because this name is already in
  use.
  please help

  I had a similar problem today when upgrading from SCVMM 2012 RTM to SCVMM 2012 SP1 RTM. To re-create the issue you describe originally you can actually just uninstall SCVMM 2012 SP1 RTM with "retain data" option and re-install the software on the same
  computer (with the same name of course), attaching it to the retained DB. If you change the SCVMM server name I believe it will make some things go wrong after your install, like missing VM template passwords for example as the data gets encrypted in
  the DB. Maybe it didn't but I didn't risk it. I definitely know if you change service accounts on a scenario like this you will be without the encrypted DB data which isn't much fun. To avoid changing the computer name, if you look in the setup log
  files in %systemdrive%\ProgramData\VMMLogs\, specifically the SetupWizard.log file. You will see details on it failing because the same computer name is in the DB table "dbo.tbl_ADHC_AgentServer" and until it is removed from that table I wasn't able to get
  the install to complete at all. The error in my logs looked something like this "InnerException.Type: System.Data.SqlClient.SqlException, InnerException.Message: Violation of UNIQUE KEY constraint 'unique_ADHC_AgentServer_ComputerName'. Cannot insert duplicate
  key in object 'dbo.tbl_ADHC_AgentServer'. The duplicate key value is (computername.is.writtenhere). The statement has been terminated." In the row data in the DB it also seems to suggest that the computer name had "Virtual Machine Manager Library Files" on
  it which is strange since I always remove the local SCVMM server as a library server after I install it and use an off box library server.

• SCCM 2012 sp1 - can't add boot image - Only finalized boot images are supported.

  so when i updated to sp1 i had to install the new assessment and deployment kit which i have done.
  when i try to add a boot image to sccm now i get the error:
  You can not import this boot image. Only finalized boot images are supported. For more information press F1.
  i have searched technet and on old versions of sccm you could re-install waik to fix this issue, i have tried re-installing ADK and its still doing the same.
  has anyone had this problem on 2012 sp1?

  Hi,
  It works to import x86 image of windows 8 and now I have some problems when I try to import x64 boot image of 8.1.
  Where I can see errors in logs. Are sow many log files and I'm little confuse and I cant find error to see what is the reason of this error.
  And the error is:
  Error: Data Source
  Information
  • Source location:
  \\xxx\yyy\X17-24269\sources\boot.wim
  • Boot Image:
  1 - Microsoft
  Windows PE (x64)
    Error: Package
  Information
  • Name: boot
    Error: Errors
  • You can not
  import this boot image.
  Only finalized boot images are supported.
  For more information press F1.

• Can I get MJD (date and time) in LabVIEW 2012 SP1?

  I need to time stamp my data before sending it to the file.  I have been doing this with the standard calendar date and time but MJD is what we prefer to use.  How can I get an MJD timestamp in LabVIEW 2012 SP1?
  Solved!
  Go to Solution.

  Hello Brad_Henry,
  The Format Date/Time String will return the day of the year when the %j argument is used, as per this help document:
  LabVIEW Help: Format Codes for the Time Format String
  http://zone.ni.com/reference/en-XX/help/371361J-01/glang/codes_for_time_format_str/
  If you're looking for the actual MJD, I'm not aware of a built-in function that generates this so you'll probably need to create or find a function to calculate it manually.  This should pretty basic arithmetic, and it looks like people have already made a few public examples, the first two search results here look to be just about what you need:
  ni.com search:
  http://search.ni.com/nisearch/app/main/p/bot/no/ap/tech/lang/en/pg/1/sn/catnav:ex/q/julian/
  Regards,
  Tom L.

• Can I have an SCCM 2012 R2 server and a SCCM 2012 SP1 server in the same site?

  We are currently using SCCM 2012 SP1/MDT 2012 Update 1 to deploy Windows 7, and to migrate existing XP installs to Windows 7 (using the offline USMT functionality in MDT).  We are moving forward with Windows 8.1, and understand that
  we need to upgrade our SCCM infrastructure to SCCM 2012 R2/MDT 2013.  We also understand that this will cause us to lose the ability to migrate XP machines, since MDT 2013 uses a newer version of USMT that doesn’t support XP.
  What do we need to do to continue to support our XP migrations, and enable deployments of Windows 8.1?
  Can we have two SCCM servers in the same Site running different versions of SCCM? Do we need a separate site? 

  You don't explicitly need ConfigMgr 2012 R2 to support Win 8.1. SP1 CU3 will suffice although managing a few things like boot images is a little more difficult: http://blogs.technet.com/b/configmgrteam/archive/2013/10/21/how-to-enable-windows-8.1-deployment-in-sc-2012-configmgr-sp1-cu3.aspx
  You could create two separate site hierarchies, but that would be painful and involve tons of duplication. There would be other issues also if the systems are located on the same subnets and in the same AD forest.
  The best option is to get rid of XP. EOL is in less than 30 days!
  Next best is to stay on SP1 CU3 until you get rid of XP. I know that sucks, but keeping XP around is the root cause of this and many other coming issues in any organization wanting to keep it around.
  Jason | http://blog.configmgrftw.com

• Can SCVMM 2012 R2 exist with SCVMM 2012 SP1 in the same AD domain

  We currently run System Centre 2012 SP1 (SCOM, SCCM, SCSM and SCVMM 2012 SP1). 
  There is no plan to upgrade the System Centre suite to R2 for another 6 months.
  But we do want to use SCVMM 2012 R2. I don’t plan to use SCVMM 2012 R2 with SCOM or SCCM 2012 SP1. 
  Can I build a separate SCVMM 2012 R2 in the same Active directory domain or forest (on a new server, with a separate database and with different service accounts)?
  Regards
  Tim
  Kind Regards Tim (Canberra)

  Hi Tim ,
  How are things going ?
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCCM 2012 SP1 and SCEP for Mac

  Hello all,
  We have SCCM 2012 SP1 with SECP installed and working well for Windows clients.
  A request came to me that we have the roughly 10ct Mac computers protected by EndPoint and reporting through SCCM.
  Is this possible with what I have now? 
  Please let me know if you have any clues for me.
  Many thanks!

  Hi,
  There is no way to push the SCCM MAC Client to a MAC Computer, you have to install it manually, threre are scripts available on blogs that can assits but still you have to run those scripts manually as well.
  The System Center Endpoint Protection client for MAC is indeed a separate download on the volume licensing site, it is not managed through SCCM it is a standalone antivirus software which download it's defenition files directly from the internet. So there
  is now way to manage it centrally.
  I hope that answered your questions.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• SCOM 2012 SP1 Can't get email alerts for Heartbeat Failure or Computer Unreachable when combined with Group.

  Hello,
  I have SCOM 2012 SP1 RTM POC lab.  I have created a dynamic group that picks up my system center servers based on some simple criteria and this works fine.
  I have set up a subscription for critical and high severity alerts originating from this dynamic group called SCOM Servers to send emails to a distribution.  This also worked well for any critical alert that was NOT Heartbeat Failure or Computer Unreachable. 
  I see those in the console but no email.
  So I set up a new subscription by right clicking on the alerts and here's the kicker.  If add no other conditions to these subscriptions, they will send emails to the DL I provided, but if add the condition initiating from group, and specify my dynamic
  group SCOM servers, no email alert.  But the alert still appears in the console.
  Any ideas on this?  I would like the appropriate support groups to get these types of alerts for the servers that they support (i.e. SCOM will get SCOM servers, Exchange Admin will get Exchange and never the two roads shall meet.).
  I even tried some internet posted custom management pack, but I couldn't import it after adding the code that he listed.
  I mean, isn't this a basic requirement for any mid-sized company?
  Any help is greatly appreciated.

  Hi Donald,
  Like Dan says you need to add the "Health Service Watcher" objects to the groups as wel. Unfortunately this cannot be done in the Dynamic group Editor but has to be done in the XML. Export the XML and add the following piece of code between the
  lines </MembershipRule></MembershipRules>:
  <MembershipRule>
   <MonitoringClass>$MPElement[Name="SystemCenter!Microsoft.SystemCenter.HealthServiceWatcher"]$</MonitoringClass>
  <RelationshipClass>$MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary7084300!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass>
  <Expression>
  <Contains>             
  <MonitoringClass>$MPElement[Name="SystemCenter!Microsoft.SystemCenter.HealthService"]$</MonitoringClass>
        <Expression>
  <Contained>         
  <MonitoringClass>$MPElement[Name="MicrosoftWindowsLibrary7084300!Microsoft.Windows.Computer"]$</MonitoringClass>
            <Expression>
              <Contained>
                <MonitoringClass>$Target/Id$</MonitoringClass>
              </Contained>
            </Expression>
          </Contained>
        </Expression>
      </Contains>
    </Expression>
  </MembershipRule>
  Save the XML delete the old one in OpsMgr and import the edited.
  For SP1 the SystemLibrary version is 7.0.8430.0. If this is not your version you need to edit this in the code above.
  Hope this helps,
  Regards Marthijn van Rheenen
  Blog: Heading To The Clouds

• How to convert Unmanaged SCEP clients to Managed in SCCM 2012 SP1

  We recently started installing SCEP clients from the .exe and a preconfigured .xml file to client machines in a domain setting.  This was done from a USB drive, going from machine to machine, with a  .bat file.
  This was a stop-gap until we were able to install and configure SCCM 2012 SP1.
  PCs that already had the SCEP client (prior to SCCM coming into production) are showing up as unmanaged.  PCs that have had SCCM install SCEP all are listed as managed.
  I've searched, but have yet to find a definitive answer as to how get the manually installed SCEP clients to register as managed in SCCM.
  AD Domain with WIN 2008 R2 DC, SQL 2012 Standard, SCCM 2012 SP1

  Also, make sure the Endpoint Protection Point is installed properly on SCCM and the Client Setting for SCEP is enabled.
  Juke Chou
  TechNet Community Support