Is FEP 2010 capable of securing computer against the man-in-the-middle attack?

Hello
Just would like to know if FEP 2010 is capable of preventing man-in-the-middle attack on computers with it installed?
Thanks

It is not the job of FEP or other Anti-Malware product to protect you against man-in-middle attacks, as it is not purpose of design of Anti-Malware. However, some of Man-in-Middle attacks are being blocked by Network Inspection System (NIS), which means
if FEP detects any malicious package on a network which match signature of NIS , it will block it.
Browser plays a very important role in blocking Man-in-Middle attack, for example if you use Internet Explorer, you have a better protection against this type of attack, take a look at:
http://ie.microsoft.com/testdrive/Browser/MixedContent/Default.html

Similar Messages

Can I restart my computer in the middle of queued render?

This might be a silly question, but I can't seem to find an answer either way. I have four after effects comps queued up in my render queue, it's currently processing the first one. If it hit "pause" and close out of after affects and/or restart my laptop, will I have to restart the render from the beginning?
Main reason I'm asking: I'm in the middle of a project and IT might have to do something to my computer, and install something (possibly including a reboot), and I'm not sure when, just "whenever they have a moment."
So not my normal workflow, but I'm curious if anyone else has run into this and knows the answer?
Thanks in advance!

If you render an image sequence, it's not a big deal: stop the render, save the project and pick up where you left off.
If you render a move, you'd have to re-render the entire movie that's currently rendering.
Anything else, e.g. Save Frame As or export audio, take such a short time that you can tell the IT person to hold onto his/her shirt for a couple of seconds.

HELP, new ipod shuts down computer in the middle of updating.........

We have a new ipod, that when I connect to our computer, begins the downloading process but shuts down our whole system half way through. Anybody know what is happening. I have tried everything I know how to do, but this only happens when I connect the new ipod. I've even exchanged the ipod, but the same result. I've tried to reinstall the software, but I think I've got a mess now. Any ideas?

First do some scanning. Scan the system with your antivirus program. Scan the system with a malware program like ewido http://www.ewido.com. Use windows chkdsk to scan the system and the registry (if you need help with this just say so)
Goto the PC makers site and install all the updates for your system, especailly BIOs Chipset IDE controller and USB updates.

HT201250 I am doing an initial back up of my files, which looks like it's going to take 3-4 days because of photos. If I turn off the computer in the middle of the download to Time Machine, does this delete everything that has been backed up so far? Thnx.

I am about halfway done uploading files to Time Machine. However, because I have a lot of photos, the upload is taking days. If I turn off my computer, will I lose the files that have been uploaded so far?
Thanks!

photogirl80 wrote:
I am about halfway done uploading files to Time Machine. However, because I have a lot of photos, the upload is taking days.
How much is on your system, what are you backing-up to, and how is it connected? See Time Machine - Frequently Asked Question #29 for a rough idea of how long it should take.
If I turn off my computer, will I lose the files that have been uploaded so far?
If you turn it off, doubtful, but the backups may need to be repaired, per #A5 in Time Machine - Troubleshooting.
If you cancel the backup, no. But they'll be mostly inaccessible until a backup does complete normally.
They're in an 'in.Progress" package on the backup drive; when you start another backup, Time Machine will start over, but it won't re-copy all that data. It will take quite a while, and appear to be backing-up quite slowly, as it recovers those files.
If you're backing-up to a TIme Capsule, connect via Ethernet cable if at all possible -- it will still take a long time (20-25 GBhour) but be much faster and more reliable than via WIFI.

Security filter against AD groups. When you add a computer, does it need to reboot to fall into scope.

This should be an easy one. I have a 2008r2 domain. When I add a computer to an AD security group, so it will get targeted from a GPO that has that same group in its security filter, does the computer need to reboot to start processing any part
of that policy? It has always seemed that computers need a reboot to pick up their group memberships, but I wanted to double-check.
Dave

Hi Dave,
Normally for a computer account to become aware of the group membership change a reboot is required.
Also some group policy can be applied after a comouter reboot. So I'd suggest to reboot your compputer.
Best Regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

FEP 2010 in uninstalling on startup

Hello, I've got a problem. When I start my computer, the FEP 2010 is completely disappearing from my computer. I scanned my computer with malwarebytes and scanbot, but they didn't find nothing. Can you help me?

Hi,
About event log.
http://windows.microsoft.com/en-hk/windows/open-event-viewer#1TC=windows-7
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

"No action " Status in FEP 2010 Report

Hi Team,
We need a clarification about the FEP 2010 options as below:
Our internal security team raised an Point that what does "No action" actions specify here,which notified in FEP reports.
There it says 1 system status is "No action",however there is no hyperlink to check which one is the system.
Whether FEP not able to qurantined the Malware or if any.
Please help us in understanding in this ( No action, Incident 7 computers) Whether this means system is clean or not.
Actions   Incidents   Computers
Failed   0   0
Removed   0   0
Quarantined   19   9
Cleaned   0   0
Allowed   0   0
No Action   1   1
Blocked   0   0
Regards
Sudam Bisi
Cognizant technology Solutions

Hi,
No Action means no action defined
For more information:
http://social.technet.microsoft.com/Forums/forefront/en-US/c99390b4-4929-41e3-ac2c-6a5675b5e75a/forefront-endpoint-protection-antimalware-action
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

FEP 2010 (SCCM 2007 R3 win2K8 R2) - quick scan run but 'Potentially unprotected'?

Hi there,
I have been deploying FEP 2010 via SCCM 2007 R3 for a couple months. I have a FEP policy that indicates it should do a Quick Scan daily at a specified time and a Full Scan on Fridays. The GUI on the FEP client indicates the computer is "Potentially
unprotected" - yet also indicates the last scan was today at 6:45AM (as the policy dictates). The GUI says 'You haven't run a scan on your computer for a while...."
Is there a way I can keep the FEP client from doing this - it will cause questions/concerns when the FEP shield is not green. Alternately - what might I have configured incorrectly?
Thank you.

When this message appears, try run a full system scan and see whether it disappears or not.

Is the Trojan (Gen:Variant.Graftor , W32/Injector.AWSE!tr ) detected by FEP 2010?

Hello,
My security team wants to know if the Trojan (Gen:Variant.Graftor , W32/Injector.AWSE!tr ) is detected by FEP 2010. If yes, could anyone provide the link.
Regards,
Tarani Mishra

Ok, well, I was going by this part in the link I posted for Trojan:Win32/Yayih.A:
This threat is also detected as:
Win-Trojan/Yayih.4861440 (AhnLab)
Trojan.Win32.AntiAV.ptv (Kaspersky)
Trojan.AntiAV!zoXUT5UuOF4 (VirusBuster)
Gen:Variant.Graftor.15447 (BitDefender)
Trojan.Win32.Yayih (Ikarus)
Searching by the PostenTracking.exe name, I found this:
https://www.virustotal.com/en/file/66f54dc5d5ee2f0d6aceb49d5fbab94e272b780f3105cf7e02a3ddaa41f2a3fc/analysis/
Which indicates that Microsoft products are not yet detecting it.
If you are experiencing this malware in your environment and it's not being detected, you should submit a sample so Microsoft can get it added to the definitions...
https://www.microsoft.com/security/portal/submission/submit.aspx

Does FEP 2010 offer protection for NAS file servers?

Hello,
We are in the process of rolling out FEP 2010 and wanted to know if it has the capability to scan NAS file servers?
Thanks,
Tom
Tom Martin Email: [email protected]

Could Microsoft Forefront Endpoint Protection scan NAS drive?
We have NAS drive (EMC back-end), network shares via Windows Server. We are using FEP 2010 with SCCM 2007. Today, we have Expiro virus/malware headache! Where is infected some network shares. Don't know yet how far it goes. Is there any easy way to do this?
The problem with Expiro where it mutating itself with different names, last one seen as Expiro.gen!S
Thanks for any suggestions.

Are mac book pros mid 2010 capable of upgrading to mountain lion?

are mac book pros mid 2010 capable of upgrading to mountain lion?

Yes.
Upgrading from Snow Leopard to Lion or Mountain Lion
You can upgrade to Mountain Lion from Lion or directly from Snow Leopard. Mountain Lion can be downloaded from the Mac App Store for $19.99.
If you sign into the App Store and try to purchase Mountain Lion but the App Store says your computer is not compatible then you may still be able to upgrade to Lion per the following information.
A. Upgrading to Mountain Lion
To upgrade to Mountain Lion you must have Snow Leopard 10.6.8 or Lion installed. Purchase and download Mountain Lion from the App Store. Sign in using your Apple ID. Mountain Lion is $19.99 plus tax. The file is quite large, over 4 GBs, so allow some time to download. It would be preferable to use Ethernet because it is nearly four times faster than wireless.
     OS X Mountain Lion - System Requirements
       Macs that can be upgraded to OS X Mountain Lion
         1. iMac (Mid 2007 or newer) - Model Identifier 7,1 or later
         2. MacBook (Late 2008 Aluminum, or Early 2009 or newer) - Model Identifier 5,1 or later
         3. MacBook Pro (Mid/Late 2007 or newer) - Model Identifier 3,1 or later
         4. MacBook Air (Late 2008 or newer) - Model Identifier 2,1 or later
         5. Mac mini (Early 2009 or newer) - Model Identifier 3,1 or later
         6. Mac Pro (Early 2008 or newer) - Model Identifier 3,1 or later
         7. Xserve (Early 2009) - Model Identifier 3,1 or later
To find the model identifier open System Profiler in the Utilities folder. It's displayed in the panel on the right.
     Are my applications compatible?
         See App Compatibility Table - RoaringApps.
     For a complete How-To introduction from Apple see Upgrade to OS X Mountain Lion.
B. Upgrading to Lion
If your computer does not meet the requirements to install Mountain Lion, it may still meet the requirements to install Lion.
You can purchase Lion by contacting Customer Service: Contacting Apple for support and service - this includes international calling numbers. The cost is $19.99 (as it was before) plus tax. It's a download. You will get an email containing a redemption code that you then use at the Mac App Store to download Lion. Save a copy of that installer to your Downloads folder because the installer deletes itself at the end of the installation.
     Lion System Requirements
       1. Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7,
           or Xeon processor
       2. 2GB of memory
       3. OS X v10.6.6 or later (v10.6.8 recommended)
       4. 7GB of available space
       5. Some features require an Apple ID; terms apply.

FEP 2010 install on Windows server 2012 R2

I am trying to install FEP 2010 client on Windows server 2012 R2 from 2007 Server ( SP2 R3)
FEP deployment package fails to install. Error in execmgr is
Program exit code -2147156220.
Is there a way of installing FEP 2010 client on Windows Server 2012 R2 from SCCM 2007 ?
Thanks

Hi,
Are you running FEP 2010 update rollup 1?
https://blogs.technet.com/b/configmgrteam/archive/2013/09/16/support-questions-about-win-8.1-and-winsvr-2012-r2-for-configmgr-and-endpoint-protection.aspx
And the latest version of the FEpinstall.exe which is updated with this hotfix
http://support.microsoft.com/kb/2907566/en-us
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

The security database on the server does not have a computer account for this workstation trust relationship

When I try to log on to my DC it says "The security database on the server does not have a computer account for this workstation trust relationship". It won't let me log on. I installed another server server 2012r2 (its virtual )
and I can get to ADSI edit.
I think what happened was I had a pc that could not connect without unplugging the network cable. So I found this fix
FIX: “The security database on the server does not have a computer account for this workstation trust relationship”2032011
I’ve seen a lot of solutions, or suggestions rather, with regard to the error in the title of this post. In my experience, the problem can almost always be resolved without extra domain add/removes and reboots, which is the most prevalent solution I have
seen around. Usually, this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself. Here are the steps I take to fix this issue when it crops up:
Open up Active Directory Users & Computers pointed to the domain the computer account resides in
From the “View” pull-down menu, make sure that “Advanced Features” is checked
Navigate to the part of your organizational unit (OU) structure where the computer account for this server resides
Open the Properties for the computer object
Choose the “Attribute Editor” tab on the Properties dialog box
Check the Attributes dNSHostName & servicePrincipalName – anywhere that a fully qualified hostname is specified (e.g. myserver.mydomainname.com), make sure that the entry matches the hostname
you have configured when you go here on your server: Start -> Computer -> Right-Click, Properties -> Change Settings (under “Computer name, domain… settings”) -> Full Computer Name
As an example, for a fictitious W2K8 R2 server whose Full Computer Name is “srv1.mydomainname.com”, these attribute/value pairs should be in Active Directory:
dNSHostName:
srv1.mydomainname.com
servicePrincipalName:
HOST/SRV1
HOST/srv1.mydomainname.com
RestrictedKrbHost/SRV1
RestrictedKrbHost/srv1.mydomainname.com
TERMSRV/SRV1
TERMSRV/srv1.mydomainname.com"
Not reading it carefully I add a computer with the same name as the pc having the issue and followed the above. The problem is that I did not notice that the spn did not want the name of my server (serv1) but the name of the trouble
pc.
dcdiag output
PS C:\Users\administrator.TOM> dcdiag.exe
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
***Error: DC3 is not a Directory Server. Must specify /s:<Directory Server> or /n:<Naming Context> or nothing to
use the local machine.
ERROR: Could not find home server.
PS C:\Users\administrator.TOM> dcdiag.exe /s:DC2
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\DC2
Starting test: Connectivity
The host 9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM could not be resolved to an IP address. Check the DN
server, DHCP, server name, etc.
Neither the the server name (DC2.TOM) nor the Guid DNS name (9e0dca7a-d017-445a-b354-adee5ff53d48._msdcs.TOM)
could be resolved by DNS. Check that the server is up and is registered correctly with the DNS server.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... DC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site\DC2
Skipping all tests, because server DC2 is not responding to directory service requests.
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : TOM
Starting test: CheckSDRefDom
......................... TOM passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... TOM passed test CrossRefValidation
Running enterprise tests on : TOM
Starting test: LocatorCheck
......................... TOM passed test LocatorCheck
Starting test: Intersite
......................... TOM passed test Intersite
PS C:\Users\administrator.TOM> regsvr32 schmmgmt.dll
PS C:\Users\administrator.TOM> netdig /fix
netdig : The term 'netdig' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ netdig /fix
+ ~~~~~~
+ CategoryInfo : ObjectNotFound: (netdig:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> Setup /PrepareSchema
Setup : The term 'Setup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Setup /PrepareSchema
+ ~~~~~
+ CategoryInfo : ObjectNotFound: (Setup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> netdiag /test
netdiag : The term 'netdiag' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ netdiag /test
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (netdiag:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM> nslooup
nslooup : The term 'nslooup' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ nslooup
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (nslooup:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
PS C:\Users\administrator.TOM>

Ok fixed.
At a elevated cmd prompt run ;
C:\Users\administrator.TOM>setspn -x
As you can see the DC serv1 had duplicate SPNs.
Checking domain DC=TOM
Processing entry 1
HOST/serv1.TOM is registered on these accounts:
CN=SERV1,OU=Domain Controllers,DC=TOM
CN=C00049,CN=Computers,DC=TOM
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/TOWN-HBWJ29ZOQC is registered on these ac
counts:
CN=Administrator,CN=Users,DC=TOM
CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8}/town-hbwj29zoqc.TOM is registered on thes
e accounts:
CN=Administrator,CN=Users,DC=TOM
CN=TOWN-HBWJ29ZOQC,CN=Computers,DC=TOM
RestrictedKrbHost/serv1 is registered on these accounts:
CN=C00049,CN=Computers,DC=TOM
CN=SERV1,OU=Domain Controllers,DC=TOM
RestrictedKrbHost/serv1.TOM is registered on these accounts:
CN=C00049,CN=Computers,DC=TOM
CN=SERV1,OU=Domain Controllers,DC=TOM
found 5 groups of duplicate SPNs.
Went to the computers OU and changed computer c00049 to the correct SPN. Now I have a new issues, I'll start a new thread.

FEP 2010 installation on Windows server 2012

Hi all,
Is there any step- by step guide to install FEP 2010 on windows server 2012 R2?
We need to have this in place till the time, we get our FEP upgraded.
Regards

Hi,
It seems that you can only follow the official document to install FEP on Windows server 2012 R2.
Please verify that your environment meets the prerequisites before installation.
http://technet.microsoft.com/en-us/library/gg412482.aspx
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

I can't download update 5.0.1 and have disabled all security measures and the download still times out shortly after beginning the download. All other downloads are successful so I know the problem is not in the computer. Can anyone help?

Can't download update 5.0.1 to my iPad2. I disabled all security items in fact have deleted them from computer, but the download still times out advising check settings but all is set right? Can any one help with this matter?

I'm still experiencing this problem. I went to settings, general, software and it says Install now. But when I try, I get an error message.

Is FEP 2010 capable of securing computer against the man-in-the-middle attack?

Similar Messages

Maybe you are looking for