1. Protegendo seus desktops e servidores com o Microsoft Forefront Client Security Visão Geral e Implementação Técnica – Parte 3 Ricardo Frois Security Specialist Microsoft Brasil

2. Overview Architecture Unified Protection Simplified Administration Visibility and Control Additional Resources Agenda

3. 3 Solução unificada contra virus e spyware Construido usando como base tecnologia usada por milhões de usuários Resposta a ameaças eficaz Complementa as outras soluções de segurança Microsoft Console única para administração de segurança Definição de uma única política para as configurações de proteção de clientes Distribuição de assinaturas e software de forma mais rápida Integração com a infra estrutura existente Um único painel de controle para visualização de ameaças e vulnerabilidades Visualização de relatórios mais importantes Permite que os administradores se mantenham informados sobre o estado de scannings, alertas de segurança Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados

4. Greater confidence Greater efficiency Greater control Proteção unificada contra malware para desktops, laptops e servidores corporativos com gerenciamento e controle unificados

5. 5 Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization Forefront Client Security MSRT Windows Defender Windows Live Safety Center Windows Live OneCare IT Infrastructure Integration FOR INDIVIDUAL USERS FOR BUSINESSES

6. 6

7. One solution for spyware and virus protection Built on protection technology used by millions worldwide Effective threat response Complements other Microsoft security products

8. One engine for virus and spyware protection –Also used in Windows Defender, OneCare, Antigen, Forefront Server Security products, MSRT, etc. –Simplified deployment and administration –Reduces conflict when detecting blended threats Detection and removal capabilities include: –Real-time, scheduled or on-demand detection & removal –Comprehensive system cleaning for viruses and spyware, with checks to ensure system is fully functional after cleaning –Scanning dozens of archives and packers –Using tunneling signatures that bypass user-mode rootkits –Code emulation for behavior analysis and polymorphic viruses –Heuristic detections for new malware and variants

9. Kernel mode scanning –On-Access Mini Filter –Essential to any Malware protection –Malware must compromise kernel to evade –Malware is prevented from executing entirely User mode scanning –System Configuration –Internet Explorer Add-ons –Internet Explorer Configurations –Internet Explorer Downloads –Services and Drivers –Application Execution –Application Registration –Windows Add-ons Antimalware – Real Time Scanning

10. Quick Scan –In memory processes –Targeted Directories * User Profile Desktop System Directories Program Files –Common Malware extensibility points * Full Scan –All aspects of Quick Scan –Full evaluation of local drives Antimalware – Scheduled Scanning * Defined in Definition Update to respond to Malware evolution

11. Demo Using Forefront Client Security to Protect Client Computers Simplified Administration D Demonstration

12. Define security steady state Specify the ongoing security behavior of my clients Keep systems up-to-date Ensure that clients have the latest signatures View reports Determine the security state, now and over time Respond to alerts What critical security events require my attention?

13. One console for simplified security administration One policy to manage client protection agent settings, e.g.: Choice of 3 integrated policy profile deployment methods: Microsoft Forefront Client Security Console (uses AD/GP) ADM file (uses AD/GP) Export to a file then use existing software distribution system Anti-spyware unknown action Alert level Event and logging settings SpyNet reporting on/off Level of end-user UI shown Scan schedule Real time protection on/off Signature update frequency Anti-spyware signature overrides Security state assessment settings

14. Console deploys policy through use of Active Directory ® Group Policy Objects Granularity at OU-level with exceptions using security groups Console creates GPO, sends to Sysvol, GP deploys profile Policy applied on host per AD default READ,SAVE GPO

15. Signature deployment optimized for Windows Server Update Services (WSUS) Can use any software distribution system Auto and manual approval of definitions Client Security installs an Update Assistant service to: Increase sync frequency between WSUS and Microsoft Update (MU) for definitions Support for roaming users Failover from WSUS to Microsoft Update Malware Research Microsoft Update WSUS + Update Assistant Desktops, Laptops and Servers Sync Sync ®

16. Install WSUS Store updates locally Create a WSUS Web site during installationFCS requires WSUS to use port 8530 Configure automatic approval First synchronization can take several hours

17. One console for simplified security administration Define one policy to manage client protection agent settings Deploy signatures and software faster Integrates with your existing infrastructure

18. Supported Platforms –Server Windows 2003 Server/SP1 Windows 2003 Server/R2 Longhorn Server (at RTM) –Client Windows 2000/SP4 + Rollup –Requires GDI+ QFE Windows XP/SP2 –Requires Filter Manager QFE Windows Vista –Business SKUs only

19. Server –Server Setup –Configuration Wizard Client –Command line (no UI) –Use existing deployment technologies Policy –AD –.reg file (client side tool) Signatures –WSUS –SMS/others (RTM)

20. Demo Visibility and Control Updating Signature Files Using Policies to Manage Client Computers D Demonstration

21. Understanding Policies Forefront Client Security Console Administrator creates & deploys policy Group Policy Management Console Clients

22. 22 One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts

26. 26 Malware outbreak Malware protection disabled Malware detected Malware failed to remove Respond to Alerts Alerting Functionality Notificação e administração dos valores de incidentes incluindo: Controle do tipo de nivel de alertas & volume de alertas gerados 15432 Outbreak Malware removal failed Signature update failed Malware detected and removed Signature update failed (per min) Rich Data, High Value Assets Critical Issues Only, Low Value Assets

27. Client (Host) Alerting and Reporting Architecture MOM ServerSQL Server Reporting Services System Log MOM Agent Event Table Alerts Table State Table

28. 28 Viewing Reports Reporting Details Integração com MOM 2005 Uso SQL Reporting Services Demonstra o status da segurança contra malware na sua empresa Especifica point-in-time e over time Tipos de Relatorios Malware Threat(s) Vulnerability Summary Scan Results Historical Information Summary Report DeploymentAlertsComputers

29. Demo Running and Reviewing Reports View Security State Assessment report View Computer Detail report demonstration

30. CurrentCurrent ClientClient ServerServer EdgeEdge Dec 2006Dec 2006 2007 +2007 + TBDTBD Security Product Roadmap Antigen Messaging Security Suite Microsoft ®

31. Public beta available now! –Download at http://www.microsoft.com/clientsecurity http://www.microsoft.com/clientsecurity –Community-based support at http://www.microsoft.com/technet/clientsecurity http://www.microsoft.com/technet/clientsecurity Release To Manufacture planned for Q2 CY2007 Will be available through Microsofts volume licensing programs

32. http://www.microsoft.com/isaserver/2006 http://www.microsoft.com/clientsecurity http://www.microsoft.com/antigen Put your organization through a security audit Contact your Microsoft rep or reseller for information and advice http://www.microsoft.com/forefront Download trial versions of Register for beta information about

33. Other Resources Technical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx MSDN & TechNet http://microsoft.com/msdn http://microsoft.com/technet Virtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx

34. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.