Share via


What Does CSS Need to Help Troubleshoot an FCS Issue?

Are you suspecting an Infection in your network?

 

If you suspect an Infection in your network and if you could find the infected file please upload the sample to the link https://www.microsoft.com/security/portal/submit.aspx

Only one file can be submitted at one time and the size of that file is limited to 10 megabytes. Compress the file and password protect the file with the password "infected" (without quotes).

If you want to submit more than one file for analysis, please compress the files into a single archive and password protect the files with the password "infected" (without quotes).

In the comments field please provide any information about the Infection.

Microsoft Malware Protection Center will send you the results of the analysis on the submission.

 FCS customers please contact Microsoft Customer Service and Support to raise an incident and follow the below steps.

You can also try these steps,

· Run a Full Scan in the infected machine with the recent signature updates.

· Try to isolate the machine from the network to avoid spreading the infection.

Are you facing an issue while installing Forefront Client Security?

Check the Prerequisites

· https://technet.microsoft.com/en-us/library/bb404270.aspx

If you still experience issues after reviewing the Prerequisites, please contact Microsoft Customer Service and Support to raise an incident and follow the below steps

Server installation issues: Gather and provide the engineer with the topology you are attempting to install and computer and account information (see deployment guides)

Example:

Item

Description

Your Notes

Management server

Server name

Collection server

Server name

Collection database

Server name and SQL Server instance name (if it's not the default)

Reporting server

Server name

Reporting

Database

Server name and SQL Server instance name

Distribution

Server

Server name

DAS Account

Domain user account required

DTS Account

Domain user account required

(Recommendation: re-use DAS account)

Reporting Account

Domain user account required

(Recommendation: re-use DAS account).

Action Account

Domain user account required

(Recommendation: re-use DAS account)

Management Group Name

Defined during Client Security setup

Reporting Server URL

Defined during SQL Server 2005 setup (Default:https://reportingservername/ReportServer)

Report Manager URL

Defined during SQL Server 2005 setup

(Default: https://reportingservername/Reports)

Size of Collection Database

Defined during Client Security setup

Size of Reporting Database

Defined during Client Security setup

WSUS Management URL

Created when installing WSUS

WSUS Client Configuration URL

Created when installing WSUS

Collect the failed setup log from the below location and share it with the Engineer who is contacting you

For Server role installation:

<Install drive>\Program files\Microsoft Forefront\Client Security\Server\Logs\Server_date.log

For Client installation:

%Program Files%\Microsoft Forefront\Client Security\Client\Logs

If your Forefront Clients are not getting the signature updates

 

Please execute the CSS Sec MPS report from the Link in the distribution Server https://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744

(If it’s a Single server topology run it in the FCS Server)

Also execute the CSS Sec MPS report from the Link in a client machine https://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744

and when Microsoft Engineer has contacted you request him/her for the Workspace to upload the output of the MPS Report.

 

For other Issues faced in Forefront Client Security

 

Execute the CSS Sec MPS report from the Link

https://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744

· Run this in all the Forefront Client Security Server Roles.

· If it’s a Single Server topology execute this in FCS Server.

· To Run this Script you need to login with Administrator ID.

· This Script will not take more than 5 to 15 minutes.

· This Script is transparent and utilizes less processor time and memory.

· Gather and provide the engineer with the topology you are attempting to install along with computer and account information (See Deployment Guides)

When Microsoft Engineer has contacted you request him/her for the Workspace to upload the output of the MPS Report.

 

What will the CSSSEC MPS Report log from your machine?

 

Information on IIS:

IIS Anonymous (IUSR) User Information

IIS Metadata and Module Information (MBSchema.xml, MetaBase.xml, sysinfo xml).

IIS Configurations and logs.

 

Windows update related Information:

WinHTTP Proxy Settings.

BITS (Service and Queued job Status)

Missing Security update Information.

 

FCS Information:

FCS Anti malware support Logs.

FCS Security State Assessment Information.

FCS Account Information.

FCS Client setup files.

FCS Database Information.

Profile settings of FCS Console.

Checks the Status for Forefront client dependency services.

MOM and reporting Services Information:

MOM Management Pack Information.

MOM *.mc8 Log Files.

MOM Configuration (Onepoint database size and permissions, System Center Reporting database Size and Permissions)

SQL reporting Services Information and logs.

Other Information:

Dcom Information.

Event Logs (Application, System and Security Event logs)

Schedule task Information.

Version of Windows OS.

Version and Symbol Information of Executables.

NTFS Information

Group Policy Information.

Disk Quota Information.

MS Office Information.

Hardware Information of the Local machine.

ISA Server Information.

Security center Configuration (Anti Virus, Firewall, Automatic Updates)

For More Information please read the readme file from the link: https://www.codeplex.com/SECTools/Release/ProjectReleases.aspx?ReleaseId=15744

Thanks

Swami

CSS Security Team