Category Archives: 7916

Microsoft Security Essentials Exclusion List

Microsoft Security Essentials (MSE) Anti-virus program has received a lot of good press since it was released in Sept 2009. I have been gradually moving my residential customers, friends and family over to it. One small problem I have noticed: at times the MSE engine will hog up quite a bit of cpu cycles. I recently found a blog post that said that adding the MSE folders to the list of files/folders in MSE to be excluded from scannng will help reduce the high CPU usage.

To add exclusions, click on Settings > Excluded files & locations, then click the Add button to add an entry.

For Windows XP, add the following exclusion:
C:\Program Files\Microsoft Security Essentials

For Vista/Windows 7, add the following exclusions:
C:\Program Files\Microsoft Security Essentials
C:\Program Data\Microsoft\Microsoft Security Essentials
C:\Program Data\Microsoft\Microsoft Antimalware

Hope this helps. Let me know if there are other folders/directories that should be excluded

Cleaning up Malware

When cleaning up crapware from a workstation, my two primary “go to” solutions are Microsoft Security Essentials and MalwareBytes. I will run these both logged in as the user, as will run quick scans initially. If it finds enough things, I will then reboot into Safe Mode, login as the administrator, and run full scans until nothing is found.

Today, I had a computer that Malwarebytes and MSE both identified and cleaned up issues on. However, soemthing just didn’t seem right, and the computer was still acting — can I say — wierd? I decided to download SuperAntiSPyware, as  I know plenty of people rely on it. Guess what? It found another 146 issues on this computer!

Yes, I know some of you will tell me to flatten this computer and reload Windows from scratch. And I may do so. Right now, I’m  interested in trying to learn what things each of these solutions will find or not find.

Microsoft Latest Antivirus Solution

Amongst all the Windows 7 activity, you may have missed the news that Microsoft released their latest free consumer level anti-virus / anti-crapware solution, named Microsoft Security Essentials. I’ve started installing it on some consumer systems to see how it performs.

But it got me to thinking about prior antivirus offerings that Microsoft has released. So, I put together a short list.  Hmmm .. wonder what was going on in the years between1994 and 2003!

1993: MSAV – Microsoft Anti-Virus for DOS, originally developed by Central Point
1994: MWAV – Microsoft Anti-Virus for Windows, also developed by Central Point
2003: Microsoft purchases antivirus software from GeCad and Pelican
2005: Microsoft AntiSpyware – based on code from Giant Antispyware
2006: Windows Defender – Microsoft renamed Microsoft Antispyware to Windows Defender
2007: Windows Live OneCare
2009: MSE – Microsoft Security Essentials, codename Morrow

Calyptix and SBS

I’ve been install Calyptix AccessEnforcer units recently in several SBS shops, both SBS 2003 and SBS 2008. The AE is a fully featured network security appliance, and comes in various models to fit different size organizations. What I like about Calyptix is its single price — no extra costs for end user licenses or to enable various features. It interfaces nicely with Active Directory for user level filtering and email quarantine. I plan to do more posts in the future on implementing SBS and Calyptix together.

Kaspersky Lockup Solved

So, this is a bit off the SBS highway. I started using Kaspersky’s 2009 Internet Security Suite for many of my non-server (family and friends) clients. I like it a lot. But a couple of times recently, I had an issue where Kaspersky would lock up while I was trying to use it or install it. In each case, once it locked up, I could do nothing but stop it from task manager.

 remember many years ago when I did a lot of software debugging to always reduce a problem down to its Lowest Cost Denominator (LCD).

Well, I finally had time to do that today, and determined that the LCD in this case was LogMeIn! In each case where I had Kaspersky locking up on me, I was connected to the computer remotely through LogMeIn. The solution was to add LogMeIn.exe to Kaspersky’s Trusted Site and click on the option to not have it control application activity. I believe I saw posts where a similar lockup occurs with the VNC-type remote access software.

Hope this helps!
-kw

Uninstalling Live OneCare from SBS 2008

When SBS 2008 was first released, it included a 120 day trial of both Live OneCare (Server) and Forefront Security for Exchange (FSE). Since then, Microsoft has announced they would be dropping support for Live OneCare. When installing SBS 2008, you are asked whether you wanted to install the 120 day trial of these two products. If you did select to install them, and now wish to uninstall them, the process is very easy.

From the SBS console, click on Control Panel > Programs and Features. Click to highlight Live OneCare and then click Uninstall. The uninstall process is very straightforward, and no rebooting of the server is required to uninstall Live OneCare.

MailFoundry and the small user

You can call me slow, you can call me old.
You can call me what you will, you can call me over the hill.

But it’s still nice to discover something new … and free! This post is for those of you with small users (10 or less employees).

I know that MailFoundry has been around for quite awhile, but I never had a reason to look for a anti-spam solution until this past week. I have a customer (non-SBS) who uses the local Outlook junk mail filter for his office, and it works reasonably well. However, he also has his emails coming to his phone – and his phone gets all the junk and spam mail.

So, in checking out solutions, I discovered that MailFoundry currently offers free spam/virus filtering for up to 10 mail boxes! I signed the customer up, updated my MX records to point to Mail Foundry, and have been running a test with one mail client (the president of the company, of course). In the first few hours of running it, out of 151 incoming messages, it blocked 141, and not one was a false positive. it blocked 141 of a possible 151 messages.

More on my TrendMicro WFBS Update

I upgraded my Trend CSM 3.6 to their new Worry-Fress Business Security (WFBS) Advance 5.0 solution for SBS, and like the hero from the movie The Rocketeer, I can say, “I like it!”. Without even digging into all the new features, I can say that the spam filtering is much improved, and the Trend console seems snappier and more responsive. The console interface otherwise is the same as before, except with a fresh, up-to-date look to it.


On the new feature side, they have a new ‘location awareness’ settings for laptops that move around inside and outside the office that I want to try on my laptop. This version also supports Windows Home Server.


The inplace upgrade went very smooth. I simply downloaded and installed WFBS Advance right over my current CSM 3.6 setup. One word of caution: I was installing this via an RDP connection to my SBS server, and perhaps three times during the installation process, it will appear that your RDP connection has been disconnected. Don’t do anything – it will resume on its own.


Cheers!
-kw

Trend Micro renames/enhances CSM

For those of you using Trend Micro’s Clent Server Messaging (CSM) suite for your SBS servers, you should know that Trend Micro on June 2, 2008 recently rebranded the CSM product to “Worry-Free Business Security Advanced (WFBS)” and released version 5.0. 


If you are using CSM 3.5/3.6 and are under maintenance, you can upgrade to WFBS Advanced at no charge.. Upgrading to WFBS will preserve all your current CSM configuration parameters. Click here for instructions from Trend Micro on how to upgrade to WFBS. To download the WFBS Advance installation file (768MB), click here.


I’ll post back after I’ve installed it on my test server.


-kw