Difference between revisions of "MSSecurityEssentials"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
m (White-listing)
m (minor tidyup)
Line 35: Line 35:
 
* /runwgacheck - automatically perform a Windows Genuine Advantage check
 
* /runwgacheck - automatically perform a Windows Genuine Advantage check
  
* /o - don't automatically run the updater and the system scan after installation - when you then login it may then give a red indicator and say that real time protection is off because virus definition files are out of date. I've had a few differing experiences at this point, either it updates them quickly automatically, or if you click on the system tray icon it tells you it's out of date but then updates it quickly, or it displays this then just waits for you to manually press the 'Update' button.. This is as both an Administrator and as a Limited User.
+
* /o - don't automatically run the updater and the system scan after installation - when you then login it may then give a red indicator and say that real time protection is off because virus definition files are out of date. I've had a few differing experiences at this point, either it updates them quickly automatically, or if you click on the system tray icon it tells you it's out of date but then updates it quickly, or it displays this then just waits for you to manually press the 'Update' button. This is as both an Administrator and as a Limited User.
  
 
== White-listing ==
 
== White-listing ==
  
Soon after installation it can recognise potentially useful software as a threat. For example if you have UltraVNC installed it will flag up UltraVNC.exe and RealVNC.exe. There's a risk that a user, when prompted, will choose to remove or quarantine such files and remove the administrator's ability to connect. Administrative users can allow, quarantine or remove suspicious files where as Limited users can only remove or quarantine suspicious files. Administrators will want to white-list any such programs that should not be considered a threat, upon installation.
+
Soon after installation MSE can recognise potentially useful software as a threat. For example if you have UltraVNC installed it will flag up UltraVNC.exe and RealVNC.exe. There's a risk that a user, when prompted, will choose to remove or quarantine such files and remove the administrator's ability to connect. Administrative users can allow, quarantine or remove suspicious files where as Limited users can only remove or quarantine suspicious files. Administrators will want to white-list any such programs that should not be considered a threat, upon installation.
  
White-listing can be performed manually using: Show details → Recommendation → Select an action → Allow → Apply actions (note that Close means 'don't take any action at this point') → Close - this is saved system-wide.
+
White-listing can be performed manually using: Show details → Recommendation → Select an action → Allow → Apply actions (note that Close means 'don't take any action at this point') → Close. This is saved system-wide.
  
 
White-listing is saved in the registry so can be automated in any of the usual ways, see the [[Adding_Registry_Settings | registry editing section]].
 
White-listing is saved in the registry so can be automated in any of the usual ways, see the [[Adding_Registry_Settings | registry editing section]].
Line 56: Line 56:
 
This contains exclusion paths.
 
This contains exclusion paths.
  
Continuing with the above example, to allow UltraVNC the registry file should look like this:
+
Continuing with the above example to allow UltraVNC, the registry file should look like this:
  
 
<source lang="reg">
 
<source lang="reg">
Line 84: Line 84:
 
=== Virus Definition Updates ===
 
=== Virus Definition Updates ===
  
Virus definition updates are automatically downloaded and incorporated by the program, or via Windows Automatic Updates.
+
Virus definition updates for MSE are automatically downloaded and incorporated by the program, or via Windows Automatic Updates.
  
 
To download the Microsoft Forefront Client Security antimalware definition update file (Mpam-fe.exe) for 32-bit (x86-based) versions of Windows, go to http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0x409 and for 64-bit versions of Windows go to http://go.microsoft.com/fwlink/?LinkID=87341&clcid=0x409
 
To download the Microsoft Forefront Client Security antimalware definition update file (Mpam-fe.exe) for 32-bit (x86-based) versions of Windows, go to http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0x409 and for 64-bit versions of Windows go to http://go.microsoft.com/fwlink/?LinkID=87341&clcid=0x409
Line 93: Line 93:
 
=== Program Updates ===
 
=== Program Updates ===
  
Microsoft Security Essentials updates itself through Windows Automatic Updates.
+
The Microsoft Security Essentials program itself is updated through Windows Automatic Updates.
  
  
 
[[category:Silent Installers]]
 
[[category:Silent Installers]]

Revision as of 15:31, 22 June 2010

WPKG Package

This is a silent installer and uninstaller for Microsoft Security Essentials, Windows XP, US English, 32-bit version. 

<package
	id="microsoft-security-essentials"
	name="Microsoft Security Essentials"
	revision="2"
	reboot="false"
	priority="1">

	<check
		type="uninstall"
		condition="exists"
		path="Microsoft Security Essentials"/>

	<install
		cmd='%SOFTWARE%\ms_security_essentials\mssefullinstall-x86fre-en-us-xp.exe /s /runwgacheck' />

	<upgrade
		cmd='%SOFTWARE%\microsoft-security-essentials\mssefullinstall-x86fre-en-us-xp.exe /s /runwgacheck /o' />

	<remove
		cmd='%SOFTWARE%\ms_security_essentials\mssefullinstall-x86fre-en-us-xp.exe /s /u'/>
</package>

Note than an upgrade line is required because although the program may update itself (though I'm not certain it does), if you bump the revision number then WPKG will want to run an 'update'.

Installer command-line switches

  • /s - perform a silent installation
  • /runwgacheck - automatically perform a Windows Genuine Advantage check
  • /o - don't automatically run the updater and the system scan after installation - when you then login it may then give a red indicator and say that real time protection is off because virus definition files are out of date. I've had a few differing experiences at this point, either it updates them quickly automatically, or if you click on the system tray icon it tells you it's out of date but then updates it quickly, or it displays this then just waits for you to manually press the 'Update' button. This is as both an Administrator and as a Limited User.

White-listing

Soon after installation MSE can recognise potentially useful software as a threat. For example if you have UltraVNC installed it will flag up UltraVNC.exe and RealVNC.exe. There's a risk that a user, when prompted, will choose to remove or quarantine such files and remove the administrator's ability to connect. Administrative users can allow, quarantine or remove suspicious files where as Limited users can only remove or quarantine suspicious files. Administrators will want to white-list any such programs that should not be considered a threat, upon installation.

White-listing can be performed manually using: Show details → Recommendation → Select an action → Allow → Apply actions (note that Close means 'don't take any action at this point') → Close. This is saved system-wide.

White-listing is saved in the registry so can be automated in any of the usual ways, see the registry editing section.

The following registry keys and values are relevant:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction

This contains a list of signatures which are allowed and the action to perform. 00000006 relates to the action "Allow".

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes

This contains exclusion processes.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths

This contains exclusion paths.

Continuing with the above example to allow UltraVNC, the registry file should look like this: 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction]
; Allow RealVNC
"7480"=dword:00000006
; Allow UltraVNC
"16555"=dword:00000006

; Set an exclusion process for winvnc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
"C:\\Program Files\\UltraVNC\\winvnc.exe"=dword:00000000

; Set an exclusion path for winvnc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
"C:\\Program Files\\UltraVNC\\winvnc.exe"=dword:00000000

References

* http://social.answers.microsoft.com/Forums/en/msestart/thread/a944fa0a-db4c-43da-affb-ab21eb9a4d65
* http://social.answers.microsoft.com/Forums/en-US/msestart/thread/56426422-5c5d-4296-a055-421b554f5eee

Updates

Virus Definition Updates

Virus definition updates for MSE are automatically downloaded and incorporated by the program, or via Windows Automatic Updates.

To download the Microsoft Forefront Client Security antimalware definition update file (Mpam-fe.exe) for 32-bit (x86-based) versions of Windows, go to http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0x409 and for 64-bit versions of Windows go to http://go.microsoft.com/fwlink/?LinkID=87341&clcid=0x409

To run the Microsoft Forefront Client Security antimalware definition update file in silent mode: Mpam-fe.exe -q

Program Updates

The Microsoft Security Essentials program itself is updated through Windows Automatic Updates.

Retrieved from "https://wpkg.org/index.php?title=MSSecurityEssentials&oldid=8097"