Anti-malware platform update released, part of the new normal

By Nash Pherson  -

On 27 November, Microsoft released another anti-malware platform cumulative update for System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP). KB2907566 adds some interesting improvements that definitely make it worth testing and deploying:

KB2907566 – November 2013 anti-malware platform update for Endpoint Protection clients

  • Adds anti-tampering functionality to reduce the risk that malware will disable or bypass anti-malware scanning.
    For example, access to files and folders that are used by the anti-malware platform can be changed only by trusted system processes or by the anti-malware platform itself.
  • Improves overall performance of the anti-malware platform.
    Anti-malware performance is improved compared to that of previous platform versions. Improvements were made to scan functionality. These changes involve no configurable effects.
  • Ongoing improvements to Microsoft Active Protection Service (MAPS) and Dynamic Signature Service (DSS). These make real-time cloud-based protection easier.
    Scale and performance improvements were made to the MAPS and DSS systems. Make sure that you opt-in to at least Basic or Advanced MAPS to make sure that you are benefitting [sic] from cloud-based protection.

It looks like Microsoft will continue to semi-regularly release cumulative updates for the anti-malware platform in this fashion. It is very good to see regular meaningful improvement in a product like this: kudos to the product team.  It looks like ConfigMgr admins should just plan on testing and deploying anti-malware platform updates in between ConfigMgr cumulative updates. The next cumulative update is not expected until mid-January 2014, three months after R2 released.

This update applies to environments on at least ConfigMgr 2012 R2, ConfigMgr 2012 SP1 CU3, or ConfigMgr 2007 SP1 UR1.

To install the KB2907566 update in your ConfigMgr 2012 environment, you must first install the hotfix update package on your primary site server. Then, the only supported way to update your Endpoint Protection clients ins through the Automatic Client Upgrade process. Be sure to baby-sit the upgrade, as clients with broken task schedulers or that never got the automatic upgrade scheduled task won’t get the update.

The cumulative update supercedes KB2865173 (which was also included in CU3 for ConfigMgr 2012 SP1).

I hope that helps,

 

Nash

email

Written by , Posted .