Security for a day

Got my first real slap from Forefront and it was a nasty shock.

Forefront has been deployed and working merrily on the network with only a few hiccups*

Then one of the team noticed that a DFS point for our file replication was acting oddly and files weren’t replicating properly. If you deleted a file, it would pop back up seconds later. Forefront was the only recent change to the systems, so we disabled it on the three DFS servers and the problem stopped. As soon as Forefront was started the problem re-appeared. One of the DFS servers had also been reporting a unusual high CPU reading, which disappeared as soon as Forefront was restarted.

I’d already put in all the exceptions from Ms KB822158 and was disappointed to find a bunch of posting to forums saying this was a know problem. Bizarrely, KB815263 has a number of AV venders’ products that work with DFS and Forefront isn’t one of them!

KB284947 recommends putting in excetpions for the folders that DFS replicates. Excellent, now I have a express malware delivery system via AD!

The DFS team had this to say on DFS and AV testing. Interesting, but not massively useful for the problem at hand.

Posting from Forums:

DFS and Forefront warning

DFS-R takes hours to replicate large file changes

More on this after further testing!

UPDATE

Nope, Ms have a hotfix for Forefront and DFS

It appears that Hotfix 944804 will address these reported symptoms but is an update to NTFS.SYS.

http://support.microsoft.com/kb/944804

Further what not to scan KB:

943556 Recommended Forefront Client Security file and folder exclusions for Microsoft products

http://support.microsoft.com/default.aspx?scid=kb;EN-US;943556