This topic describes how to configure automatic signature updates for the Network Inspection System (NIS), the signature-based part of the Forefront TMG Intrusion Prevention System. NIS uses signatures developed by the Microsoft Malware Protection Center (http://go.microsoft.com/fwlink/?LinkId=160624) to protect systems that have not been updated with the latest software updates, from attacks that exploit known vulnerabilities of Microsoft operating systems and applications. To keep your systems protected from the latest threats, it is recommended to verify that you have connectivity to the appropriate update source, and that you enable automatic installation of the latest signatures.
For more information about configuring connectivity to Microsoft Update or Windows Server Update Services (WSUS), see Managing definition updates for Forefront TMG.
Before you can use Forefront TMG to block attacks on known vulnerabilities, you must download the latest NIS signature set. The following procedures provide instructions on how to configure NIS signature set updates, and how to verify that the NIS is receiving the updates.
|Newly downloaded signatures are applied to new connections only.|
To configure NIS signature set downloads
In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.
On the Tasks tab, click Configure Properties.
On the Definition Updates tab, under Automatic definition update action, select one of the following options:
- Check for and install updates
(recommended)—Select this configuration to automatically
download and install the latest signature updates.
- Only check for definitions—Select this
configuration to be notified of the availability of new signatures
- No automatic action—Select this
configuration to disable automatic updates.
- Check for and install updates (recommended)—Select this configuration to automatically download and install the latest signature updates.
Under Response policy for new signatures, select one of the following options:
- Microsoft default policy
(recommended)—Select this configuration to accept the default
response to the signature.
- Detect only response—Select this
configuration to record a log only when traffic matching this
signature is detected.
- No response (disable signature)—Select
this configuration to take no action, and not record a log if
traffic matching this signature is detected.
- Microsoft default policy (recommended)—Select this configuration to accept the default response to the signature.
To verify that NIS is receiving updates
In the Forefront TMG Management console, in the tree, click Update Center.
In the details pane, check to see if the NIS's last update succeeded.
If not, click Network Inspection System (NIS), and then in the Tasks pane, click Check for Definitions.
If the system cannot download an NIS update, check your network configuration.
Copyright © 2009 by Microsoft Corporation. All rights reserved.