Managing NIS signature downloads

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to configure automatic signature updates for the Network Inspection System (NIS), the signature-based part of the Forefront TMG Intrusion Prevention System. NIS uses signatures developed by the Microsoft Malware Protection Center (https://go.microsoft.com/fwlink/?LinkId=160624) to protect systems that have not been updated with the latest software updates, from attacks that exploit known vulnerabilities of Microsoft operating systems and applications. To keep your systems protected from the latest threats, it is recommended to verify that you have connectivity to the appropriate update source, and that you enable automatic installation of the latest signatures.

For more information about configuring connectivity to Microsoft Update or Windows Server Update Services (WSUS), see Managing definition updates for Forefront TMG.

Before you can use Forefront TMG to block attacks on known vulnerabilities, you must download the latest NIS signature set. The following procedures provide instructions on how to configure NIS signature set updates, and how to verify that the NIS is receiving the updates.

Note

Newly downloaded signatures are applied to new connections only. Cached content, however, is inspected by NIS with the active signature set each time a client requests it.

To configure NIS signature set downloads

  1. In the Forefront TMG Management console, in the tree, click the Intrusion Prevention System node.

  2. On the Tasks tab, click Configure Properties.

  3. On the Definition Updates tab, under Automatic definition update action, select one of the following options:

    • Check for and install updates (recommended)—Select this configuration to automatically download and install the latest signature updates.

    • Only check for definitions—Select this configuration to be notified of the availability of new signatures for download.

    • No automatic action—Select this configuration to disable automatic updates.

  4. Under Response policy for new signatures, select one of the following options:

    • Microsoft default policy (recommended)—Select this configuration to accept the default response to the signature.

    • Detect only response—Select this configuration to record a log only when traffic matching this signature is detected.

    • No response (disable signature)—Select this configuration to take no action, and not record a log if traffic matching this signature is detected.

To verify that NIS is receiving updates

  1. In the Forefront TMG Management console, in the tree, click Update Center.

  2. In the details pane, check to see if the NIS's last update succeeded.

  3. If not, click Network Inspection System (NIS), and then in the Tasks pane, click Check for Definitions.

  4. If the system cannot download an NIS update, check your network configuration.

Concepts

Configuring protection from known vulnerabilities
Planning to protect against known vulnerabilities