Forefront Endpoint Security 2010 (FEP) Release Candidate was just released. In this post, we will discuss ways for administrators to monitor FEP. There are several monitoring features provided with FEP2010 - this is the first in a series of posts about these monitoring features.
One of the key architecture changes from FCS is FEP’s alignment with System Center Configuration Manager. Configuration Manager provides the platform for client distribution and policy settings, as well as data collection to and from clients.
The FEP Dashboard is an extension to the Configuration Manager console. After deploying the FEP console extension to Configuration Manager (either on the server or on administrator’s laptop), a new node appears in the navigation tree called “Forefront Endpoint Protection” (see Figure 1).
Figure 1 - FEP Dashboard
Capabilities of the FEP dashboard (see the labeled figure above):
Ziv Rafalovich, Senior Program Manager
All of the computers that SCCM has deployed FEP to in my environment show up under the Locally Removed collection. The only client that shows up as being installed is the one I did manually.
Me too. I had the eval version of FEP installed on sccm I've since uninstalled just the client from the sccm server and manually reinstalled the RTM client.
When I deploy FEP to the clients they show up in the Locally Removed collection.
Thanks for the comments!
A client computer ends up in the Locally Removed collection as a result of FEP being advertised to the client, the client reports success, but the Configuration Manager inventory process returns results that do not include FEP.
You can verify the inventory result by right-clicking a computer, point to Start, and then click Resource Explorer.
If the inventory data does indeed report no FEP installed on the client, you should investigate just how the FEP client software got uninstalled on each client computer. This could be an action of the user, you may have other antimalware software that is
removing the FEP client software, or there could be malware doing the uninstall.
If the problem continues, I suggest you open a support case by using one of the resources:
support.microsoft.com/.../default.aspx . You can also ask further questions via the Forefront Endpoint Protection forum, where MVPs as well as Microsoft folks answer questions… (social.technet.microsoft.com/.../fcsnext)
Can anyone tell me how current is the dashboard data, is it real-time or span of over a few days, etc.? Second question is (depending on the answer to the first question), where is the setting to set the timeframe data on the dashboard?
The dashboard data is a result of WSQL queries that run every hour. These queries essentially sort the machines into the different FEP Collections based on the FEP data uploaded by the ConfigMgr client.
There is no setting to determine a timeframe because there isn’t a timeframe. It’s real-time in the sense that every hour the database is queried and machines are moved based on their relative data.