Jason Githens, Senior Program Manager for System Center 2012 Configuration Manager & System Center 2012 Endpoint Protection, just published a great article on System Center 2012 Endpoint Protection and false positives over on the Microsoft Server and Cloud Platform Blog. You can check it out at the link below:
Though Microsoft’s antimalware technologies have one of the lowest false-positive rates in the industry, you should always be ready to address Endpoint Protection false-positive situations if they occur in your environment. There are some basic steps you can take to mitigate and remediate the problem. The case study below presents a hypothetical example of how Kevin, the security administrator at Contoso, addressed a false-positive situation at his company.
You can read the rest of Jason’s article here.
J.C. Hornbeck | System Center & Security Knowledge Engineer
Get the latest System Center news on Facebook and Twitter:
App-V Team blog: http://blogs.technet.com/appv/ ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/ DPM Team blog: http://blogs.technet.com/dpm/ MED-V Team blog: http://blogs.technet.com/medv/ Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ Operations Manager Team blog: http://blogs.technet.com/momteam/ SCVMM Team blog: http://blogs.technet.com/scvmm Server App-V Team blog: http://blogs.technet.com/b/serverappv Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/ The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
Hi everyone, Peter Gallagher here and I wanted to talk about one of the new features in System Center 2012 Configuration Manager (ConfigMgr). The feature is the ability to automatically deploy software updates to clients and it can be utilized to automatically deploy Forefront Endpoint Protection 2010 antimalware definition updates to ConfigMgr clients. For more information on deploying Forefront Endpoint Protection 2010 with Configuration Manager as well as how to create an Automatic Deployment Rule for Forefront Endpoint Protection 2010 antimalware definition updates, please see the following: http://technet.microsoft.com/en-us/library/hh508770.aspx.
The issue I wanted to talk about was one where after following http://technet.microsoft.com/en-us/library/hh508770.aspx, antimalware definition updates may not be automatically deployed to clients as expected.
When this occurs, per the UpdatesDeployment.log and WindowsUpdate.log on the client, other software updates may be deployed successfully, but examining the UpdatesDeployment.log on the client shows that the client is not detecting Forefront Endpoint Protection 2010 as a product. The only indication of an error or problem will be the status of Forefront Endpoint Protection 2010 antimalware definition updates in the Windows Security Center on the client or the Configuration Manager console.
This issue can occur if the product “Forefront Endpoint Protection 2010” is not selected on the Software Update Point Component in Configuration Manager. An Automatic Deployment Rule in System Center 2012 Configuration Manager DOES NOT verify that the corresponding products or classifications that are selected are also selected on the Software Update Point itself.
To resolve this issue perform the following:
1. On the Central Administration Server (CAS), navigate to Administration\Overview\Site Configuration\Sites.
2. In the results pane on the right, highlight the servername that has the type of “CAS”. If you have a single server install, highlight the server listed.
3. In the ribbon at the top, click Configure Site Components and in the dropdown select Software Update Point.
4. Select the Products tab and then place a check next to Forefront Endpoint Protection 2010.
5. Review the Languages/Classifications tabs to ensure that the items selected in the Automatic Deployment Rules are also selected on the properties of the Software Update Point. Click OK when complete. There is no need to manually initiate a synchronization as Configuration Manager will detect a change (step 4 above) and automatically start a synchronization.
Note that this example is specific to Forefront Endpoint Protection 2010 antimalware definition updates, however the process applies to any Automatic Deployment Rule in System Center 2012 Configuration Manager. If a product/classification is selected in an Automatic Deployment Rule, the corresponding product/classification must be selected in the Software Update Point configuration screen.
Peter Gallagher | System Center Support Engineer
Forefront Endpoint Protection 2010 now supports upgrading an existing Forefront Endpoint Protection database and reporting database to Microsoft SQL Server 2012.
To use SQL Server 2012 with Forefront Endpoint Protection 2010, you must upgrade the existing instance of SQL Server from SQL Server 2008 or SQL Server 2008 R2. It is not supported to install new Forefront Endpoint Protection components on an existing or new instance of SQL Server 2012.
Before you can use Forefront Endpoint Protection 2010 with Microsoft SQL Server 2012, you must install the following update on the server running Forefront Endpoint Protection.
Forefront Endpoint Protection data warehouse and reports fail to get new data on SQL Server 2012 - http://support.microsoft.com/kb/2683558