Forefront Client Security is an enterprise-level antimalware offering. As part of a total security solution, Client Security protects your client computers from malware threats in the enterprise.
Threats don’t always come from the world outside your firewall. Your users may be unknowingly bringing malware into the work environment by bringing in items as innocuous as pictures. Enabling users to protect their home computers from malware threats could reduce the incidence of malware in your enterprise.
Customers who license the Client Security agent on a per-user basis can provide the Client Security agent to employees at no additional cost for protecting home computers. These home-based Client Security agents must be deployed in an unmanaged configuration; they will not be able to report to your Client Security servers in your enterprise.
Hi Folks,
Here’s a FCS Best Practice from the Engineering team for those of you that have deployed or will deploy multiple FCS deployments across an enterprise.
Best Practice: As indicated in the FCS v1.0 Release Notes, each FCS deployment should be given a unique Management Group name during FCS Server setup.
We would like to hear from customers who have multiple FCS deployments with identical Management Group names by emailing mcpfdbck@microsoft.com
To find the FCS Management Group name:
1. At the Management Role machine for a given deployment:
a. Click StartàAll ProgramsàMicrosoft Operations Manager 2005àAdministrator Console.
b. In the MOM Administrator Console, click on Console RootàMicrosoft Operations Manager(<servername>) and record the name of the Management Group in the main window.
c. Repeat for the next FCS deployment.
2. If you find any identical names, let us know!
Thanks,
Eduardo Villasenor
Program Manager
Forefront Client Security
Forefront Endpoint Protection 2012 beta is here! We are extremely excited to announce the availability of Forefront Endpoint Protection 2012 Beta. Customers can download the Beta software immediately here. You can also download the pre-requisite System Center Configuration Manager 2012 Beta 2 here.
Forefront Endpoint Protection 2012 continues to deliver on the promise of Forefront Endpoint Protection 2010, simplifying and improving endpoint protection while also greatly reducing infrastructure costs. It builds on System Center Configuration Manager 2012, allowing customers to implement endpoint protection as part of a unified infrastructure for securing and managing physical, virtual, and mobile client environments. This shared infrastructure lowers ownership costs while providing improved visibility and control over endpoint management and security.
Forefront Endpoint Protection 2012 continues to provide proactive protection against known and unknown threats using multiple technologies in the antimalware engine like behavior monitoring, network inspection system and heuristics. With cloud based updates through the spynet service, endpoints get updated protection against new threats in real time. See the benefits of enabling Dynamic Signature Service in FEP here.
You can find more product details on our Website or TechCenter. And for more information about convergence of management and security, please visit our new Windows Optimized Desktop page.
You can now evaluate Forefront Endpoint Protection 2012 beta and System Center Configuration Manager 2012 beta with a community of early adopters. Join the Community Evaluation Program for System Center Configuration Manager and evaluate the products with guidance from the product team and by sharing of experiences and best practices among a community of peers.
We hope you will evaluate the early version and give us your feedback!
Forefront Endpoint Protection team
Next up in our registry key series: enabling definition updates upon service start.
By default (out of box), the FCS client will check for definition updates:
However, there is a registry key available that you can use to cause the FCS client to check for definition updates whenever the service (FCSAM) starts. As in the first post of this series (http://blogs.technet.com/clientsecurity/archive/2010/01/29/scanning-removable-drives.aspx), you must use either an ADM file via Group Policy or a .reg file to add the key.
The key name is UpdateOnStartup, and has two possible settings:
A couple of notes about this key:
For the ADM file, start Notepad, and then copy and paste the following text into the Notepad file:
CLASS MACHINECATEGORY !!FCSCategory POLICY !!UpdateOnStartup_Name KEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates" EXPLAIN !!UpdateOnStartup_Explain VALUENAME UpdateOnStartup VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY
END CATEGORY[strings]FCSCategory="Microsoft Forefront Client Security"UpdateOnStartup_Name="Enable definition update on startup"UpdateOnStartup_Explain="This setting instructs the FCS antimalware client to update definitions on startup."
Save the file as an ADM file, making sure to choose All files *.* as the file type (the KB suggests saving it with the KB ID number – for this one, you could use UpdateOnStartup.ADM as the file name), and then use Group Policy to deploy the new setting, as described in Option 1, step 2, in the KB article.
If you want to deploy the UpdateOnStartup key via a .reg file, follow the steps described in Option 2 in the KB article, substituting the following registry information for step 4:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates]
"UpdateOnStartup"=dword:1
If you are using Forefront Endpoint Protection (FEP) 2010, you may have tried running one of the three default FEP reports and noticed that not all areas or sub-reports display properly. You may see an error in processing the reporting data or retrieving the data, similar to the error displayed below:
Error while trying to run the Antimalware Activity Report:
We found this error was due to the installed version of Microsoft SQL Server not being up-to-date with the latest Cumulative Update package. Cumulative Update packages contain hot fixes that address issues in the currently installed version of Microsoft SQL Server which may be versions ranging from Release to Manufacturing (RTM), Service Pack (SP), or Feature Release (R).
In digging into the details of the error related to FEP reports not displaying properly, we found the following errors in the System Center Configuration Manager Console and/or in the %drive%:\Program Files (x86)\Microsoft Configuration Manager\Logs\SRSRP.log file, reporting Error ID 7403 related to the health of SRS Reporting Point thread:
STATMSG: ID=7403 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_SRS_REPORTING_POINT" SYS= SITE= PID=2880 TID=5572 GMTDATE=Wed Oct 21 17:57:26.302 2009 ISTR0="HACM01" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_SRS_REPORTING_POINT 10/21/2009 10:57:26 AM 5572 (0x15C4) Failures reported during periodic health check by the SRS Server . Will retry check in 57 minutes SMS_SRS_REPORTING_POINT 10/21/2009 10:57:26 AM 5572 (0x15C4)
In the two environments we discovered this issue, Microsoft SQL Server 2008 and SQL Server 2008 R2 were running, but had NOT had the Cumulative Update package installed. As soon as this update was installed, the FEP reports began displaying properly.
At the time of this blog, these are the most current Cumulative Update Packages for Microsoft SQL Server 2008 and 2008 R2. However, you should do a Bing search to ensure you are always installing the latest version.