Forefront Endpoint Protection Blog - All Comments

re: The System Center Security Monitoring Pack for Endpoint Protection now supports System Center 2012 Operations Manager SP1

J.C. Hornbeck [MSFT] — Tue, 19 Mar 2013 17:27:08 GMT

Hi Steve, to the best of my knowledge there's no work around like you describe but I'll definitely pass this along to the dev team.

re: The System Center Security Monitoring Pack for Endpoint Protection now supports System Center 2012 Operations Manager SP1

Steve Burkett — Tue, 19 Mar 2013 14:22:26 GMT

Hi J.C.,

The docs for the MP say that to monitor clients, they all need Ops Manager agents on them (Pricey!).

Is that the only option to monitor SCEP clients using Ops Manager? We'd just want to flag up an alert when we get an infection somewhere.

Is it possible for Ops Manager to monitor just the SCCM 2012 server which is pulling in all the SCEP status reports anyway?

re: Monitoring Forefront Endpoint Protection 2010 – the FEP Dashboard

J.C. Hornbeck [MSFT] — Wed, 23 Jan 2013 18:34:16 GMT

The dashboard data is a result of WSQL queries that run every hour. These queries essentially sort the machines into the different FEP Collections based on the FEP data uploaded by the ConfigMgr client.

There is no setting to determine a timeframe because there isn’t a timeframe. It’s real-time in the sense that every hour the database is queried and machines are moved based on their relative data.

re: Monitoring Forefront Endpoint Protection 2010 – the FEP Dashboard

Jon — Wed, 23 Jan 2013 16:39:54 GMT

Hello -

Can anyone tell me how current is the dashboard data, is it real-time or span of over a few days, etc.? Second question is (depending on the answer to the first question), where is the setting to set the timeframe data on the dashboard?

Thanks.

re: How to move the FEP Databases and the CM Site Database

Kriss Milne — Fri, 18 Jan 2013 02:15:58 GMT

I recently ran into this issue when migrating the FEP database and it wasn't acceptable to loose the historical data.

I isolated and identified the root cause of the problem and have managed to successfully migrate the FEP database and all of my FEP reports are successfully working.

I wanted to share here the solution for others that run into this issue:

The problem is that some of the views in the FEPDW database reference the local SQL server by a linkedserver instead of the actual servername, this is by design to provide the felxibility of changing servers etc...

The problem is that when running the ServerSetup.exe and using an existing database (the migrated one) it doesn't create the linkedserver references and as such the views in the FEPDW database do not work.

You can use the following SQL query to view the linkedserver entries:

select *

from sys.servers

The two entries that are required by the FEP database are:

SelfLinkedServer

FEPDW_ORG_FEPDW_ORG_OLAPProvider_FEP

on the new SQL Server that you are migrating to you must create these linkedserver entries, the following queries can be used to do this:

for SelfLinkedServer:

Exec sp_addlinkedserver

@server = 'SelfLinkedServer',

@srvproduct = '',

@provider = 'SQLNCLI',

@datasrc = 'SQLSERVERNAME\INSTANCE'

NOTE: - SQLSERVERNAME\INSTANCE is the servername and instancename of your sql server

for FEPDW_ORG_FEPDW_ORG_OLAPProvider_FEP:

Exec sp_addlinkedserver

@server = 'FEPDW_ORG_FEPDW_ORG_OLAPProvider_FEP',

@srvproduct = '',

@provider = 'MSOLAP',

@datasrc = 'SQLSERVERNAME\INSTANCE',

@catalog = 'FEPDW_SITECODE'

NOTE: - FEPDW_SITECODE is the name of your FEPDW database

After performing these actions you should be able to successfully migrate the FEP database using the FEP ServerSetup.exe

re: More information on Microsoft antimalware protection on Windows 8 and Windows Server 2012

kinokijuf — Thu, 27 Dec 2012 13:45:46 GMT

What free antivirus do you provide for Server 2012 when used as workstation? On previous version you could use MSE.

re: Wildcards in path exclusions: FCS

rwalke2 — Mon, 03 Dec 2012 19:23:12 GMT

Does this blog post apply to SCEP 2012 and FEP 2010, or just FEP 2010?

re: More information on Microsoft antimalware protection on Windows 8 and Windows Server 2012

J.C. Hornbeck [MSFT] — Thu, 08 Nov 2012 17:29:00 GMT

Hi Kevin, that means it should be set to "Enabled." Just as an FYI there are some steps on how to do this here: www.ehow.com/how_6834770_disable-windows-defender-group-policy.html

re: More information on Microsoft antimalware protection on Windows 8 and Windows Server 2012

KevinMJohnston — Thu, 08 Nov 2012 17:01:45 GMT

I'd like clarification on this statement:

"Please remove any Group Policies containing “Turn off Windows Defender”=Disabled"

Does this mean that the "turn off Windows Defender" policy should be set to Enabled or Not Configured?

On my first read of the note, I took it to mean that any policies which disable Windows Defender should be removed. This would makes sense because Defender on Windows 8 is the same service/process (MsMpEng.exe) as FEP/SCEP.

Thanks

re: TechNet Wiki went live on Wednesday

Kimborly A. Ditto-Ehlert — Fri, 11 May 2012 15:59:00 GMT

Hi there Lorin!

Can you head over to lab.msdn.microsoft.com/.../contactus.aspx

And submit more details on this issue? That way we can get a repro - we cannot seem to repro the issue you describe.

Thanks!!