Forefront Client Security

[May 2007]
Forefront Client Security
Microsoft goes all out with this technology-heavy product
By: Jeff Fellinge
Feature
InstantDoc #95504
From the May 2007 edition of Windows IT Pro

It wasn't until Microsoft's purchase of Giant Software and its Giant AntiSpyware product, and the subsequent release of Windows Defender, Microsoft's spyware scanning and removal tool, that the software giant really got serious about anti-malware. Now Windows Defender is built into Windows Vista and available as a free download for Windows XP. However, Windows Defender lacks centralized administration and alerting, which means it's not a serious anti-malware solution for most businesses. To fill this gap, Microsoft has released Microsoft Forefront Client Security, a client/server application targeted at businesses and designed to identify and block viruses, worms, spyware, rootkits, and other malicious software at the host level for servers and workstations.

Centralized Management Using Enterprise Tools
Although Forefront Client Security is new, the technologies behind it are not. Its pedigree includes the Windows Malicious Software Removal Tool, Windows Server Update Services (WSUS), Microsoft Operations Manager (MOM), Group Policy Objects (GPOs), and Microsoft SQL Server 2005, as well as work done by the Microsoft Product Support Services Security Response team, which is behind the malware definitions used by Windows Defender and Windows Live OneCare.

Forefront Client Security incorporates Windows Defender's real-time protection agents to watch for suspicious activities, such as whether new programs are configured to autostart, and to monitor changes to the Microsoft Internet Explorer configuration. You can also configure Forefront Client Security to participate in the Microsoft SpyNet program, which leverages a community of members to quickly spread the word about new threats.

The success of any antivirus or antispyware application depends on robust, up-to-date, and effective definition files. Forefront Client Security agents use an updated WSUS configuration that checks Microsoft Update hourly for new definitions. Many of the technologies used by Forefront Client Security are also used by Windows Live OneCare, which has been certified by ICSA Labs for antivirus and personal firewall use. Microsoft is seeking similar certification for Forefront Client Security. (For an insider's view of Forefront Client Security, download Karen Forster's interview of Microsoft Senior Product Manager Josue Fontanez at http://www.windowsitpro.com/podcast/Index.cfm?fuseaction=ShowRegistration&PCID=ccee52e8-6fcb-4c1c-aaf6a80563ea25aa.)

Most of the technologies behind Forefront Client Security are proven enterprise solutions, and if you already have Microsoft server product expertise in-house, your IT staff will find Forefront Client Security familiar. However, if you're new to these enterprise technologies, you might find installation, deployment, configuration, and administration daunting on both the server and clients.

Architecture and Installation
Forefront Client Security follows the client/ server application model common to most antivirus and antispyware products. Every managed client needs the Forefront Client Security agent installed. The Forefront Client Security agent isn't the same as the Windows Defender agent included in Vista—you'll actually need to disable the Vista Windows Defender antispyware agent before installing the Forefront Client Security client. The Forefront Client Security agent communicates with the product's server components, which play four roles: management server, collection server, reporting server, and distribution server. Depending on your hardware and the size of your company, you might be able to run all four roles on one system, or you can spread them across computers to scale the deployment. The server components run on Windows Server 2003 Release 2 (R2) or Windows 2003 Service Pack 1 (SP1) with all security updates installed.

The installation of Forefront Client Security might seem massive and complex, especially when compared with other antivirus and antispyware programs. Besides requiring WSUS to deploy antivirus and antispyware definitions as well as new security updates, Forefront Client Security uses the Microsoft anti-malware engine to detect and remove the most common or harmful viruses and worms and leverages MOM for client alert and event management. If your enterprise already has MOM, deploying Forefront Client Security will install a parallel MOM server for Forefront Client Security alone. Forefront Client Security stores all its data in a SQL Server 2005 database and uses SQL Server 2005 Reporting Services (SSRS) to generate reports. Forefront Client Security includes MOM, but you must download and install the other components individually. Note that I tested the public beta of Forefront Client Security, which might differ from the RTM version.

Prerequisite software. Before you install the server components, you need to make sure you've installed the prerequisite software:

Microsoft IIS, ASP.NET, and Microsoft FrontPage Server Extensions
SQL Server 2005 Enterprise Edition SP1
Group Policy Management Console SP1
Microsoft .NET Framework 2.0
Microsoft Management Console 3.0
WSUS 2.0 SP1

(For step-by-step instructions for installing these products and troubleshooting problems, see http://www.microsoft.com/technet/clientsecurity/default.mspx.) As part of the prerequisite work, you'll also set up a Windows Update GPO in your test environment to point test clients to the WSUS server.

Installing the server software. After you install the prerequisite software, download Forefront Client Security at the Microsoft Web site and run the installer. A wizard does a pretty good job stepping you through the configuration and setup, but you'll want to pay close attention to the dialog boxes and instructions, especially if you're installing the product components across multiple servers. The wizard will prompt you for information required for a basic MOM installation, such as the server name, MOM group name, and database and account information. Make a note of all this information, as you'll be asked for it again later. You'll also configure the reporting server and reporting database. For a single-server installation, the wizard guides you through the configuration of the various Microsoft technologies used to build Forefront Client Security.

Prev. page [1] 2 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Order Your SharePoint Fundamentals CD!: Learn how to uncover rich information management capabilities with this free SharePoint CD.

Evaluating Your Database Infrastructure: The wind of change is in the air for your corporate databases. SQL Server 2008 and other new technologies can mean it is possible to deploy more powerful and effective databases.

True High Availability for SQL Servers: SQL Server DBA’s must ensure that they have some form of protection in place. This seminar gives useful tips on HA and resources that are available for your disaster recovery planning.

Virtualization Congress Oct. 14-16: Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16 in London.

FEATURED LINKS

Coming This Fall –SharePoint Live Event Series: Join SharePoint experts Wendy Henry and Michael Noel for best practices regarding infrastructure, design, redundancy, site administration, and ECM. Early Bird Price of $99

Find a new job on the all new IT Job Hound!: Search jobs, post your resume, and set up job e-mail alerts!

Master SharePoint with 3 eLearning Seminars!: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Virtualization for Mission-Critical BI with SQL Server: Join this Aug. 20th web seminar to learn a different approach to virtualization for BI-based application infrastructure. Ask questions of live experts!

Windows IT Pro Is Your Definitive Source for BI Tools: Our tools are BI-lateral (relating to both the front and back ends of BI). Build the best platforms and reports with help from SQL Server Magazine. Master data-delivery with solutions in Windows IT Pro. Choose the resource that's right for you.

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Learning Path

Windows IT Pro Resources

Related Articles

Related Whitepapers

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS