Forefront Client Security

[May 2007]
Forefront Client Security
Microsoft goes all out with this technology-heavy product
By: Jeff Fellinge
Feature
InstantDoc #95504
From the May 2007 edition of Windows IT Pro

You'll notice two new programs: Forefront Client Security, which is the actual client installed on the Forefront Client Security server, and Forefront Client Security Console, which is your primary interface for managing the application. Launching the Console for the first time invokes a wizard that takes you through the rest of the configuration.

When configuration is complete, you'll see the Forefront Client Security management console, which Figure 1 shows. The console shows the status of the computers in your environment. On the Dashboard tab, you can immediately assess your security state, including seeing how many computers you're currently managing and their status, such as whether they have malware or vulnerabilities, whether their policies are out of date, and whether any alerts have been generated. You can access rich reports from the right side of the console, including summaries of alerts, malware, and security state.

Creating a policy. After you install the server components, you need to create a policy to define how to protect clients and to schedule scans and definition updates. It's best to create this policy before you deploy the agent software, so the agents will use your policy right away and not the default policy, which might schedule scans at a frequency and coverage level that doesn't suit the needs of your business.

You can create separate policies for servers and workstations, each with its own scan schedule and configuration. From the management console, click the Policy Management tab and select New. Enter a name for the policy and click the Protection tab, which Figure 2 shows. Here you define how Forefront Client Security should protect clients. I really like how Microsoft implemented the scheduling options. For example, you can schedule a full malware scan to occur every week and schedule quick scans, which check the registry and common locations where malware is often installed, to occur every few hours. You can also schedule a security state assessment scan, which differs from a malware scan in that it checks for missing updates and common security misconfigurations.

Options on the Advanced tab let you configure how to handle quarantined files and exclude certain files or folders from scans. You can also tweak your users' privileges on the client. For example, you can allow users to enable or disable virus or malware protection, and you can specify whether users can schedule their own scans. You can even let users respond to prompts, or you can choose to limit that privilege to administrators.

After you've created your policy, you must deploy it. Forefront Client Security lets you assign policies to organizational units (OUs) and security groups and configure a policy for implementation via a registry (.reg) file that runs directly on a client.

Installing the client software. The Forefront Client Security agent software can be installed on Windows 2003 R2, Windows 2003 SP1, Windows XP SP2, or Windows 2000 SP4 systems that have all security updates installed. All other antivirus and antispyware software must be uninstalled. You must also install Windows Update Agent 2.0 and Windows Installer 3.1 on XP and Win2K systems before you install the client. This requirement might complicate your deployment plans a bit.

To install the client software, copy the contents of the Client directory from the Forefront Client Security CD-ROM to the client computer. The setup program will install the MOM client installation program and the Forefront Client Security agent. Run ClientSetup.exe, using the /MS parameter to specify the name of the MOM management server and the /CG parameter to specify the name of the MOM configuration group. If you wanted to install the Forefront Client Security server components on a single server named mfcs.security.local, for example, you would run the following ClientSetup command:

ClientSetup.exe 
  /MS mfcs.security.local 
  /CG ForefrontClientSecurity

Next, you must approve the client installation in the MOM console. (Alternatively, you can wait an hour, which is the default time for all pending installations to be automatically approved.) On the server where you installed the MOM console, click Start, All Programs, and launch the MOM 2005 Administrator Console. In the console's left pane, navigate to Administration, Computers, Pending Actions. In the right pane, right-click the name of the client computer and approve the manual installation. You can create your own logon script or use Microsoft Systems Management Server (SMS) or a third-party software management program such as LANDesk Software's LANDesk Management Suite to deploy clients, but you must create your own deployment package.

Make sure your clients are configured to pull their updates from the Forefront Client Security WSUS server so they'll receive the Forefront Client Security malware definitions. In addition to conducting on-demand and scheduled scans for malicious software, the Forefront Client Security client agent assesses the security configuration of the host computer. Configuration checks that the client agent can do include ensuring that Automatic Updates is enabled; checking whether anonymous connections are restricted or whether autologon is enabled; enumerating administrators groups; examining password expiration parameters; checking that NTFS is used; confirming that the guest account is disabled; identifying whether any "unnecessary services" are installed, such as WWW, FTP, SMTP or Telnet; and validating that security updates are applied. The client reports alerts to the Forefront Client Security server, where you can view the status of all your systems from a single console.

Navigating the Client
After you install the agent, log on to the client; navigate to All Programs, Microsoft Forefront; and run Forefront Client Security. Use the buttons at the top of the client interface to start a quick scan or a full scan, or to start a custom scan, which lets you select specific drives or folders to scan. The History button lets you review past actions, such as which suspicious items you've allowed to run and which have been quarantined. The Tools menu lets you review the quarantined-items list and set program options such as when to automatically scan a computer and how to handle alerts.

Prev. page 1 [2] 3 next page

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technology Resource Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound ITTV

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

SQL Server Magazine

Search

SQL JOB OPENINGSSPONSORED LINKS

Free SQL Server Performance Dashboard

FEATURED LINKS

SQL Server Magazine

Search

Learning Path

Windows IT Pro Resources

Related Articles

Related Resources

SQL JOB OPENINGSSPONSORED LINKS

Free SQL Server Performance Dashboard

FEATURED LINKS