Alerts. Microsoft shows alerts in the system notification area
and classifies them as high, medium, or low, depending on their severity. For
example, if definitions are out of date, an orange icon appears in the notification
area, signifying a medium risk.
If you've used other antivirus and antispyware programs, you'll find Forefront
Client Security intuitive and easy to navigate. When suspicious activity is
detected, Forefront Client Security notifies the local client and alerts the
central console. The client provides good information to assist in troubleshooting,
such as providing a direct link to the Malicious Software Encyclopedia
for more information about the detected activity, making it easy to triage threats.
Armed with this information, you can configure a policy that automatically
invokes a response, or you can specify an action such as removing or quarantining
the file. You can also track an alert through MOM, which provides an operations
view of the incident, including the current state, the time in the state, and
real-time information about the threat received by the client. This information
helps your IT staff determine a response.
Reports. Forefront Client Security reports are handled by SSRS
and can be accessed from Forefront Client Security's management console.
Forefront Client Security dynamically generates the reports and provides extensive
drill-down capabilities. However, these capabilities put a performance load
on SQL Server, so you'll want sufficient horsepower to generate your reports.
No reusing old hardware here: Depending on your environment, I recommend a minimum
of a dual-core processor that's faster than 2GHz, 4GB RAM, and at least 100GB
of available hard-disk space.
A Hybrid with Potential
Forefront Client Security is the culmination of four years of work on loosely
correlated Microsoft security products, and I'm glad Microsoft has released
it. Still, there's room for improvement. I characterize the current release
as a centrally managed, corporate-focused, Microsoft Baseline Security Scanner/Windows
Defender hybrid, powered on the back end by some of Microsoft's most sophisticated
software. Unfortunately, that hybrid nature makes Forefront Client Security
more difficult to install than it needs to be, and the product's complexity
can frustrate users, especially when something goes wrong.
For Forefront Client Security to meet its potential, administrators will need
to view it as more than just an antivirus scanner. The product offers so much
more, and when used in an all-Microsoft environment, it will really shine. Imagine
using GPOs to define malware policies, and a shared infrastructure that deploys
both security updates and malware definitions. Picture yourself viewing antivirus
alerts on a network operations center console that also reports other critical
infrastructure information, from outages on domain controllers to problems with
Microsoft Exchange. Forefront Client Security has the potential to deliver much,
but its ambitious use of many different and often complicated enterprise technologies
might not appeal to small-to-midsized businesses or larger companies that prefer
a simpler approach.
End of Article
Prev. page
1
2
[3]
next page -->
