View RSS Feed

TheScarfedOne

Forefront... Defender's Big Daddy!

Rate this Entry
by , 9th April 2009 at 08:16 PM (3609 Views)
I said in my last blog about us deploying Forefront over Easter, and its all pretty much done... ahead of schedule!

Before I get into it, a bit of blurb about what it is...

What is ForeFront Client Security (FCS) then? This is a client/server solution that helps scan and remove malware (virus, spyware, rootkit, Trojan...) in client and server operating systems. This is a new product from Microsoft. It uses WSUS 3.0 for distributing i installation and definitions. All agent policy can be managed remotely using AD Group Policy.
Snazzy then!! On into deploying it... and a few gotchas particularly if you plan to use Server 2008 (and why wouldnt you now anyway!!). For the time being, forget x64 until Stirling (aka Forefront v2) - getting all the pre-requisites sorted for this is a real pain and for the time being x86 will do just fine.

Getting started - but before you even think about installing...
:: Install MS .NET Framework 1.1 with SP1

:: Install MS .NET Framework 3 via Server Manager

:: Install IIS and ASP.NET via Server Manager
[Install the following role services: Static Content, Default Document, HTTP Redirection, Directory Browsing, ASP.NET, ISAPI Extension, ISAPI Filters, Windows Authentication, IIS Metabase, IIS 6 WMI]

:: Install SQL Server 2005 with SP2
[Install the following components: Database Services, Reporting Services, Integration Services, and Workstation components]

:: Verify and record the reporting server URL (you will need that later)

:: Install GPMC with SP1 via Server Manager

:: Install, configure, and synchronize Windows Server Update Services (WSUS) with SP1
[In particular, make sure you have configured the following: Synchronize Product: Forefront Client Security, Synchronize Classification: Definition Updates, Create an auto-approval rule for Definition Updates]

:: Add the Client Security server site to the Local intranet zone


Now you can install...
:: Run the Server Setup wizard for the media

:: Dismiss the Program Compatibility Assistant dialog box

:: On the Component Installation page, select all the check boxes

In the Setup wizard, you will provide server names, SQL Server instances, and service accounts you have already set up. In addition, you must specify the following:

Size of the databases - make sure the size does not exceed the space on your server.

Management group name - use the default value (ForefrontClientSecurity). Record the name that you enter, because you will need to provide it when configuring Client Security group policies...

Configuring deployment
Options here... use the built in WSUS deployment - YES it pushes the main install too!!

Alternatively, if you really want you can push it via Group Policy software install. You have 4 packages to push though - and you will need to edit the MOMAgent.msi to include details for your setup.

We went with WSUS deployment - which you configure via the FCS Console on the server. Open it up and go to the Policies tab. Either edit the default one, or create a new one. Configure all you settings (fairly self explainatory really), and then done. Select your policy and either deploy to OU (which will create a new GPO to control the OU), or add to an existing OU. We created new one - so I could see what all the settings were.

Simple - takes little or no time. You will have to have set up a GPO to deal with Windows Update already tho to auto install updates.

Cost...
On MS Schools: around £1 per machine!! Peanuts compared to other products and you have MS support!

Questions, ideas and comments welcome as always...
Categories
Uncategorized

Comments

  1. unseen's Avatar
    How does Forefront compare against Avast/AVG for detection and cleanup?.. I've got to look at it soon to replace our Norton setup so probably an even worse pain for removal there than I'd like to think about now.. Was there any issues removing what you had ? How did you work the roll out, removal first then push out through wsus or have the 2 running together?
  2. TheScarfedOne's Avatar
    Hi there... late response I know but here we go!

    1. Cleanup rates... well i get emails from it periodically telling em when it has found a "threat" and dealt with it. The usual .js ones so far and all dealt with.

    2. Deployment. We used to have AVG, thankfully a quick google showed up that Kaspersky had an AVG removal tool. It does what it says on the tin - silently removes AVG. Used that and pushed Forefront at the same time using WSUS. You can use GPSI though.
  3. unseen's Avatar
    Quote Originally Posted by stuartwilkie
    Hi there... late response I know but here we go!

    1. Cleanup rates... well i get emails from it periodically telling em when it has found a "threat" and dealt with it. The usual .js ones so far and all dealt with.

    2. Deployment. We used to have AVG, thankfully a quick google showed up that Kaspersky had an AVG removal tool. It does what it says on the tin - silently removes AVG. Used that and pushed Forefront at the same time using WSUS. You can use GPSI though.
    Thanks for that Stuart, I'm actually NHS based IT (unfortunately no equivalent of EduGeek for us! ) but I've got to look at forefront due to NHS licensing. Have you had it find any real nastys yet? Or any reports of it not finding stuff?

    Rob
  4. TheScarfedOne's Avatar
    I will check the logs for you and see if I can find something BIG!! LOL. I dont think there has been anything major. Easy to manage tho, and v2 looks like it will be really good too.
  5. unseen's Avatar
    Cheers Stuart much appreciated. It's gained quite a lot of momentum at work as the "wrong" people have seen the "Ease of control" and other similar blurbs being pushed out by MS. Good to know it's not all hot air!! We've been a Symantec house for a long long time now.. (think it's coming up to 9yrs now!) But I have to admit I DO NOT like endpoint (v11) and when I trialed the server components it was the worst hog I've seen in a long time as it's now Java based yuck!.. Ho hum change is good (I hope!)

Trackbacks

Total Trackbacks 0
Trackback URL: