Browse by Tags

Tagged Content List
  • Wiki Page: WSUS Administration Best Practices Recommended to Ease System Center Endpoint Protection (and FEP/FCS) Deployment

    Table of Contents Client-based FEP/WSUS best practices WSUS server-based best practices Recommendation Appendix Forefront Client Security and Endpoint Protection both use WSUS infrastructure in different ways. This, unless your Forefront update policy uses a network share to deploy the updates. The...
  • Wiki Page: FCS: MOM Rule/Script Troubleshooting and Isolation

    When the MOM agent (including the MOM server's agent) downloads the Rules and Configuration which include scripts, these Rules (and scripts) sometimes fail to successfully execute. When this happens you may or may not find clues in any of the Event logs, MOM Operator Console, or typical MOM agent...
  • Wiki Page: FCS Supported SQL Server Versions

    The information below originates here . It is presented here in a slightly different format for ease of editing. Version Notes SQL Server 2005 Standard or Enterprise, SP3 or later Server roles (32 bit ONLY)
  • Wiki Page: FCS: WSUS Signature Distribution

    The authoritative source for definition items = http://support.microsoft.com/kb/977939 Some links to writeup these are getting a bit dated though as they do not detail Binary Delta Delta Changes or the new package chaining that occurs for serverside items: http://blogs.technet.com/b/kfalde/archive...
  • Wiki Page: FCS: How to Add Centrally Managed Process Exclusions

    The FCS console unfortunately does not have a mechanism to add centrally managed process exclusions however since these are controlled by registry keys and values it is possible to create .adm templates and import a process exclusion into existing FCS Policy GPO's An example of such a .adm file...
  • Wiki Page: FCS: Troubleshooting Out of Date Policy Issues with Clients

    At times on the server may list clients as having an Out of Date policy. The first step to troubleshooting this issue is understanding what this error message means: The message results because the version # for a clients policy reported from the client does not match with the last version # that...
  • Wiki Page: Using MOM Tasks to Uninstall SSA from FCS Clients

    It sometimes becomes necessary to remove the SSA component from a machine that has FCS installed. The following steps walkthrough creating a MOM task that can be ran against FCS clients that have the MOM agent installed. First create the task, then run it on the agent. Using the MOM Administrator...
  • Wiki Page: Troubleshooting Installers in Forefront Client Security

    FCS uses the Microsoft Software Installer (MSI) for most of its components. MSI is built into the operating system, and the file name (used both by system service and installer executive) is MSIEXEC.EXE . When you run this program by itself in a command prompt, you’ll see the offering of parameters...
  • Wiki Page: FCS Applicable Hotfixes

    FCS Client Hotfixes FCS RTM - Build 1.5.1937.0 AMQFE3 - KB938054 Build 1.5.1941.0 AMQFE4 - KB952265 Build 1.5.1955.0 AMQFE5 - KB956280 Build 1.5.1958.0 AMQFE6 - KB971026 Build 1.5.1972.0 AMQFE7 - KB976668 Build 1.5.1973.0 AMQFE8 - KB979536 Build 1.5.1981.0 AMQFE9 - KB2394433 Build 1...
  • Wiki Page: Forefront Client Security FAQ

    Table of Contents General FCS FAQ's Server FAQ's Client FAQ's Forums FAQ's Specific Threats This article is a location to store all frequently asked questions (FAQ) for Forefront Client Security. Please add to this list! General FCS FAQ's FCS Applicable Hotfixes ...
  • Wiki Page: Forefront Client Security

    Microsoft Forefront Client Security or FCS is the first corporate/enterprise version of our Antimalware engine for protecting client OS's. It uses a combination of existing Microsoft Technologies to achieve this including the following: A customized version of MOM 2005 for pulling data from...
  • Wiki Page: FCS Event ID's

    Source Event ID Meaning FCSAM 1000 Scan Started FCSAM 1001 Scan Completed FCSAM 1006 Scan Malware Detected FCSAM 1007 Scan Malware Action taken (ie clean/remove/quarantine/ignore etc) FCSAM 1008 Scan Malware Action taken...
  • Wiki Page: Prepare Your Existing Antivirus Software for an FEP Deployment

    When deploying Forefront Endpoint Protection, making a few simple changes to your existing Antivirus Software before installing FEP can increase the success of your deployment. Below are a list of tasks: 1.) Disable any passwords for your AV software - Symantec, Trend, Etc... all have an option for...
  • Wiki Page: FCS: Check/Modify Your Current Retention Times for SCDW Database

    Paste the following code into a new SQL Query window on the server that hosts your SystemCenterReporting Database: use SystemCenterReporting select cs.cs_tablename 'Table Name', wcs.wcs_groomdays 'Groom Days' from warehouseclassschema wcs join classschemas cs on...
  • Wiki Page: FCS: Retrieve Quarantined Files Remotely

    There are times you may need to retrieve files quarantined by the FCS antimalware engine from a remote computer. FCS locally quarantines the files on the computer where the infection happened. Note: This procedure requires use of Robocopy. Robocopy is resident on Windows 7 and Windows Vista, but must...
  • Wiki Page: FCS KB2394433 (QFE 9) Introduces a Real-Time Protection Error 0x8007007f on Windows 2000

    Issue: There is an issue with the changes made in QFE9 (KB2394433 or KB2394439) that prevents the Antimalware minifilter mpfilter.sys from loading properly on Windows 2000. This causes a failure to provide On Access Real-Time Protection. Customers experiencing this issue should revert back to QFE8...
  • Wiki Page: FCS: Supported Operating Systems

    The information in this table originates here . It is presented in a different format here for ease of editing and posting . Server Supported Operating Systems Support Details Windows Server 2003, SP2 or later, Standard/Enterprise Server role (32 bit ONLY...
  • Wiki Page: FCS: MOM Client States, Pending Actions and Discovery Rules

    Pending Actions Pending Actions Cause Requires Patching This indicates a server side MOM patch has been applied and there is a client component that can be pushed to the client that is pending. Approve Manual Agent Install This is the most common item and it is...
  • Wiki Page: FCS

    This is a stub article.
  • Wiki Page: Forefront: Extent of Localization

    Most of the Forefront products are available in English and the following ten languages: Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian and Spanish. FCS Server Protection Exchange SharePoint...
  • Wiki Page: Configure WSUS to Deploy Previous FCS Client Hotfix

    Sometimes a need arises to stop deploying the current FCS update (hotfix) and revert to deploying the previous release. Each of these releases have been covered in the " FCS Applicable Hotfixes " Wiki article under the FCS Client Hotfixes section. In the WSUS console follow these two steps...
  • Wiki Page: Obtain the Latest FCS Rollup Package from Your WSUS Server

    If you are using some method other than WSUS to distribute the initial FCS installer you may find the following steps useful to obtain the latest rollup for the client package. You will need a WSUS server in your environment to do this. Locate the update in WSUS for which you need to locate the files...
  • Wiki Page: Determine FCS Client State from Script

    Occasionally when I talk with FCS customers they are interested in determining the state or health of an FCS client in a script. This script might be used for a computer login script, VPN access script, or network quarantining solution (not NAP for which FCS already has a plugin ). A few customers would...
  • Wiki Page: FCS: Data Retention in Forefront Client Security

    The information below originates here . It is presented below to enable community contribution. Forefront Client Security stores data about the malware found in your organization. The size requirements of your databases depend on a number of factors. Each managed computer sends data to the collection...
  • Wiki Page: FCS: Items You Should Include with Your Question

    When posting a question regarding a client side issue please ensure you included the following items in the posting: Client version info>Open the client and click the Help drop down>About Microsoft Forefront Client Security Client Version: 1.5.1973.0 Engine Version: 1.1...
Page 1 of 2 (28 items) 12
Can't find it? Write it!