Microsoft Forefront Client Security

Microsoft Forefront Client Security
Rating
Overall:

Installation needs to be much more streamlined, but this is a low-maintenance security solution with quality reporting

Performance:
4
Features & Design:
4
Value for money:
4
Specs
Console: Windows Server 2003 SP1/R2; WSUS 2/3; 1GB RAM; 6GB disk space; Agent: Windows 2000 onwards

Forefront Client Security (FCS) protects against viruses, spyware and malware to workstations, laptops and selected server platforms. Only Microsoft OSes are on the list, but Forefront components are available for Exchange Server, SharePoint and ISA2006. It can operate in centralised or distributed modes, and uses MOM2005 and SQL Server 2005 to provide all reporting features.

The installation process is crucial: FCS will make your life very difficult if you choose the wrong path. The FCS agent works hand in glove with the automatic update service, which provides it with all virus signatures and antimalware updates. The best method of handling this is to use WSUS, allowing you to centralise management and approval of all agent updates.

For testing, we opted for a centralised installation and selected a dual 3GHz Xeon 5160 server to handle both WSUS and FCS services. Using a fresh copy of Windows Server 2003 R2, we kicked off with WSUS; this is simple to install and the Products and Classifications section has an option for downloading FCS updates. A Group Policy is used to point your clients at the WSUS server, and a template is provided that can be used to decide how agents will react to updates.

The FCS console installation is handled by a wizard, which runs a preflight check to ensure your system is up to the job. The routine then installs management, collection, reporting and distribution servers, plus collection and reporting databases.

Things get more complicated when it comes to FCS agent deployment. Three new services are loaded on each client – MOM, antimalware and FCS – and must be done so in a specific order, so there’s no MSI package for these.

From the FCS console, you create and deploy security policies to ensure clients receive the necessary components. We found the deployment easy enough in our AD domain, as we could pick and choose from organisational units and Group Policy objects, allowing us to apply policies to different users and groups.

Policies allow you to determine which antivirus and antispyware components are active, if real-time scanning is enabled and to schedule regular full scans.

You can force update checks prior to running scans, create lists of file exclusions and, if the WSUS server goes down, you can redirect clients to Microsoft’s website.

The agent interacts with the local MOM service, so alerts are sent directly to the MOM server and stored in the database. With the policies deployed, we could now use WSUS to push the actual agent out.

The FCS console opens with three graphs showing an overview of systems reporting critical issues, along with those that have no issues or haven’t reported in.

For the first and third graphs, you have links directly to more detailed reports that break down the information into pie and bar graphs for each incident.

It’s a pity the console can’t be customised to suit, but you get access to reports on detected malware and vulnerabilities, alerts and out-of-date policies.

Plenty of summary reports are provided to give you the low-down on areas such as alerts and infections, plus a general security report. The 14-day chart gives a historical view of the three main graphs and is useful for spotting trends. The panel below this provides direct links to the MOM client interface, where you can view alerts and the state of the agents on each system.

Clients get a new icon in their System Tray that shows status and scanning activity. If permitted, they can load the interface, run on-demand system scans and interact with a Tools menu that provides options for creating scan schedules, viewing quarantined items and adding items that are exempt from the scan process.

During testing over a three-week period, we found FCS required little intervention – updates were all handled behind the scenes. The FCS console doesn’t refresh automatically, but the F5 key does the job just as we ll, and alerts generated by clients find their way here in seconds. We were most impressed with the in-depth reporting on offer.

Smaller businesses will find the long-winded installation process for FCS tedious, but once set up correctly FCS is simple to manage and maintain. Reporting and alerting are handled well, and the NAP (network access protection) feature due in Windows Server 2008 will add valuable desktop and laptop health checks as well.

Source: Copyright © PC Pro, Dennis Publishing

See more about:  microsoft  |  forefront  |  client  |  security
 
 
Latest articles on BIT Latest Articles from BIT
Looking for storage? Seagate has five new small business NAS devices
22 Aug 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
15 Aug 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Panasonic launches new security cameras and recorders
14 Aug 2014
Panasonic has released seven new cameras that can record at high-speed and in HD - that's better ...
Does your business need a backup and recovery appliance?
14 Aug 2014
News that Netgear has added ReadyRECOVER to its ReadyDATA unified storage might be of interest ...
Need to share files securely using your phone?
12 Aug 2014
Accelion's kiteworks Team Starter costs $5 per month per person and is designed to help teams ...

Latest Comments

Latest Poll

What PC component are you planning to upgrade in the next six months










Ads by Google

From our Partners

PC & Tech Authority Downloads