Technical Overview of Forefront Client Security Questions and Answers (08-27-08)

  • Article

Sorry it took so long, but I got caught up in so many other meetings and such that I didn't get a chance to do some research to answer a few of the questions.  I did get it complete so here is the Q&A Log from the Webcast I delivered on Monday, August 27, 2007 on Forefront Client Security.  Please let me know if you have any questions.

Harold Wong
harold.wong@microsoft.com

Technical Overview of Forefront Client Security Questions and Answers (08-27-08):

Question: Can Forefront Client Security be technically installed on a SBS2003 server and the clients in the SBS domain even though it may not be cost effective?

Answer: The challenge with installing it onto an SBS 2003 Server has to do with the version of SQL Server. SBS 2003 Premium comes with SQL Server 2005 Workgroup Edition and FCS requires Standard as a minimum. You will still need to acquire a separate copy of SQL Server 2005 Standard (or Enterprise) for this.

Question: If a client machine is a laptop that is not in the office when Client Security is deployed can the client installation for that remote laptop be sent to the laptop owner and installed manually or does it have to be pushed from the Forefront Server?

Answer: The FCS Management server does not push out the install of FCS to the client machines. You will need to perform the install via another mechanism. In your example, you could have them install from a CD or some other mechanism. These machines will need to have access to the domain in order for GPO to apply and therefore your settings. Of course, you could also push out a .REG file to them with the settings (in my opinion, this is not the ideal way).

Question: Can you install non-security Management Packs on the Client Security copy of MOM 2005 to monitor things like Exchange performance, Active Directory performance, and SQL performance?

Answer: No, it is a special license strictly for the use of FCS. Please see: https://www.microsoft.com/forefront/clientsecurity/howtobuy/default.mspx.

Question: For VISTA Clients does Forefront use the VISTA firewall or does it install its own firewall and is the Forefront Firewall better than the Vista Firewall?

Answer: With Vista, the FCS client works with the firewall that comes with Vista.

Question: If the client machines are VISTA and are running the ISA Firewall client should the Microsoft ISA firewall client be removed or does Forefront work in conjunction with the ISA Firewall client?

Answer: It works in conjunction with.

Question: In the Microsoft SBS2003 environment Computer Associates and Symantec sell Protection suite products that provide virus, spyware, and client backup protection with central management for under $1000 for 50 users. Is there a Forefront Client Suite for SBS2003 in that price range?

Answer: At this time, Microsoft does not have a “package” specifically targeted at the SBS market similar to the package that CA or Symantec offers.

Question: Looks like Windows Defender Application. Whats the difference?

Answer: FCS builds on top of the Defender UI and also provides Anti-Virus capabilities in addition to the Anti-Spyware.

Question: W ould you reccomend this applixcation for Windows XP SP2?

Answer: Absolutely!!!

Question: Are there suggested file type and directory exclusions for the various common Microsoft Applications that still give adequate protection but that do not excessively scan files and directories that are not likely to be infected and if exclusions have been implemented does the automatic definition updates review those exclusion and advise if a new virous has started infecting a type of file previously though to be unlikely to host a virus?

Answer: I don’t know of an official list anywhere. I can say for Exchange Servers, you need to omit the directories that store Exchange logs and database files. Of course in this environment, you will want to also have an anti-virus program that is specific to Exchange (such as Forefront Security for Exchange).

Question: where can I download this application?

Answer: Here’s the home page for Forefront Client Security. On this page, there is a link to download the trial copy: https://www.microsoft.com/forefront/clientsecurity/default.mspx.

Question: What do you do to add or remove a client to Forefront and can ( or should?) all the servers in your environment run the real time Forefront Client?

Answer: The fact that it is installed on a Domain member machine and you can apply GPO settings means it is “added” to your environment. Yes, FCS can be installed on all your servers, but you will need to determine if that is what you want to do. My question to you is “do you have real time anti-virus installed on all your servers today (non server application based like Exchange)? If so, then that can possibly be replaced with FCS.

Question: How does FCS works on worstations/laptops that are not part of a domain environment, since FCS relies on domain GPO????

Answer: In terms of functionality on the client side, nothing changes. What you don’t get is the central management and reporting of those clients.

Question: what is the number of malware signatures currently registered?

Answer: That I don’t know. Of course, the moment we specify a number, it could be out of date within an hour. The key is how effective is FCS in protecting against virus outbreaks. Of course, I would say it is very effective.

Question: and what is the frequency they update?

Answer: Microsoft will update as frequently as is necessary. You can perform an update on your end as frequently as every hour.

Question: is there another method of detection of new malware than the use of signatures and and the heuristic annalysis?

Answer: This is pretty much the standard for all antivirus applications. we use a heuristics engine along with a signature file.