Solved

ForeFront Frustrations

Posted on 2012-04-05
14
563 Views
Last Modified: 2012-06-27
I am taking a serious look at MS ForeFront EPP as a possible replacement for our current antimalware solution. I'm doing this primarily because we have an EA with MS and that happens to be included in our CORE EA.  

After trudging through the mess that is the setup of SCCM and FF, if it wasn't for the fact that it's "Free" for me, I would have abandoned this a couple of days ago as too convoluted to install or fool with.

However, on to my issues.  I have SCCM 2007 installed and pointed to a SQL server. I have FEP installed as well. I have created a test collection in SCCM and have assigned one PC to it. I have created and configured a policy. I have assigned that policy to that collection that has just the one PC as a member.

So far, I don't see any evidence either on the PC or in FEP that the policy has been distributed to the PC.

So I have two questions.  First, any idea what I may have missed?  Second, is there an overarching document that outlines all of the things that have to be configured in SCCM in order for FEP to work?  Both of these apps are new to me and so I am slogging my way through them.
0
Comment
Question by:jhyiesla
  • 7
  • 5
  • 2
14 Comments
 
LVL 28

Author Comment

by:jhyiesla
Comment Utility
As a piece of additional info, I found a technet video on deploying the FEP package.  Ahha I thought that's what I am missing. I walked through the video with my setup and followed step by step. But when I was done there again was no indication that the package was being deployed to my PC.
0
 
LVL 7

Expert Comment

by:raeldri
Comment Utility
Does the targeted pc have the SCCM client installed? what are the SCCM logs showing? execmgr.log  should show the different packages being run on the clients
0
 
LVL 28

Author Comment

by:jhyiesla
Comment Utility
No, the PC does not have the SCCM agent installed.  I didn't even know that FEP required SCCM until I went to install it and we did not have SCCM installed anywhere on our network.  I should have guessed that MS wouldn't just create a standalone program, they'd bolt FEP onto something else, incorrectly assuming that it would already be installed in an environment.

Both of these products are totally new for us and I can't seem to find a single document that would walk me through the FEP process from beginning to end; assuming SCCM and FEP already installed.
0
 
LVL 7

Assisted Solution

by:raeldri
raeldri earned 100 total points
Comment Utility
FEP can function without SCCM you just lose all the central reporting which makes it so useful and powerful.

take a look at the stickied posts over at http://www.windows-noob.com/forums/index.php?/forum/54-configuration-manager-2007/

There is a lot to configure inside of SCCM to get a functional environment ensure SCCM is functioning before pushing forward with the FEP part of it. The time spent in configuring SCCM for your environment will provide many benefits with many useful reports or software deployment or even OSD
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 400 total points
Comment Utility
Just for your reference, as of this year, FEP transitions into part of the System Centre 2012 suite.

http://www.microsoft.com/en-us/server-cloud/system-center/endpoint-protection-2012.aspx
0
 
LVL 28

Author Comment

by:jhyiesla
Comment Utility
raeldri, I don't see how FEP can function without SCCM, since SCCM is a requirement for the product and in fact it's a bolt on to SCCM.  If you can show me where the documentation is for that, I'd appreciate it.  However as Keith_ points out, it looks like FEP is just going to be fully integrated into the 2012 product. Since I am in no huge rush for this, I amy just opt to wait and load up the new product.

Anyone have any idea of release date on that?  Seems that it's still in a RC status.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 400 total points
Comment Utility
Still not been published although the public release was actually a few days ago - 1st April.
http://rcpmag.com/articles/2012/04/02/system-center-2012-released-to-volume-licensees.aspx
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 28

Author Comment

by:jhyiesla
Comment Utility
yeah, we're an EA customer and I just checked our volume licensing site and it's there.  I think I'l going to abandon the 2007 I've set up and just install the new Datacenter version and go from there.

Thanx...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
No problem. EA customer as well - downloading as i type :)
0
 
LVL 28

Author Comment

by:jhyiesla
Comment Utility
Looks like I don't need everything, but I'm downloading it all anyway.
0
 
LVL 28

Author Closing Comment

by:jhyiesla
Comment Utility
Thanx for all the help.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Welcome :)
0
 
LVL 28

Author Comment

by:jhyiesla
Comment Utility
A personal opinion.. :)

I don't think the new one is any less frustrating. Downloaded it, but installing is a nightmare. It doesn't like the version of SQL2008 that we're running, even though the SCCM 2007 was fine with it and when I installed SQL 2008 Express on the SCCM server, it didn't like  the service login account, even though the service account was the default one that the installer choose AND was one of the ones that the error message said was OK.

If some other third party anti-malware product was this arcane, inane, and difficult to install, they would be out of business.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
<smiles> Have you ever taken a look at Service Manager - that is bizarre as well :)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
Viewers will learn the different options available in the Backstage view in Excel 2013.
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now