Forefront client Security : Part 2
in my previous post we learned how to install FCS server so next step how to configure it and deploy clients policy and explorer the interface
so lets start by lunching the console you will get before you begin wizard
basically it confirm all the setting we used in the installation so ok until the finish
and we done
now we need to deploy FCS to the Machines fcs can be deployed using several ways
- SCCM or similar product
- Script (Manual or AD startup script )
- WSUS (my personal favorite)
note : do not use the MSI into GPO directly this will install only parts of FCS not all of it
in WSUS deployment client will contact wsus and register in it the first update it will get is FCS and its prerequisites then FCS updates if you enforcing the wsus configuration using GPO it will take one restart after the domain join for the machine to register in WSUS
so how to deploy using wsus
- accept the FCS package
- deploy policy ( if the machine does not see or policy not applied on it it will not receive FCS client )
to make things easier I recommend create a view for FCS
then we have to approve the following
- Client update for Microsoft forefront client security (XXXXX) (this is the installation )
- Definition update
- Definition update (security stat assessment )
here a trick I learned
when you download update in wsus it uses bits , the problem is that bits don’t use the full bandwidth it give other machines opportunity to use the network and dot utilize much of the server resources
so if we switched the wsus to foreground it will become bandwidth monster (I have seen it consume near 100% of the bandwidth and leave the users with nothing ) so take care and switch this off after you finish
first download Server Diagnostic Tool from http://technet.microsoft.com/en-us/wsus/bb466192.aspx and extract it to c:\wsustools (you can use any name but make it short )
next run the command
wsusdebugtool.exe /tool:setforegrounddownload
now wsus can eat all the bandwidth it can find 
so setback and enjoy
next we configure the GPO for WSUS
Some windows update commands you might find useful
- net stop “Automatic Updates” && net start “Automatic Updates”
- net stop “Windows Update” && net start “Windows Update”
- wuauclt /detectnow
now for the final step creating a policy
we start by giving it a name
next we adjust the protection setting
next we set the advanced policy ( take care if this policy apply to servers each server need his own exclusions (like exchange database files )
next the override and here the real work begins we have to toughen FCS a bit because it will not act unless there is a huge threat to the machine like worm or virus (will let the cracks and keygen ) and we need force it to act when any item is detected
please add action for every category and severity
leave the setting for the last tab the same except for the spynet membership set it to advanced
next we deploy the policy
please note that you can not change the policy name after you deploy it if you need to make modification do it from the FCS console
as you can see below the first update the client receives its the FCS client
and now its installed and updated
next let us view some of the reports
Alert Summary
Computer summary
Deployment Summary (definition and policy )
Malware summary
Security State
Security Summary
of course this is not all the reports you can drill down as much as you want if there is some thing FCS not lacking its reporting capabilities
wait for part 3 tips and tricks
