Forefront Client Security Tip
this is one of the Most common issues in FCS ,this error usually appears because of misconfiguration or bad server sizing
the Symptom
FCS console stop registering new computers or have very old information
this means when you run report you don’t get data or some PC,and Some not
the solution
why this is happening ?
in 90% of the cases I have seen this is because of high volume of communication coming for the server (its just like denial of service attack ) so the server react to it as if it was DOS by locking down and not accepting any new machines or information
“The alert level you assign to a policy affects how Client Security notifies you of issues with client computers. In general, the higher you set the alert level of a policy, the more events Client Security will issue alerts for. Also, at higher alert levels, individual events receive alerts, whereas at lower alert levels, many events may be combined into a single event, such as a successful response to malware discovered on many client computers that are assigned a low alert level.
The alert level you assign to a policy should reflect the importance, or criticality, of the computers to which you deploy the policy. For example, if you intend to deploy a policy to mission-critical servers, you may want to set the policy’s alert level to 5, which will provide you the highest degree of notification of issues with the servers.”
to fix this we have to do three easy steps 
step one :reducing the alert level
note : don’t worry about this you will still notified when FCS catches virus also you don’t have to bring it all the way to level one you can start by dragging it one by one down
but for the server or mission critical machines we do the opposite (one the Servers policy )
this will make FCS collect all it can about the MC Machines
Step Two :so next we deploy the policy
don’t forget to wait a bit for the clients to register the new updated policy
Step three :
we start MOM administrator console
Expand management pack ,expand Microsoft forefront client ,expand server behavior
now on the right open the properties of the run flood detection
open responses tab and click edit this is what you should be seeing (this is a FCS in good health )
so to make the new computers accepted if you find auto-approve computer turned into false make it true and that’s about it
now you can set back and wait for the updated information to flow in
note: you can change the time the action will run from the management pack page under schedule this will also increase the approval rate of the server ( don’t make it below 15 minutes
