Hej som utlovat kommer presentationen från dagens seminare på följande länk. Om ni har frågor eller andra tankar är ni välkomna att skicka e-post på adressen som står i presentationen.
Tags: ConfigMgr 2012
ConfigMgr 2012 | admin | 
April 20, 2011 06:43 | 
Comments (0)
If you have local administrators they might uninstall Forefront Endpoint Protection 2010 from their system, to keep track of this and automatically remediating this. Then you have the option to advertise a FEP installation to the built-in collection for FEP called “Locally Removed”. So if a user uninstalls the client they will get it automatically again.
Don’t forget to set the advertisement to always rerun. Its also a good idea to keep track of the advertisement to make sure you don’t have clients that end up in a loop.
Note: I have seen some cases where there is an issue with clients ending up in this collection without having the client uninstalled. Usually triggering a Hardware Inventory resolves this.
ConfigMgr 2007, FEP | admin | April 7, 2011 20:29 | Comments (0)
As some of you might have noticed there is no Tamper protection with Forefront Endpoint Protection 2010. So how would you handle this in your environment ?
Usually the issue comes if you have your users as local administrators on their PCs they have full control over their PC.
So there are different ways to go around this. My first way to handle this is to configure a GPO that controls the Microsoft Antimalware Service. And set the Service to automatically start and only your real administrators to have the Start and Stop Rights.
My option 2 is to have a advertisement with a reoccurring script or startup script to set the service to start automatically and start the service it if its stopped. The target is the Built-in Collection
strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootcimv2")Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name = ‘MsMpSvc’")
For Each objService in colServiceList
objService.ChangeStartMode("Automatic")
Wscript.Sleep 5000
errReturnCode = objService.StartService()
Next
ConfigMgr 2007, FEP | admin | 20:20 | Comments (0)
Quite frequently the question where do I see what the latest release definition updates are from Microsoft. Sometime you want to compare and check so you have the latest definitions in your environent.
At the url posted below you will find the latest information about definitions and the ability to download them manually.
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
ConfigMgr 2007, FEP | admin | 19:51 | Comments (0)
After the session I got some questions regarding the MOM Agent for the FCS Client when upgrading. Apparently my tongue slipped and I misstated the behavior of the MOM Agent uninstallation. My apologies for that.
The intended action is that the MOM Agent should get uninstalled although there has been some minor issues detected with this. But the normal behavior should be that the MOM Agent should get uninstalled! Although if the MOM agent is multihomed uninstallation will prompt for this. If you encounter the behavior where the client is not uninstalled please contact Microsoft Support.
http://technet.microsoft.com/en-us/library/gg477033.aspx
Below you will find a link with the presentation as promised. At the end you will find the links discussed in the presentation. For those of you who have other question feel free to contact me.
I forgot to mention our Swedish based System Center User Group that is found @ www.scug.se
Best Regards
Stefan Schörling
stefan@msfaq.se
ALL CODE IS PROVIDED AS IS WITH NO WARRANTIES
Presentation: Managing Forefront Endpoint Protection with System Center Configuration Manager
ConfigMgr 2007, FEP, Ops Mgr 2007 | admin | March 30, 2011 16:17 | Comments (0)
Forefont can use Microsoft Update to get definitions and sometime you need to open proxy servers and firewalls for this. It is not a must to use this source but if you are using this method , I have posted a list below of known urls for Microsoft Update that you can exclude or allow in your proxy or firewall.
http://download.windowsupdate.com
https://*.windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
http://update.microsoft.com
http://*.windowsupdate.com
http://download.microsoft.com
http://windowsupdate.microsoft.com
http://ntservicepack.microsoft.com
http://wustat.windows.com
https://update.microsoft.com
ConfigMgr 2007, FEP | admin | March 3, 2011 22:41 | Comments (0)
If you have viruses or malware that hasn’t been detected by Forefront Endpoint Protection, you can use this link below to submit samples for analysis.
https://www.microsoft.com/security/portal/Submission/Submit.aspx
ConfigMgr 2007, FEP | admin | 22:21 | Comments (0)
The answer is it depends, this information is from a icrosoft presentation and the information may change without further notice.
Microsoft reset the definition updates through a process they call ‘re-base’ – currently once a month as part of the engine release
Today there are 4 types of packages which can be used to update FEP clients
If you want to track definitions and se how your client behaves have alook in this folder (Win7)
ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackup
ConfigMgr 2007, FEP | admin | February 16, 2011 04:07 | Comments (0)
The Configuration Manager Support Team Blog
Subscribe