Search This Blog

Sunday, January 10, 2010

Forefront Corporate AV Malware Solution - Single Server

I have finished a project to install and configure a Forefront single server solution.  We are using this to replace a current TrendMicro Officescan product.
     My experience with Trend was that it did great with AV but was very lacking in tools and detection of malware.  So far Forefront has been excellent at detection and cleaning of malware issues.

This solution is installed under VMWare ESX v3.5 running a guest OS of Windows 2003 R2.

Installed Forefront server in a single server mode using most of the default settings.
http://technet.microsoft.com/en-us/library/bb404225.aspx

Once installed you have to setup your initial Forefront policies - this is done in the admin console.  Once you have defined a policy for scanning and what the client will allow you have the option to either add this to an existing GPO or create/link a new GPO.  This is very easy and the software does most of the work for you.

Now that you have a policy linked in GPO you have to deploy the client software.
For us, we use SCCM and this was setup to push to all of our Office grade machines.  Just created a silent installation package and pushed it via SCCM.
       This link my help in locating the new Forefront client installation MSI:
http://blogs.technet.com/fcsnerds/archive/2009/04/01/slipstreaming-a-client-security-client-installation.aspx
       Here is a good blog entry on how to create the package in SCCM (it is very straightforward to do)
http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/20/deploying-forefront-client-security-using-sccm-2007-step-by-step.aspx

Lastly, we have to setup SCCM to update all the definitions.  I used the following post as a template for how to get this done:
http://technet.microsoft.com/en-us/library/dd185652.aspx

I have had great success with this setup.  If you want to experiment with Forefront prior to your own installatoin I suggest the Technet Virtual Labs:
http://technet.microsoft.com/en-us/forefront/clientsecurity/bb499665.aspx

No comments: