Forefront Endpoint Protection now bundled in the Core CAL Suite

by Shijaz Abdulla on 04.05.2011 at 17:29

Forefront Endpoint Protection, the best-in-class anti-malware solution from Microsoft for clients and servers, is now bundled with the Core CAL suite.

If your organization already has a licensing agreement that includes the Core CAL suite, you are licensed to use the Forefront Endpoint Protection under the licensing terms and conditions.

Forefront Endpoint Protection 2010 released!

by Shijaz Abdulla on 20.12.2010 at 02:27

Microsoft Forefront Endpoint Protection (FEP) has been released to manufacturing (RTM) on December 16, 2010. The licensed version of the product will be available on the Volume Licensing website, starting January 1, 2011.

For more information on FEP, visit the FEP website.

“Tamper-proofing” Forefront Client Security

by Shijaz Abdulla on 31.05.2010 at 10:09

Most anti-virus solutions provide tamper protection mechanisms to prevent the users from disabling the Forefront Client Security software on their machines. Forefront Client Security only provides basic control over what the user can do with the FCS client console.

In order to further increase the tamper-protection measures, users should be prevented from stopping the FCS service or uninstalling the software from the machines.

Both of the above can be achieved by not providing administrative privileges to the users, but there are instances where the users may need to be local administrators on their machines. Under such circumstances, the following can be done:

  • Use Group Policy to protect the FF client services so that only a few selected accounts can stop these services. The service to protect is the "Microsoft Forefront Client Security Antimalware Service". Additionally, protecting the "Microsoft Forefront Client Security State Assessment Service" won’t hurt.
  •  

  • Change permissions in the registry for uninstalling FCS.
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
  • This can also be done using Group Policy.

    Both of these steps are described in detail over at the Security Wizard blog.

    Forefront vs. the competition

    by Shijaz Abdulla on 13.03.2010 at 13:49

    In this post, I am sharing the current position of Forefront Client Security (Forefront Endpoint Protection) and Forefront Protection for Exchange in the market, in comparison to similar solutions from other competitors.

    1. Forefront Client Security:

    We have very high comparative ratings from VirusBulletin – which does independent testing of antivirus solutions.

    Below: Average result of multiple tests between August 2009 to February 2010.

    How to interpret this chart: Higher reactive AND proactive detection is good. MS Forefront Client Security/Endpoint Protection is place HIGHER than Symantec and McAfee, among other competitors. Trend Micro does not seem to be included in the latest study, but it failed 3 previous tests and didn’t make it in the chart.

    image

    [Source: virusbtn.com]

    2. Forefront Protection for Exchange Server

    VirusBulletin, which conducts independent benchmarking of antivirus & antispam products has rated Microsoft Forefront Protection for Exchange highly.  MS Forefront for Exchange won the VBspam award consistently. For more information register at virusbtn.com and view the reports.

    How to interpret the chart: HIGH SPAM CATCH rate (SC) and LOW FALSE POSITIVE (FP) rate is good.

    The latest March 2010 report (below) shows the MS forefront has the HIGHEST SPAM CATCH RATE (SC), while at the same time maintaining relatively LOWER FALSE POSITIVE (FP) compared Symantec, McAfee, McAfee and other popular anti spam solutions.

    image

    [Source: virusbtn.com]

    It is worth noting that what goes into Forefront Protection for SharePoint and Forefront Protection for OCS is the same set of antivirus engines that goes into Forefront Protection for Exchange.