Management Strategies in Forefront EndPoint Protection

[WoMeRa 56]

I want to know more about the management strategies that are used in Forefront EndPoint Protection with the SCCM 2010. I know that an administrative tasks of the product passes through various components such as the management strategies applied to clients, managing updates, management of maintenance, management alerts, or monitoring the state of infrastructure through the reports. But what about the Management Strategies or Policies? I want to know more about this topic.!! Also it would be much helpful, if you members provide some hints about creating custom policies. I am hoping that you members will help me as usual.

[Jagruti23]

Management strategies is the most important task that an administrator must operate on the infrastructure EFF. Strategies (Policies) are a set of features / settings that apply to Forefront Client EndPoint Protection. They help regulate the behavior of the customer. We thus find the management:

• Programming scans
• Protection in real time
• Notifications,
• Action against a threat
• Exceptions (files, file types, processes ...)
• Directories or files will not be searched

To view the strategies, open the Configuration Manager administrative console. Expand the Site Database tree => Computer Management => Forefront EndPoint Protection => Policies.

[Protectors]

Forefront EndPoint Protection provides two default policies apply to all clients:

• Server Default Policy applies to all server-class machines. It is applied through a publication (Assign VET policy Default Desktop Policy) Deployed on Servers collection.
• Default Desktop Policy applies to all workstations. It is applied through a publication (Assign VET policy Default Policy Server) on the collection Deployed Desktops.

You can not delete the default policies in order to ensure the proper functioning of the infrastructure. In this way, a strategy is always applied to a client EFF. However, you can easily edit the properties of the strategy to change various settings. It is recommended not to change them because they were built as a standard that applies to both types of profile. If you want to apply specific settings, you can create a new policy (Policy) will take precedence over the default policy.

[Langward]

After wading the default policies provided with Forefront EndPoint Protection, we will enter the heart of the matter and see how to create a custom policy. We detail in this section all steps for creating and editing. Here is a definition of each parameter.

1. To create your policy (Policy) personalized, open the Configuration Manager administrative console.
2. Expand the Site Database tree => Computer Management => Forefront EndPoint Protection => Policies. Right-click the Policies node and select New Policy.
3. The wizard opens a strategy. We'll create a custom policy that will apply to all laptops (roaming profiles, business, consultants ...). Enter the policy name and description.
4. And then select the policy type.

[McGrawh]

Policy Type on the screen, you must choose the type of policy you want to create. The various options are models that you will need to adapt the strategy issued. We thus find four main types:

• Standard desktop policy: Provides settings for standard desktops. A quick scan takes place a week and the CPU usage is limited to 50%
• High-Security Policy: This policy provides a maximum level of security by including rapid tests every day and a full analysis per week. The CPU usage is not limited and the configuration of the firewall is optimized to avoid intrusions.
• Performance optimized policy: This strategy provides a configuration allowing a minimum security protection while providing maximum performance level. The processor usage is limited to 30% and a quick scan takes place every week.
• Policy Template: This option allows you to select security models for special cases such as server roles. Models include the specific settings and roles as exclusions of files or processes. Here is the list of available models:
  
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2008
  • Internet Information Services (IIS) 6 and 7
  • System Center Configuration Manager 2007
  • Microsoft Exchange Server 2007/2010
  • EFF Exchange and Microsoft Forefront protection for Exchange Server 2010 (EST)
  • Microsoft SharePoint 2010
  • Microsoft Office SharePoint ® Server 2007 and Microsoft Forefront protection for SharePoint 2010 (IPSF)
  • Domain Controller
  • Microsoft Hyper-V (host)
  • Terminal Services
  • DNS Server
  • DHCP Server
  • File Services
  • System Center Operations Manager 2007
  • Server (default strategy recommended by Microsoft for servers)

[Umberto-Micro]

The Client Configuration screen to configure the interaction between the user and the client. You can choose to let the user configure the real-time protection or analysis programs. You can also select "Show notification messages to users on ..." to display notifications to the user when action is needed. This can be characterized by the launch of a complete analysis or to download updated virus definitions and malware. Accept the summary screen to proceed with the creation of the strategy. Once created, we find our strategy in the list of policies available. Now that the policy is created, I suggest going into more detail in the settings provided by these strategies. To do this in the Site Database tree => Computer Management => Forefront EndPoint Protection => Policies, right-click and choose Properties Strategy. Once the properties window open, you end up in the General tab. This tab displays the name and description of the strategy. You can find the collections that are assigned strategy.

[Reckon]

Part Real-time protection options together on the protection module in real time:

• Enable real-time protection enables real-time protection
• Scan system files: This option allows you to define which files you want to scan system. (Default option parses the incoming and outgoing)
• Scan all attachments and Downloaded Files: This option allows you to scan all files downloaded or any attachments received in real time.
• Use Behavior Monitoring: Enables monitoring of behavior. This mechanism is used by Forefront to monitor system behavior for blocking unknown threats.
• Protection Against enable network-based exploits: This parameter enables protection against attacks by the network.
• Allow users to configure one endpoint computers real-time protection settings: allows the user to change the settings of real-time protection.

Excluded files and screen rentals can add exceptions to the analysis made by Forefront EndPoint Protection to prevent certain files or directories to be analyzed. This can improve performance in some applications (eg in databases) but increases the risk of machinery.