1 / 39

Configuration Manager 2007 and Forefront Endpoint Protection 2010

DMV Management User Group - 2012. Configuration Manager 2007 and Forefront Endpoint Protection 2010. Kevin Kasalonis PFE, Configuration Manager. Agenda. Forefront Endpoint Protection 2010 Update Rollup 1 Prerequisites Topology and Architecture Server Installation Client Settings

mickey
Download Presentation

Configuration Manager 2007 and Forefront Endpoint Protection 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DMV Management User Group - 2012 Configuration Manager 2007 and Forefront Endpoint Protection 2010 Kevin Kasalonis PFE, Configuration Manager

  2. Agenda • Forefront Endpoint Protection 2010 Update Rollup 1 • Prerequisites • Topology and Architecture • Server Installation • Client Settings • Client Policies • Definition Updates • Client Deployment • Monitoring • Dashboard • Desired Configuration Management • Alerts • Reports

  3. What is Forefront Endpoint Protection • Forefront Alphabet Soup! • Forefront Endpoint Protection (FEP) • Forefront Identity Manager (FIM) • Forefront Threat Management Gateway (TMG) • Forefront Unified Access Gateway (UAG) • ….. • Forefront Endpoint Protection (FEP) • New version of Forefront Client Security (FCS) • Security solution that protects business desktop, laptop, and server operating systems against the latest malware and exploits • Built to run on top of Configuration Manager 2007, leveraging existing infrastructure • Update Rollup 1 (KB2551095) Released 6/28/2011

  4. Prerequisites • CM07 R2/R3 • SQL Components • SQL Reporting Services • SQL Agent • SQL Analysis Services • SQL Integration Services • Client Agents Used • Hardware Inventory • Software Distribution • Software Updates • DCM (.NET framework 2.0) • KB2554364 - Reporting update prerequisite for Update Rollup 1

  5. Topology and Architecture • Topology and Architecture • Performance and Storage • Capacity Planning Worksheet (http://blogs.technet.com/b/clientsecurity/archive/2011/01/19/fep-capacity-planning-worksheet.aspx) • Basic; Basic w/Remote Reporting; Advanced • Centralized, Decentralized, combination

  6. Basic Topology SCCM Site Server SCCM Site DB FEP Site Server role FEP DB FEP Reporting * FEP Reporting DB SCCM Site Server SCCM Site DB FEP Site Server role FEP Reporting * FEP DB FEP Reporting DB

  7. Basic with Remote Reporting Database SCCM Site Server SCCM Site DB FEP Site Server role FEP DB FEP Reporting * FEP Reporting DB SCCM Site Server SCCM Site DB FEP DB FEP Site Server role FEP Reporting *

  8. DistributedManagement Advance Topology CentralizedManagement FEP Reports FEP Server Extensions FEP Console Extensions Primary Site Primary Site Primary Site Secondary Site Primary Site Secondary Site Central Site FEP Server Extensions FEP Reports FEP Reports FEP Server Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Console Extensions FEP Console Extensions

  9. FEP Solution Overview

  10. Server Installation demo

  11. SpyNet Membership • Behavior Monitoring (BM) • Dynamic Signature Service (DSS)

  12. Behavior Monitoring & DSS “Customer window of vulnerability ” BM gets new samples to MMPC ASAP Problem: When new malware appears, customers are vulnerable while waiting for the new signatures. Solution: use BM and DSS to reduce the wait. Customer Machine DSS sends the very latest signatures to customers. MMPC How it works: BM watches programs run. If they misbehave, it queries DSS. DSS serves our latest relevant signatures in response. If we don’t have a signature yet, BM sends a sample to MSRR so they can analyze it.

  13. Global database of malware reports Collects reports from various clients - Windows Defender, MSE, FCS, MSRT etc. Leads to fast customer response Improves detection rates Collects data such as: Filename, size, publisher, signer, hashes, install details (registry keys, install paths etc.) Voting data (allow / block an unknown) Demographic information (geographic id and locale) Engine and definition version Each machine has a unique GUID (to track re-infections) SpyNet

  14. Microsoft SpyNet treats customer data with care: Data is encrypted in transit using SSL Basic membership PII is stripped before sending SpyNet report Advanced membership collects PII in limited cases sends PII (un-stripped file paths containing usernames, IP addresses, memory dumps etc.) PII data is purged from the backend after 14 days Users can opt out of SpyNet membership at any time SpyNet

  15. Update Rollup 1 (KB2551095) • 3 Updates • Reports • Pre-Req KB2554364 (cannot be uninstalled) • Server • Console

  16. Client Settings and Collections demo

  17. Client Settings Review • FEP Collections • Right Click Options • Software Distribution Packages and Advertisements • Forefront Endpoint Protection • Policies and additional templates • Alerts • Reports • Desired Configuration Management • Configuration Baselines and Items • Reports and Reporting Services

  18. Definition Updates • Software Update Automation Tool • Microsoft Updates • WSUS Auto Approval Rule • File Share

  19. Software Update Automation Tool Set Software Update Component to sync • Definition Updates • Forefront Endpoint Protection 2010 • Sync Schedule set for every 1-8 hours • Definition Updates are released 3 times a day

  20. Software Update Automation Tool Create Deployment Package • Find Article ID 2461484 • Download Software Update • Create FEP Definition Package and add to your Distribution Points • Deploy Software Update

  21. Software Update Automation Tool FEP Definition Deployment • Select collection to target • Display/Time Settings • Suppress Reboots • Download and install updates • Schedule Ignore Maintenance Windows

  22. Software Update Automation Tool Software Update Automation • Get the Microsoft Forefront Endpoint Protection (FEP) 2010 Update Rollup 1 Tools (http://www.microsoft.com/download/en/details.aspx?id=26613) • Softwareupdateautomation.exe • Place in the <installation dir>\AdminUI\bin directory

  23. Software Update Automation Tool Create Scheduled Task • Create Trigger to repeat task • Create Action to run EXE with arguments

  24. Software Update Automation Tool Logging • SoftwareUpdateAutomation.log located in %allusersprofile% • /verbose for additional logging New Version of the SoftwareUpdateAutomation.exe Tool • http://blogs.technet.com/b/clientsecurity/archive/2011/11/03/how-to-use-the-definition-update-automation-tool-for-forefront-endpoint-protection-2010-update-rollup-1.aspx

  25. SoftwareUpdateAutomation.exe Usage • /Help: Displays program usage information. • /SiteServer: Site server computer name, if none is specified it will default to local computer. • /UpdateFilter: Filter for selecting software updates that are used for the destination packages, defaults to "ArticleID='2461484' AND IsSuperseded=0 AND IsEnabled=1 AND IsExpired=0". • /AssignmentName: Name of the deployment, defaults to "FepDefinitionUpdates“. • /PackageName: Name of destination software update packages, defaults to "FepDefinitionUpdates". • /PreDownloadFolder: Destination folder holding downloaded update files. • /UpdateLanguages: List of language IDs for requested software updates. • /DisableRefreshDP: Disable automatic propagation of updated package to Distribution Points. • /Verbose: Enable verbose logging.

  26. Other Definition Update Methods • WSUS Auto Approval Rule • http://technet.microsoft.com/en-us/library/gg398036.aspx • Microsoft Update • http://technet.microsoft.com/en-us/library/gg412472.aspx • File Share • http://technet.microsoft.com/en-us/library/gg398041.aspx

  27. Client Deployment • Advertise package • Checks for and uninstalls the following antimalware clients • Symantec Endpoint Protection version 11 • Symantec Corporate Edition version 10 • McAfee VirusScan Enterprise version 8.5 and version 8.7 • Trend Micro OfficeScan version 8.0 and version 10.0 • Forefront Client Security version 1 including the Operations Manager agent • Monitor Dashboard for deployment stats

  28. Client Deployment demo

  29. Monitoring • Dashboard • Alerts • Desired Configuration Management • Reports

  30. Monitoring demo

  31. Antimalware Activity Report (1)

  32. Antimalware Activity Report (2)

  33. Computer List Report

  34. Computer Details Report (1)

  35. Computer Details Report (2)

  36. Malware Details Report

  37. Antimalware Protection Summary Report

  38. Useful Links • Forefront Endpoint Security Blog • http://blogs.technet.com/b/clientsecurity/ • Forefront Endpoint Protection 2010 TechNet • http://technet.microsoft.com/en-us/library/ff823816.aspx

  39. Please don’t forget your evaluations … Speaker Blog: Email: kevin.kasalonis@microsoft.com Need more information on DMVMUG Visit www.dmvmug.com or send a question to dmvmug@dmvmug.com Questions?

More Related