• Our Experts

  • Jim Jankowski
  • Joe Kovara
  • Alan Abrahams
  • Ben Derr
  • Rex Wheeler
  • Doug McDorman
  • Wayne Harris
  • Chris Hickman
  • Michael Baker
  • Rick Delserone
  • Andrew Plue
  • Robertson Pimentel

• About Us
• Our Team
• Our Experts
• Andrew Plue

• Leadership
• Our Experts

Andrew Plue

Andrew Plue is a Senior Consultant in the Secure Infrastructure Management group at Certified Security Solutions (CSS).

Andrew brings 18 years of experience in information security, with a focus on vulnerability detection and corporate Anti-Virus solutions. During his tenure at CSS, Andrew has acted as lead engineer on numerous deployments of the Forefront Suite of Anti-malware products, with production deployments of Forefront Client Security as large as 140,000 seats.

While at CSS, one of Andrew’s accomplishments that highlights his unique skill set and expertise was an engagement with an organization that had fallen prey to the Conficker virus. The clients legacy AV solution (McAfee) had failed and as many as 75% of their systems were infected. Andrew was able to come on site and within 24 hours design and implement a solution that detected and resolved every instance of the virus and returned all production systems to working order.

---

Latest Blog Posts from Andrew Plue

• How to Perform a Manual SCEP Client Installation  May 16th, 2012

  The following is an excerpt from my forth coming book, Microsoft System Center 2012 Endpoint Protection Cookbook, which will be available this fall from Packt Publishing http://www.packtpub.com/microsoft-system-center-2012-endpoint-protection-cookbook/book It’s a fact of life when working in a large corporate network environment that there will always be the oddball PC that, for whatever …

• Migrate to Forefront Endpoint Protection in conjunction with a Windows 7 Migration using SCCM  April 12th, 2012

  Let’s say you’ve found yourself working against the clock to get Windows 7 rolled out before Windows XP hits end of life, and during the planning phase you realize your current AV solution won’t work on Windows 7 without an upgrade. Now you’re faced with signing a new support contract …

• SCEP Server Policy Templates  January 31st, 2012

  One of the best features of Forefront Endpoint Protection (FEP) 2010 was its easy to use server policy templates. In a nutshell, server policy templates let you quickly choose an optimized, preconfigured FEP policy for every- just about every- type of application server that Microsoft produces (Exchange, SharePoint, SQL, etc). So instead of painstakingly going through option by option and creating a policy for a server, you could simply select a server type from a drop down list and create a policy in seconds.

• FEP 14th Day MMPC Definition Update  May 4th, 2011

  In addition to 3 definition update mechanisms defined in the FEP policy (WSUS,UNC and Windows Update) there is actually a little known 4th update mechanism built into the client. This 4th definition update channel is designed to provide a fall back if all of the other methods should fail and the client falls more than 14 days out of date.

• Forefront Endpoint Protection Command Line Interface Tasks  April 12th, 2011

  If you should ever need to administer a local FEP client through CLI you’re going to need to make use of MpCmdRun.exe. This program can be found in the “C:\Program Files\Microsoft Security Client\Antimalware” directory. MpCmdRun has several important functions; in this post we’ll be discussing some of the more useful options.

  First there is the “–Scan” option, this could be useful if you’re troubleshooting a system that is not allowing you access to the FEP client GUI. You’ll also need to enter a parameter for which type of scan you would like to have the client perform:

• Automatically Deploying Forefront Endpoint Protection Updates via System Center Configuration Manager  April 1st, 2011

  Out of the box FEP provides several channels for delivering definition updates to clients. The three basic options are, updates through WSUS/SUP, UNC file shares and connecting to Microsoft Updates. The procedure in this video presents a 4th option, which further leverages the capabilities and resources of SCCM. Essentially the procedure uses a VBS script running in task scheduler to pull delta definitions from the Microsoft Malware Protection Center, then SCCM bundles them into a package which is then pushed out to your Distribution Points and advertised to your FEP clients (on a re-occurring schedule).

• Forefront Endpoint Protection 2010 Client Side Logs Tips and Tricks  March 25th, 2011

  While FEP has great reporting features available in the SCCM console and through SQL Reporting Services it’s completely possible that you might find yourself attempting to troubleshoot a malware issue without access to either resource. Fortunately Microsoft has added a set of detailed client
  side logs for you to make use of.

  The log we will be focusing on today is the MPlog, which you can locate in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default). Below are some examples of how the MPlog can be useful to you.