CSS Blog |
The following is an excerpt from my forth coming book, Microsoft System Center 2012 Endpoint Protection Cookbook, which will be available this fall from Packt Publishing http://www.packtpub.com/microsoft-system-center-2012-endpoint-protection-cookbook/book It’s a fact of life when working in a large corporate network environment that there will always be the oddball PC that, for whatever …
Let’s say you’ve found yourself working against the clock to get Windows 7 rolled out before Windows XP hits end of life, and during the planning phase you realize your current AV solution won’t work on Windows 7 without an upgrade. Now you’re faced with signing a new support contract …
One of the best features of Forefront Endpoint Protection (FEP) 2010 was its easy to use server policy templates. In a nutshell, server policy templates let you quickly choose an optimized, preconfigured FEP policy for every- just about every- type of application server that Microsoft produces (Exchange, SharePoint, SQL, etc). So instead of painstakingly going through option by option and creating a policy for a server, you could simply select a server type from a drop down list and create a policy in seconds.
In addition to 3 definition update mechanisms defined in the FEP policy (WSUS,UNC and Windows Update) there is actually a little known 4th update mechanism built into the client. This 4th definition update channel is designed to provide a fall back if all of the other methods should fail and the client falls more than 14 days out of date.
If you should ever need to administer a local FEP client through CLI you’re going to need to make use of MpCmdRun.exe. This program can be found in the “C:\Program Files\Microsoft Security Client\Antimalware” directory. MpCmdRun has several important functions; in this post we’ll be discussing some of the more useful options.
First there is the “–Scan” option, this could be useful if you’re troubleshooting a system that is not allowing you access to the FEP client GUI. You’ll also need to enter a parameter for which type of scan you would like to have the client perform:
Out of the box FEP provides several channels for delivering definition updates to clients. The three basic options are, updates through WSUS/SUP, UNC file shares and connecting to Microsoft Updates. The procedure in this video presents a 4th option, which further leverages the capabilities and resources of SCCM. Essentially the procedure uses a VBS script running in task scheduler to pull delta definitions from the Microsoft Malware Protection Center, then SCCM bundles them into a package which is then pushed out to your Distribution Points and advertised to your FEP clients (on a re-occurring schedule).
While FEP has great reporting features available in the SCCM console and through SQL Reporting Services it’s completely possible that you might find yourself attempting to troubleshoot a malware issue without access to either resource. Fortunately Microsoft has added a set of detailed client
side logs for you to make use of.
The log we will be focusing on today is the MPlog, which you can locate in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default). Below are some examples of how the MPlog can be useful to you.
Subscribe via RSS »
