Forefront Endpoint Protection

We are currently transitioning the University's Windows Desktops, Laptops and Servers from Microsoft Forefront Client Security to Forefront Endpoint Protection (FEP). Both applications provide unified, real-time malware protection, protecting systems against the threat of malware including viruses, worms, trojans and spyware.  Updates to anti-malware definitions take place regularly via the University's WSUS service or Microsoft Update.

The guidance below is for Forefront Endpoint Protection, the function and use of Forefront Client Security is very similar.

Forefront Endpoint Protection status icon
The notification area icon can be found in the right hand side of the Windows Taskbar. The icon's appearance changes based on the following circumstances:
  • The state of the software.
  • The presence of messages about malware detection or other events. To view messages double-click the notification area icon, which opens the FEP client software interface.
The FEP client software completed a scan and did not detect harmful or unwanted software. Definitions are up to date.
The FEP client software issued a low or medium alert message. A low or medium alert message may indicate any of the following:
  • Malware with a low or medium severity rating was discovered.
  • Definitions are older than 7 days.
  • A definition update failed.
  • No scans were completed successfully in 14 days.
  • A full scan is required.
  • A restart is required.
The FEP client software issued a high or severe alert message. A high or severe alert message may indicate any of the following:
  • Malware with a high or severe severity rating was discovered.
  • The antimalware service is either stopped or in a not-ready state.
  • Real-time protection is turned off.
  • Antivirus protection is disabled.
  • Antispyware protection is disabled.
  • The FEP client software is an evaluation version, and the evaluation period has expired.
The FEP client software is busy performing one of the following actions.
  • Scanning for malware
  • Cleaning malware found by real-time protection
The FEP client software is busy checking for updates or downloading updates.
Malware detection

Alerts are displayed in the FEP window. Open the FEP window by clicking on a FEP notification bubble or the FEP icon. An alert consists of the name of the detected malware, the severity of the alert and the current status of the infected file.

If malware is detected FEP will either clean or remove the infected file. In the event that an infected file cannot be cleaned, or deleted, it will be quarantined.

The availability of some options in the FEP window is controlled by policy


Adapted from: http://technet.microsoft.com/en-us/library/hh184052.aspx