FEP 2010

Similar Messages

• FEP 2010 install on Windows server 2012 R2

  I am trying to install FEP 2010 client on Windows server 2012 R2  from 2007 Server ( SP2 R3)
  FEP deployment package fails to install. Error in execmgr is 
  Program exit code -2147156220.
  Is there a way of installing FEP 2010 client on Windows Server 2012 R2 from SCCM 2007 ?
  Thanks

  Hi,
  Are you running FEP 2010 update rollup 1?
  https://blogs.technet.com/b/configmgrteam/archive/2013/09/16/support-questions-about-win-8.1-and-winsvr-2012-r2-for-configmgr-and-endpoint-protection.aspx
  And the latest version of the FEpinstall.exe which is updated with this hotfix
  http://support.microsoft.com/kb/2907566/en-us
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• FEP 2010 installation on Windows server 2012

  Hi all,
  Is there any step- by step guide to install FEP 2010 on windows server 2012 R2?
  We need to have this in place till the time, we get our FEP upgraded.
  Regards

  Hi,
  It seems that you can only follow the official document to install FEP on Windows server 2012 R2.
  Please verify that your environment meets the prerequisites before installation.
  http://technet.microsoft.com/en-us/library/gg412482.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• FEP 2010 Implementation Notes/Concerns

  My perspective is from a large enterprise with SCCM 2007R3, no SCOM, currently running Symantec.
  I realize this is the first release with SCCM integration but I feel a few notes should be posted to either point me in the right direction for information or to better the product if my findings are correct.
  Current FEP 2010 findings:
  SCCM Integration:
  Only partial integration with SCCM (policies, collections, reports) Doesn't use the existing CM distribution points for definition distribution
  Scaling:
  Appears to be built for small to medium SCCM sites as the only automated definition delivery systems out of the box don't scale well.
  Automation relies on WSUS or Windows Update
  If you use UNC/DFS for definition updates you have to build the download and replication system - in this configuration there is no log of the definition transaction and its source on the clients. 
  WSUS and Windows Update implementations appear to be the only way to utilize delta definitions so UNC methods require full downloads.
  Alerting and Reporting:
  Email alerts don't give path and file nor accurate/full remediation detail, the only way to get detail is event log or SCOM
  No configuration for what information email alerts contain
  Alerts only once per 24 hour period per node without the ability to configure
  Alerts state action required even when the threat has been quarantined or deleted from the system and no additional malware or remediation is needed (specific test was with 22 malware components on the desktop,
  alureon file was one that showed this failure even though it never infected the system)
  Relies on SCOM for the optimal alerting and reporting
  Some built in reports don't appear to populate properly
  Policies:
  Although there are decent policy templates and CM integration, the policies aren't cumulative, they don't support layered/multiple policies
  XP Support:
  NIS (Network Inspection Service) requires WFP  = no Windows XP support
  Client Interface:
  In the client interface there is no way to view overrides or definition update configuration
  If UNC definition updates are used, the client interface doesn't update its last checked time

  This is old post and there have been several changes in FEP, now the successor of FEP is System Center Endpoint Protection (SCEP) and several things been improved. Try reproduce your issue in SCEP and if problem persist, please post it as a new question.
  I believe most of your issues been addressed in SCEP. However things like support for Windows XP is no longer available because support for Windows XP already ended.

• FEP 2010 - Email alerts not sended (Test-Emails are Successful)

  Hello,
  I got a FEP 2010 environment that is integrated with SCCM 2007.
  The "Test email alert" is sent successfull. But there is no email-alert sent when a FEP-client gets MallWare. (The MallWare is only removed and this is shown in the event viewer of the client
  & the reports on the FEP Server).
  Worth to meantion is that the Alerts stopped to work after a reinstall of IIS and Reporting Services.
  In the Event Viewer of the server running FEP, the "Forefront Endpoint Protection" log keep saying:
  Error, FepSrv, 3004
  Alerts manager failed
  Error recieved:
  MalwareDetectionAlertResultComputerName
  And one/two minutes later it says:
  Information, FepSrv, 3005
  Alerts manager succeeded after failure
  I have tried the "FEP Best Practices Analyzer (BPA)" and I got the result "0 items NonCompliant" and it showed that Alerts where configured correctly.
  I don't know what more to troubleshoot, do you have any ideas?
  Best Regards,
  Anders

  Hi Jörgen,
  Thank you for the answer, but the SQL Agent is up and running and there's no errors.. 
  The workflow seems to work properly, except the "FEPSrv" who can't find events that would trigger alerts.
  (If I run a report on the FEP-server, the report contain info about the clients who's been exposed to MalWare - And MalWare info)
  The "Update Rollup 1 for forefront endpoint protection 2010" ( http://www.microsoft.com/en-us/download/details.aspx?id=26583 )  has not been implemented, can this be
  a possible reason to why the alerts not function properly?
  Regards,
  Anders

• FEP 2010 in uninstalling on startup

  Hello, I've got a problem. When I start my computer, the FEP 2010 is completely disappearing from my computer. I scanned my computer with malwarebytes and scanbot, but they didn't find nothing. Can you help me?

  Hi,
  About event log.
  http://windows.microsoft.com/en-hk/windows/open-event-viewer#1TC=windows-7
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Deploying SCEP 2012 over existing FEP 2010

  I need to upgrade FEP 2010 to SCEP 2012 through SCCM. FEP was installed via SCCM 2007, and machines will not upgrade to the SCEP client. New builds pick up SCEP without incident from Config Manager.
  I've read about a migration process from 2007 to 2012, but the docs aren't clear.
  I have build an Application using FEPInstall.exe, then used the Supersedence option to uninstall. The Application deploys to the workstation, but sits in a "Waiting for content" category under Monitoring with a status of "In Progress"
  Does anyone have any experience with this process, and can you share the steps involved with migrating?

  Hi,
  >>You mentioned the Forefront Endpoint Policy. Are you referring to SCCM policy, or a group policy?
  He is referring to SCCM Policy. SCCM Console->Administration -> Client Settings -> properties -> Endpoint Protection.
  >>As of this morning, the Software Center is now showing an Installation Status of Downloading. Sitting at 0%.
  Please check CAS.log, LocationServices.log, ContentTransferManager.log and DataTransferService.log on the client. (C:\Windows\CCM\Logs)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• "No action " Status in FEP 2010 Report

  Hi Team,
  We need a clarification about the FEP 2010 options as below:
  Our internal security team raised an Point that what does "No action" actions specify here,which notified in FEP reports.
  There it says 1 system status is "No action",however there is no hyperlink to check which one is the system. 
  Whether FEP not able to qurantined the Malware or if any.
  Please help us in understanding in this ( No action, Incident 7 computers) Whether this means system is clean or not.
  Actions   Incidents   Computers 
  Failed   0   0 
  Removed   0   0 
  Quarantined   19   9 
  Cleaned   0   0 
  Allowed   0   0 
  No Action   1   1 
  Blocked   0   0 
  Regards
  Sudam Bisi
  Cognizant technology Solutions

  Hi,
  No Action means no action defined
  For more information:
  http://social.technet.microsoft.com/Forums/forefront/en-US/c99390b4-4929-41e3-ac2c-6a5675b5e75a/forefront-endpoint-protection-antimalware-action
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• FEP 2010 Admin Template Breaks GPResult /H on SCCM 2012 clients

  We have both FEP 2010 clients, which are being managed by a GPO created from the FEP2010 Admin Template in our Central store, and SCCM 2012/SCEP clients which are being managed by
  SCCM but we have noticed when running GPResult /h on the SCCM clients, you get an error in the Administrative Template section:
  An error has occurred while collecting data for Administrative Templates.
  The following errors were   encountered:
  Registry   value "%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk" is of   unexpected type.
  We have discovered the SCCM/SCEP client local policy creates the exclusion paths in the registry as a DWORD but the FEP2010 Admin Template creates the exclusion paths
  as a REG_SZ on the FEP 2010 clients. When you run GPResult /h, the templates from the Central Store are used and since the value types are different on the SCCM/SCEP 2012 client, GPResult /H fail.
  The current work-around is to create a GPO using the FEP 2010 Admin Template with the exclusion paths that are the same as your SCCM 2012 settings and apply that GPO to the SCCM Clients. That changes the registry keys from DWORD to REG_SZ
  and GPResult start working again!!
  Running GPResult /Z also works!! 
  Any one else experience this behavior?

  Hi,
  I tried and found that the value type is different too. The DWORD value for Forefront Client also works, so the workaround you are currently using is applicable. Anyway, I will record the situation that the ADMX template has a different value type with SCEP
  policy value.
  Juke Chou
  TechNet Community Support

• FEP 2010 (SCCM 2007 R3 win2K8 R2) - quick scan run but 'Potentially unprotected'?

  Hi there,
  I have been deploying FEP 2010 via SCCM 2007 R3 for a couple months.  I have a FEP policy that indicates it should do a Quick Scan daily at a specified time and a Full Scan on Fridays.  The GUI on the FEP client indicates the computer is "Potentially
  unprotected" - yet also indicates the last scan was today at 6:45AM (as the policy dictates).  The GUI says 'You haven't run a scan on your computer for a while...."
  Is there a way I can keep the FEP client from doing this - it will cause questions/concerns when the FEP shield is not green.  Alternately - what might I have configured incorrectly?
  Thank you.

  When this message appears, try run a full system scan and see whether it disappears or not.

• Is the Trojan (Gen:Variant.Graftor , W32/Injector.AWSE!tr ) detected by FEP 2010?

  Hello,
  My security team wants to know if the Trojan (Gen:Variant.Graftor , W32/Injector.AWSE!tr ) is detected by FEP 2010. If yes, could anyone provide the link.
  Regards,
  Tarani Mishra

  Ok, well, I was going by this part in the link I posted for Trojan:Win32/Yayih.A:
  This threat is also detected as:
  Win-Trojan/Yayih.4861440 (AhnLab)
  Trojan.Win32.AntiAV.ptv (Kaspersky)
  Trojan.AntiAV!zoXUT5UuOF4 (VirusBuster)
  Gen:Variant.Graftor.15447 (BitDefender)
  Trojan.Win32.Yayih (Ikarus)
  Searching by the PostenTracking.exe name, I found this:
  https://www.virustotal.com/en/file/66f54dc5d5ee2f0d6aceb49d5fbab94e272b780f3105cf7e02a3ddaa41f2a3fc/analysis/
  Which indicates that Microsoft products are not yet detecting it.
  If you are experiencing this malware in your environment and it's not being detected, you should submit a sample so Microsoft can get it added to the definitions...
  https://www.microsoft.com/security/portal/submission/submit.aspx

• Does FEP 2010 offer protection for NAS file servers?

  Hello,
  We are in the process of rolling out FEP 2010 and wanted to know if it has the capability to scan NAS file servers?
  Thanks,
  Tom
  Tom Martin Email: [email protected]

  Could Microsoft Forefront Endpoint Protection scan NAS drive?
  We have NAS drive (EMC back-end), network shares via Windows Server. We are using FEP 2010 with SCCM 2007. Today, we have Expiro virus/malware headache! Where is infected some network shares. Don't know yet how far it goes. Is there any easy way to do this?
  The problem with Expiro where it mutating itself with different names, last one seen as Expiro.gen!S
  Thanks for any suggestions.

• Is FEP 2010 capable of securing computer against the man-in-the-middle attack?

  Hello
  Just would like to know if FEP 2010 is capable of preventing man-in-the-middle attack on computers with it installed?
  Thanks

  It is not the job of FEP or other Anti-Malware product to protect you against man-in-middle attacks, as it is not purpose of design of Anti-Malware. However, some of Man-in-Middle attacks are being blocked by Network Inspection System (NIS), which means
  if FEP detects any malicious package on a network which match signature of NIS , it will block it.
  Browser plays a very important role in blocking Man-in-Middle attack, for example if you use Internet Explorer, you have a better protection against this type of attack, take a look at:
  http://ie.microsoft.com/testdrive/Browser/MixedContent/Default.html

• FEP 2010 Antimaleware action reports showing blank

  Hi,
  We have configured FEP 2010 with SCCM 2007. Every reports was working but suddenly now antimaleware action report showing blank for last week.
  When checked FEP dashboard it shows infected systems but its report is coming blank.
  So please help.

  Hi,
  The FEP DashBoard shows the data that is active in SCCM, the historical data and more in depoth reports are genrated from another database the FEP Datawarehouse, There are SQL Agent tasks that synchrinise this data and normally this error is caused by a
  problem whit these jobs. Here is a post on the error and where to start to look.
  http://social.technet.microsoft.com/Forums/forefront/en-US/57375e2c-6785-4680-a86e-99324afb4388/fep-reports-history-not-working-fepgetnewdatafepdw111-sql-job-fails?forum=FCSNext
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• FEP 2010 with Reporting Services in Clsster

  1) It¡s not supported reporting services clustering (2 nodes), but i can install reporting in both nodes sharing report database. This ReportDatabase is installed in a instance (Instance1) onto the same cluster 
  2) I've create teow SCCM Reportin services point (SRS1 y SRS2)
  3) When I launch FEP installation (basic), i can select
  http://SRS1/reportServer or http://SRS2/reportServer.
  4) But...is supported input URL manual to  http://Instance1/ReportServer
  Thanks

  This is old post and there have been several changes in FEP, now the successor of FEP is System Center Endpoint Protection (SCEP) and several things been improved. Try reproduce your issue in SCEP and if problem persist, please post it as a new question.