SCCM Report on Forefront Client Security signatures

Similar Messages

• List Malware for the past 90 Days Forefront Client Security

  Hello,
  Is it possible to list all Malwares catched by FCS for the past 90 days?
  The report Malware Summary or Malware Details are just running 72 hours maximum...
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hi,
  "By default, the OnePoint DB only maintains 72 hours worth of client data, but
   the SystemCenterReporting DB holds 395 days worth of data, such as Historical data. Meanwhile, you can
  modify the number of days to retain data in the SystemCenterReporting database. For more information, please refer to the following article.
  http://support.microsoft.com/kb/887016/en-us"
  For more information:http://social.technet.microsoft.com/Forums/forefront/en-US/c05a1528-9ae9-4a60-b2c6-a0bc9170152c/length-of-forefront-client-security-historical-reportsmalware-history?forum=Forefrontclientreporting
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Forefront Client Security to use Windows updates when WSUS not available

  Hi all,
  We currently deploy Forefront Client Security as our AV product to our estate and we use WSUS to get any definition update required.
  However, we have a number of laptops that have been taken off site and have not been receiving any virus definition updates because they are off the domain.
  We have a GPO in place that disables Windows Updates on all clients and redirects it to our WSUS server and we then use SCCM to push out our updates.
  We also have a VPN client that won't allow you to connect to the network unless your virus definitions are up to date. This is obviously an issue as anyone who has a laptop and hasn't connected to the domain in a while won't have the latest windows updates
  or virus definitions applied.
  We need a way of ensuring those laptops get the latest updates before connecting via VPN.
  Is there any way to do this?
  Rgds,
  Mark

  Hi,
  You could use NAP feature in SCCM 2007 which can help protect the integrity of your enterprise network to  enforce compliance of software updates on client computers.
  For more information:
  http://technet.microsoft.com/en-us/library/bb693725.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Why Win32\Kuluoz not removed by Forefront Client Security?

  Hello,
  why Win32\Kuluoz is not removed by Forefront Client Security?
  ANy idea about the cause(s) which prevent the malware to be removed?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  Hi,
  Please try steps to remove the virus in the following article.
  Update your security software, restart your PC and run a full scan
  Update vulnerable software
  Use the Microsoft Safety Scanner or Windows Defender Offline
  Read our encyclopedia for known issues with the malware and any special instructions.
  Restore your PC from a backup
  http://www.microsoft.com/security/portal/mmpc/help/remediation.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Forefront Client Security Issue

  After installlation of Microsoft Forefront Client Security,the icon is displayed with an exclamation mark.Is the installation not proper?How could this be solved?

  Hi,
  It seems that the definitions are out of date, please update to the latest and see how it works.
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Microsoft Forefront Client Security and Itunes

  My Ipod sync screen doesnt appear when i connect my ipod to my laptop. This only happens when microsoft forefront client security has been installed otherwise everything goes normal. Is there any solution?

  Hi,
  Please refer to the articles below to check your system requirement and prerequirement for installing FCS.
  http://technet.microsoft.com/en-us/library/bb404245(TechNet.10).aspx
  http://technet.microsoft.com/en-us/library/bb404270.aspx
  Best Regards
  Quan Gu

• Forefront clients not reporting correctly

  Hi guys
  Here at work, we have 2 Forefront management servers which are being used to provide policies for a large number of different managed customers (different networks, domains, etc).
  We're having an issue where some FEP clients are updating correctly and working fine but the Forefront reporting on the management server is saying otherwise. I've noticed that for some clients, the policy showing as installed when looking at the
  registry isn't tying up with what the report console shows.
  I've tried re-applying the required policies to some of the clients for a test but this has made no difference. I can't see any pending actions on the MOM console, etc.
  Any advice greatly appreciated.

  Hi,
  Did the Forefront Client Security Management Server computer display as an
  agent-managed computer on MOM Administrator console and appear in Forefront Client Security reports? If not, maybe it is due to the FCS Management Server computer does not communicate correctly with the collection server. Please make sure that you have installed
  the MOM agent on the FCS Management Server computer. In addition, I would appreciate it if you can provide some screenshots of the MOM console and the related information of the report on the FCS management server.
  Best regards,
  Susie

• SCCM Questions about offline clients

  All,
  I wanted to provide some background on a project we are working on and provide some questions that hopefully someone can  help answer.
  First I wanted to make note that as part of the requirements for this project we are going to have SCCM clients deployed at various locations offsite from our primary SCCM server and these SCCM clients will have only intermittent network connectivity back
  to our primary SCCM server. During the times that these clients are lacking connectivity we will need the ability to do multiple manual hardware inventories of the clients with the expectation that once connectivity is resumed, ALL of the inventories taken
  will report back to the primary SCCM server. Additionally, during the time that network connectivity is lacking we will need to be able to run SCCM reports regarding these clients local to the clients themselves (IE at the offsite location which won't have
  network access to the primary SCCM server.)
  Our proposed solution to these requirements was that we planned to provide the offsite location with a SCCM secondary site. The idea being that while network connectivity to the primary server was down the clients would continue to report their inventory
  data to the secondary site and reports could still be run from the secondary site as well. Once network connectivity was resumed the secondary site would synchronize with the primary site and provide the primary site with all the missing hardware inventories.
  I have since done further research and believe there are some flaws with this solution:
  I am reading that secondary sites do not actually store inventory data in a local database like primary sites do.
  I am reading that the “reporting services point” is not available on secondary sites, thus limiting our ability to run reports while network connectivity to the primary site is down.
  With this I have a few questions:
  How many inventories does the client save locally to the machine? Does it save all inventories triggered since the last communication with the server, or does it only save and transmit the last inventory that was collected prior to network communication
  being restored?
  If it only transmits the last inventory collected, does the idea of having a secondary site work for storing the multiple inventories that we need to collect while network connectivity to the primary server is lacking, or is it true that secondary sites
  do not store inventories in a local database?
  Finally, if secondary sites DO save inventories locally, but we are NOT able to install the “reporting services point,” will we be able to get around not being able to run the default SCCM reports by instead running custom SQL reports directly from the
  SQL Server installed on the secondary site?
  Thank you for your time,
  Ryan

  Well, this is kind of a complicated project and I am not going to lie I know we are asking to use SCCM in a way that it was not designed to be used.
  Basically these clients are training machines that will be reconfigured potentially several times a day. Essentially when a program runs that reconfigures the machine it will trigger a hardware inventory. Custom information about the configuration will be
  saved in custom WMI classes that we have created which will be inventoried  by SCCM. We need the ability for if the customer says "I had a problem at 9am" for us to have them run a report that tells us which configuration was in place at 9am.
  Because of this requirement there may be multiple hardware inventories taken in a single day.
  Most of these devices will go MANY months between having networking connectivity back to our primary site. To be honest though some of these devices will be at locations in which they may need to be managed for 15-20 years without EVER having network connectivity
  back to the primary site. The idea for these cases was that the secondary site located with the clients would store the inventories and at regular intervals we will have a SQL expert manually export the SQL data to a CD from the secondary site and re-import
  it to the primary site. This is how the primary site will get updated without ever having network connectivity to the secondary site.
  For all of this to work it is essential that the secondary site store the inventories in a local database. I am just not clear if that is how this works or not. It is also essential we can run reports for the secondary site. I am a little more clear that
  the "reporting services point" is not installable on the secondary site; however, my thought is the machine still has SQL installed and if it stores the hardware inventories locally we may still be able to use custom SSRS reports to extract the data.

• WSUS - Forefront Client definition update not yet been downloaded

  Hi! I need help about 
  Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.167.1978.0) 
  I have WSUS 3 SP2 and this definition appears like approved but the file for this update  have not yet downloaded 
  i downloaded the definition on Microsoft Catalog but i don't now how deploy in my clients with wsus automatically 
  where save the package ? 
  thanks !

  Hi,
  Mostly, update will only be downloaded after approval. So please confirm if you have approved it.
  Since you have downloaded it from Microsoft catalog, you can import it into WSUS server.
  Step 3 Import and Export: Copying Metadata from Database
  http://technet.microsoft.com/en-us/library/cc720437(WS.10).aspx
  Hope this helps.

• T500, how do I disable "client security password manager" popups?

  hello.
  I have recently noticed an extremely invasive and irritating popup occur frequently upon opening random folders.
  http://img249.imageshack.us/img249/4913/47354829.jpg
  I honestly do not know what I have done to trigger this, but I absolutely need to disable it.  When UAC appeared warning me about this application, I disallowed it because I did not know what this thing is or what it does.  I found out it was from Lenovo but I cannot figure out how to disable it or uninstall it.  I do not want this feature, it does not even function correctly.  The installation fails becaue it is missing a critical file, but I do not care.  I do not want to install anything, I want it GONE.  I don't know how much of the thinkvantage suite I would have to remove to get rid of this, I just want it gone, I don't want unexpected popups every time I open a folder, I do not need this feature or whatever it provides.  I want to remove it, I cannot find instructions on how to remove this.  I saw a tutorial to remove this software but it involves bring up the Thinkvantage menu and selecting"Thinkvantage Technologies" but there is no "Thinkvantage Technologies" option presented on my T500.
  If anyone can provide any insight on how to get rid of this extremely irritating piece of software I would greatly appreciate it.  It doesn't even function correctly and is extemely frustrating to deal with.  It is malware, I would like it gone.  Thankyou for your time.
  edit: I have not activated my "Security Device" so it appears I cannot access the Client Security Solution which seems to be required to disable this popup.  I do NOT want to actiavte anything because I do not want to want the risk of rendering my computer inoperable due to buggy first party software.

  I had run into a similar problem. I had windows 7 on a t500 which started giving all such popups every time you access control panel or explorer. I tried system restore it gave an error. I tried uninstalling client security from control panel, same popup. Finally I downloaded an uninstaller from download.com called "revo uninstaller". It removes the files and registry entries. Things seems to work on my end now. Will report is any problem comes up

• Windows 8.1 will not get Forefront Client Updates from WSUS

  Recently I noticed that my Windows 8.1 clients were not getting updates from WSUS 3.2.  After some searching I found it was an issue with HTTPS and the solution was to disable HTTPS or enable TLS.  So I enabled TLS on the Server 2008 R2 WSUS server
  and that fixed the issue with my 8.1 clients not getting updates except for Forefront Endpoint Protection 2010.   My SCCM server deploys the client fine but it is version 2.1 and normally the client and definition updates come from WSUS with the
  latest client version being 4.5.  However, my Windows 8.1 machines will not get the client updates even though they are automatically approved for all machines.
  I am just wondering what else I can check or change to make sure my Windows 8.1 clients get the Forefront client updates as they should??   I am wondering if I manually install the 4.1 client update if it will take the client updates after that.  
  I only have about eight Windows 8.1 machines so if I have to do that by hand for now then I will and I think my organization will be moving to Server 2012 and SCCM 2012 this summer sometime.

  I reread your post and have another suggestion. If your SCCM 2007 server is still deploying the old 2.1 FEP client version, then you should install the latest anti-malware platform update for the SCCM server so you can deploy it from there instead of WSUS:
  http://support.microsoft.com/kb/2952678
  http://blogs.msdn.com/b/minfangl/archive/2013/08/15/guidance-on-install-anti-malware-platform-updates-for-fep-2010-su1-and-scep-2012-sp1.aspx
  Also, you may be affected by this:
  "Anti-malware platform updates on MU will use special detection logic and applicability rules to make the anti-malware platform updates available only on computers with previous N-2 anti-malware platforms installed. For example, on April 8^th,
  anti-malware platform of version 4.5.x will be released on MU, and it will only be offered to computers where anti-malware platform version 4.3.x or 4.4.x is available. If a computer has FEP or SCEP client with version 4.1.x, it has to be upgraded to version
  4.3.x first, then to the latest version (4.5.x). If a computer has FEP or SCEP client with version older than 4.1.x, because of the same N-2 rule, it has to be upgraded to 4.1.x first, then to 4.3.x, and then to the latest version (4.5.x). Required updates
  will be kept on MU to ensure that this upgrade process is available for computers running older versions of the Microsoft anti-malware platform."
  http://blogs.technet.com/b/configmgrteam/archive/2014/03/27/anti-malware-platform-updates-for-endpoint-protection-will-be-released-to-mu.aspx

• Client Security Solution - System Key Recovery - After Lenovo Service

  I have a T61p running Windows 7, which I recently had to send to Lenovo for service after the video failed. According to my repair summary, the motherboard on the computer was replaced.
  I received the laptop back today, and now when I log on, the system comes up with a window from Client Security Solution asking me to "verify my identity" with "reason: system key recovery."
  Unfortunately, the program will not recognize my password, and I get an error message that authentication has failed.
  I tried calling Lenovo's support number, since the problem seems to be directly related to their replacement of the motherboard, but I received the response that "that's a software issue, we can't help you."
  Any help on this is much appreciated!

  hey shannonw,
  could you try uninstalling the Client Security Solution software and then reinstall.
  once done report back on what happen after.
  WW Social Media
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  Have you checked out the Community Knowledgebase yet?!
  How to send a private message? --> Check out this article.

• Sccm console machine showing Client=yes Active =no

  Sccm console machine showing Client=yes Active =no any troubleshooting tips also machine was pingable and with current hardware inventory

  ensure that frequency for "clear client install flag" maintenance task is set to greater than heartbeat discovery period.
  http://technet.microsoft.com/en-us/library/bb694040.aspx
  http://blogs.technet.com/b/configurationmgr/archive/2009/08/10/troubleshooting-issues-where-clients-are-not-reporting.aspx
  Prashant Patil

• Best way to Report on OS and Security Update Status?

  Now that our OS X roll-out is nearly complete, we need to be able to get reports on all client mMacs , their OS versions and, more specifically, their security update status.
  The "Software Difference" report seems to be falling short on showing the information we're looking for. And the "System Overview" report seems only to show straight OS and point-release level, not security update info.
  Can someone recommend a better way to get this information?

  I haven't come across a command that can show what updates have been installed, but to see a list of updates that a computer needs, try sending
  softwareupdate -l
  (that's the lower-case letter L as in "list") through the Send Unix Command (send as root). Here's the full details of the command:
  usage: softwareupdate <mode> [<args> ...]
       -l | --list          List all appropriate updates
       -d | --download          Download Only
       -i | --install          Install
            <label> ...     specific updates
            -a | --all          all appropriate updates
            -r | --recommended     only recommended updates
            -u | --url <url> ...     from signed package URLs
       Per-user preferences:
       --ignore <label> ...     Ignore specific updates
       --reset-ignored          Clear all ignored updates
       --schedule (on | off)     Set automatic checking
       -h | --help     Print this help

• Client Security Solution and Office 2010's Word and Outlook

  I purchased my system June 16, 2009 with Vista downgraded to XP Pro so I was not able to purchase a upgrade disk from Lenovo to upgrade to Win 7 (deadline was June 22). This week I purchased the Windows 7,retail  64 bit Home Premium upgrade package at a local store.
  I did the upgrade (clean install) Windows 7 64 bit Home Premium on my ThinkPad T400 type 2764-CTO. Also successfully installed all Win 7, 64 bit ThinkVantage software with System Update 4.
  I manually Installed the file z909zis1032us00.exe Client Security Solution 8.3 for Windows 7 (64-bit only) Version: 8.30.0032.00 Note: When upgrading from Windows XP To use TPM with Win 7 erase TPM in the BIOS configuration utility. In the Security and Security Chip menu, locate the option to clear the security device referred to as Security Chip and clear. If not done you can install but not use the program.
  Then I had this issue with Client Security - Password Manager version 8.30.00.32.00 and Office 2010's Word & Outlook. This was before I spotted a tread with the same issue between Password Manager 3.20.0320.00 and Office 2007.
  I noticed that whenever I run Word 2010 or Outlook in conjunction with Client Security SolutionI I could not select text. I could no longer use CSS because of it...
  I called Lenovo and was told that they do not support retail version of Win 7. (Remember they refuse to sell me their version a week earlier). Because I dint know what to do, I deactivated the TPM in Client Security and it solve the problem in both Word & Outlook.
  On the following automatic System Update at the Lenovo site the system pick up something was wrong with Client Security (it did not when the TPM was activated???) and offered to download and install "Client Security Solution Office 2007 Patch 64bit". I did and following installation I re activated the TPM. The problem in Word & Outlook was no longer there.
  Then on the next system update the system offered to download and install "Patch for IE crash with Password Manager (Win7) version 1.0". I had not experience that problem but downloaded and let the system install it anyway.
  So the problem is not restricted to version 8. 3.20.0320.00 and Office 2007 as reported in the other thread. Because the patch was automatically downloaded fron the web site (Client Security Solution Office 2007 Patch 64bit)  I do not know if it is the same patch the was offered in that thread.
  I hope this will help other people having the same problem.
  Claude

  Hi All,
  May i know the version of the CSS? Is it Windows 7 CSS 8.3 ? 32 bit or 64 bit? Would love to know more in detailed for i could report to the development team.
  Thanks!
  Regards,
  Cleo
  WW Social Media
  T61, T410, x240, Z500, Flex 14
  Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  Follow @LenovoForums on Twitter!
  How to send a private message? --> Check out this article.
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество