Subscribe via e-mail: 
First impression of Microsoft Forefront Client Security
By Michael Pietroforte | 9 Comments | Permalink | Trackback | Previous | NextI wanted to try Forefront Client Security (FSC), Microsoft’s new desktop antivirus software for the enterprise, already for quite some time. Today, I thought I could just have a quick look at it even though I am still busy exploring Windows Server 2008.
Well, I realized quickly that it isn’t really possible. Whenever MS comes out with a new product it is not a big deal to test it, because the first version is usually a rather simple tool. This doesn’t seem to be the case with FSC.
Actually, after reading about the requirements I had to give up my original plan to install it in a test environment now. If you want to try all its components, you have to install several other Microsoft products first: .NET Framework 2.0, Group Policy Management Console (GPMC) with SP1, Microsoft Management Console (MMC) 3.0, SQL Server 2005 with SP1 (including Database Services, Integration Services, Reporting Services, and Workstation components), Internet Information Services (IIS) 6.0 and ASP.NET, and Windows Server Update Services (WSUS) 2.0 with SP1.
Usually, it is not too difficult to install these programs. However, it takes quite some time until you got them all working. Unfortunately, neither the setup procedure nor the documentation provides the links where you can download them. This reminds me on my post about Server Manager of Windows Server 2008.
I wonder if Microsoft will use it in the future to simplify the installation of all its server products and not just for the Windows components. If you ever worked with YaST in SuSE Linux, you know how convenient it is to just select the software you want to install and let YaST collect all other components for you. It seems as if Microsoft was left behind by Linux in respect to ease-of-use of backend installations.
Beside the fact that you have to invest a lot of time to install all the requirements, FSC seems to be a rather complex product. At least this was my impression when I skimmed over its documentation. FSC itself consists of five different components: Management Server, Collection Server, Collection Database, Reporting Server and Reporting Database, and Distribution Server.
You can install them all on just one physical server, or use multiple machines for performance reasons. The documentation lists four different topologies with one, two, three or four servers. Unfortunately, I didn’t find any detailed description of the different components. So you can only guess their purpose from their names.
Obviously, Microsoft is also targeting big enterprises with FSC. To my knowledge this is a novelty for a new server product from Redmond. Since there seems to be no easy and fast way to try FSC, I am not sure if it makes sense to invest more time in this. I blogged some time ago that Forefront’s scan engine which is responsible for detecting malware is probably not yet reliable enough to compete with other major antivirus software vendors. Perhaps it would have been better if MS invested more in building an infrastructure to collect and analyze malware instead of focusing on the management components of FSC. If this were just a product of an unknown software vendor, I probably would forget about FSC by now. Okay, this was just my first impression, I am sure there will be a second one sooner or later.
I’ve installed and tried FSC Beta2 in a Test environment. It took quite some time, but i got it working in the end.
But the time investment was horrendous – it was painfully obvious that Microsoft only thought about enterprises when they designed this software – heck, it has MOM as a “requirement”.
In the end, the functionality and such isn’t that great – the good thing is that it is quite integrated with Active Directory, which is generally a good thing.
So far we’ve been using McAfee ProtectionPilot (basically a castrated ePolicy running against MSDE), and while i wouldn’t call it a well designed product, it does what it should without too many extra requirements.
I’d love to replace PP, but FSC seems to worse for smaller businesses.
I went to a pre launch event and couldn’t believe the stuff they were saying. It needs SQL Server – MSDE edition isn’t enough AND it is basically using Defender and OneCare for the “security” side of things – and we all know that isn’t reliable. When they said it couldn’t do network access prevention either I got the impression that they were throwing something out there in IT land, hoping some people would use it – this package has the potential to be great but unfortunately falls far short.
Having said that, I did like the Exchange Forefront product (Antigen) on exchange, although the interface was clunky it did a good job of cleaning up virus’s in a mailstore on a couple of servers.
Thanks a lot for sharing your experiences with FSC. Based on your assessments I’ll probably postpone my evaluation of FSC until the next version comes out. As far I remember, we never used the first version of a Microsoft product. They somehow need the feedback of many customers before they are able to deliver a usable product.
I also saw the product at a TechNet Event. The number of dependencies on other pieces of infrastructure seemed like way too much overhead for AV software. I was considering a move to it until I saw all of the necessary pieces. I think I will just stick with my relatively simple, yet manageable AV software for now.
I would like to add that the requirement that the database be homed on 32-bit MSSQL is the most backwards thing I can think of that they could have done in releasing this product. We have two existing 64-bit MSSQL boxes in production, so it wouldn’t have been a big deal to add the databases to them, but ‘NOOOO’ to use the product we also would have to purchase (yet another) SQL licenses so we can have a 32-bit version running for this product (only for this product). Seems like a revenue generating scheme to me. Let’s push everyone to 64-bit ’super performance’ databases, then release new software that requires the ‘old’ stuff.
I guess we too will be waiting for a new version.
I don’t think that this is about revenue. I think the problem is that Microsoft is so big meanwhile that they have difficulties to coordinate the different departments. One department is pushing 64 bit, the other one still counts on 32 bit.
Anyone got this running with Citrix ? if I use it under citrix, all my sessions will eventually get in a down state and have to reboot my machine by power down and up.
I’m currently looking at replacing the AV running on our network with one that can get the job done since TrendMicro Officescan has really failed out.We have countless viruses and trojan horses on the network that cannot be resolved and everytime look at the virus encyclopedia on Trend they always tell you download the latest virus definitions.Well I’m tired of this.I have recently considered testing and deploying McAfee VirusSacn Enterprise 8.7. I installed the epo management console on my virtual server that i use for testing and deployed the agent to a couple of test clients and it works fine,but the problem is pc performance after installing the software on the client pc. Maybe you guys can help with a problem that is simple to deploy and yet effective with little effect on pc performance.
Thnx
Take a look at Sophos
Very effective with very small footprint / impact on client