Deploying and Administering Microsoft Forefront Client Security

Summary

Audience Profile

This course is intended for technical deployment specialists and senior-level administrators who manage a Microsoft Exchange Server or Microsoft SharePoint Products and Technologies infrastructure or security practice.

Prerequisites

Before attending this course, students must have Windows Server certifications or deployment experience and be familiar with the Forefront product line: Client, Server, and Edge.

Course Outline Module 1: Course Overview

This module provides an overview of the Forefront Client Security components and architecture. It describes what to expect from the product, and what modules will be covered on what days.

Lessons

  • Forefront Product Overview
  • Forefront Client Security
  • Microsoft Forefront Client Security Components
  • Training Modules

After completing this module, students will be able to:

  • Describe the Forefront Client Security components and architecture.

Module 2: Forefront Client Security Server Roles and Topologies

This module explains the various roles involved on the server side of a Forefront Client Security infrastructure, as well as how they relate to each other in the various possible topologies.

Lessons

  • Forefront Client Security Server Roles
  • Collection Server
  • Collection Server Database
  • Reporting Server
  • Reporting Database Server
  • Forefront Client Security Server Setup
  • Role Installation Steps
  • Server Topologies
  • SQL Server Database Sizing
  • Configuration Wizard
  • MOM Concepts
  • Forefront Client Security Server Setup Troubleshooting

Lab : Installing a Three Server Topology

  • Launch the Virtual Environment
  • Create Forefront Client Security Accounts
  • Install the Management, Collection, and Reporting Server
  • Install the Reporting Server Database
  • Install the Distribution Server Role
  • Configure Client Security on a Three Server Topology
  • Grant Correct Permissions for Forefront Client Security Service Accounts
  • Verify the Installation of Client Security on a Three Server Topology

After completing this module, students will be able to:

  • Identify the different server roles within Forefront Client Security.
  • Complete the server setup process.
  • Identify various server topologies.
  • Review basic MOM concepts.
  • Discuss Forefront Client Security server setup troubleshooting.

Module 3: Forefront Client Security Client

This module explains the Forefront Client Security client setup configuration and deployment.

Lessons

  • General Information
  • Antimalware
  • MOM Agent
  • Client Setup
  • Client Deployment Planning
  • Forefront Client Security Client Deployment Methods
  • Troubleshooting

Lab : Deploying the Forefront Client Security Client

  • Configure WSUS 3.0 to Deploy the Forefront Client Security Client
  • Create a Forefront Client Security Client Package and Distribute It
  • Distribute the Antimalware and Security Assessment State Definition Updates
  • Malware and Spyware Detection
  • View the Malware and Spyware in the Dashboard

After completing this module, students will be able to:

  • Be able to describe Forefront Client Security client component characteristics and information.
  • Be able to describe the antimalware agent and engine.
  • Understand the MOM agent.
  • Understand the client setup process.
  • Understand client deployment basics.

Module 4: Forefront Client Security Management

This module explains Forefront Client Security management.

Lessons

  • Administration
  • Administration Dashboard
  • Forefront Client Security Policy Deployment
  • Forefront Client Security Management Console Troubleshooting

Lab : End-to-End Policy Deployment

  • Deploy a Test Policy
  • Refresh and Verify Policy on the Client
  • View Policy Application via GPResult
  • View Summary Reports
  • Policy Configuration Effects on Client UI

Lab : Configuring Forefront Data Retention

  • Examine Data Retention Periods
  • Modify Database Retention Settings

After completing this module, students will be able to:

  • Be familiar with Forefront Client Security administration.
  • Understand Forefront Client Security Administration User roles.
  • Understand Forefront Client Security Policy UI settings and policy deployments.
  • Be familiar with Forefront Client Security Management Console troubleshooting.

Module 5: Forefront Client Security Reporting and Alerting

This module explains Forefront Client Security Reporting and Alerting.

Lessons

  • Reporting Services Overview
  • Reporting Architecture
  • MOM Reporting
  • Forefront Client Security Reports
  • SQL Server Reporting Services Troubleshooting
  • Alerts

Lab : Viewing Forefront Client Security Reports

  • Explore Forefront Client Security Reports

Lab : Managing Forefront Client Security Accounts

  • View Reporting Failure
  • Specify SQL Server Reporting Credentials to Forefront Client Security

Lab : Creating an E-Mail Report Subscription and Setting an E-Mail Notification

  • Configure SQL Server Reporting Services
  • Create an E-Mail Subscription
  • Create an E-Mail Notification
  • Follow the Alert Notification Flow
  • View E-Mail Server Settings

After completing this module, students will be able to:

  • Understand the reporting services infrastructure used by Forefront Client Security.
  • Be familiar with Forefront Client Security Reports.
  • Be familiar with Forefront Client Security Alerting Services.
  • Understand Forefront Client Security Reporting troubleshooting procedures.

Module 6: Security State Assessment

This module explains security state assessment.

Lessons

  • Security State Assessment
  • SSA General Information
  • SSA Architecture
  • SSA Object Processor (OP) and Manifest Updates
  • SSA Security Checks

Lab : Security State Assessment

  • Examine Security State Assessment information in MOM and the Forefront Client Security Management Console
  • Configure WSUS for Security State Assessments
  • Detect Vulnerabilities
  • Update Clients

After completing this module, students will be able to:

  • Understand the security state assessment component of Forefront Client Security.
  • Be familiar with the architecture of the SSA.
  • Be familiar with the object processor and manifest update in SSA.
  • Understand the SSA security check messages and results.

Module 7: Submitting Malware to Microsoft for Analysis

This module explains malware submission.

Lessons

  • Malware Submission
  • Assisting Customers with Malware Submissions

After completing this module, students will be able to:

  • Review methods and procedures used to submit malware to Microsoft for analysis.

Module 8: Closing

This module provides a review of the Forefront Client Security course, and a list of Web sites that provide additional information on Forefront Client Security.

Lessons

  • Antimalware Client Registry Settings
  • Antimalware Errors
  • PP Tracing
  • Antimalware Events
  • SSA Scan Event Log Events
  • MOM Command Line Reference

Module 9: AppendicesLessons

  • Appendix A: Antimalware Client Registry Settings
  • Appendix B: Antimalware Errors
  • Appendix C: PP Tracing
  • Appendix D: Antimalware Events
  • Appendix D: Antimalware Events
  • Appendix F: MOM Command Line Reference

After completing this course, students will be able to:

  • Describe the Forefront Client Security components and architecture, and identify the different server roles.
  • Complete and troubleshoot the server setup process, identify various server topologies, and describe basic MOM concepts and the MOM agent.
  • Identify Forefront Client Security client component characteristics and describe the client setup and deployment processes.
  • Understand Forefront Client Security administration and user roles, Forefront Client Security Policy UI settings and policy deployments, and know how to troubleshoot the Management Console.
  • Understand the reporting services infrastructure used by Forefront Client Security.
  • Use Forefront Client Security reports and alerting services, and troubleshoot reporting procedures.
  • Describe the security state assessment (SSA) component of Forefront Client Security, and understand its architecture.
  • Describe the object processor and manifest update in SSA.
  • Review the SSA Security Check messages and results.
  • Review methods and procedures used to submit malware to Microsoft for analysis.