Tuesday, May 31, 2011

Forefront Endpoint Protection Management Pack

When searching the System Center Marketplace for FEP MPs you should keep in mind that there are two different MPs.

One is only for server health and the other one(s) are FEP “deep dive” (well, more or less) security monitoring.

FEP Server Health Monitoring Management Pack:

Forefront Endpoint Protection Server Health Management Pack monitors health of the FEP servers and alerts on server health changes. As most of FEP functionality is based on Configuration Manager infrastructure, this MP only monitors two standalone components:
1) SQL agent job that copies data from Configuration Manager database to FEP Data Warehouse
2) FEP alerting service
Management Pack also alerts on events in Windows Event Log that indicate error conditions of FEP Server.

http://systemcenter.pinpoint.microsoft.com/en-US/applications/forefront-endpoint-protection-server-health-monitoring-management-pack-12884909405

FEP Security Monitoring Management Pack:

The Forefront Endpoint Protection Security Management Pack provides real-time monitoring of your Forefront Endpoint Protection clients by using System Center Operations Manager. Alerts can be configured for virus activity, firewall downtime, or update failures. In addition to real-time event monitoring, the Forefront Endpoint Protection Security Management Pack also provides automated response capabilities to remediate security related issues.

http://systemcenter.pinpoint.microsoft.com/en-US/applications/forefront-end-point-protection-2010-security-management-pack-12884909636

Thanks for the hint to my friend and SCCM (and latterly) FEP expert Mirko!

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.

1 comment: