Administrator Console overview
Applies to: Forefront Protection for SharePoint
Topic Last Modified: 2011-04-25
The Forefront Protection 2010 for SharePoint Administrator Console enables you to easily manage Microsoft Forefront Protection 2010 for SharePoint (FPSP) on a single SharePoint server.
The FPSP Administrator Console is designed around three major administrative functions: live monitoring of server protection events, configuring server policy settings, and tools for performing specific tasks as needed. These correspond with the typical administrative workflow. After the initial FPSP configuration, you most frequently monitor incidents reported and possibly quarantined by FPSP. Less frequently, you adjust policy settings or perform a specific task.
To move between the three main views in the user interface (Monitoring, Policy Management, and Tasks), click the desired button in the lower-left corner. The subdivisions within each view appear in an Explorer-like tree above the buttons. A central pane contains the primary screen information, such as configuration settings. This pane is flanked by navigation tools in the left pane and action tools in the right pane.
In the FPSP Administrator Console, the Monitoring view provides details about detected threats or filter matches (called incidents), quarantined items, system health, and statistical data. This view is also where you can configure e-mail notifications to keep administrators and other types of users informed about FPSP activity.
As an administrator, you can use the FPSP Administrator Console user interface to view the current protection events, or incidents. When malware, such as viruses or spyware, is detected, or if a filter is matched, an incident is logged and you can view details about it. Incidents can be filtered so that the user interface shows, for example, only those of a particular type or that occurred at a particular time.
The Monitoring view also enables you to see a list of items that have been quarantined. Similar to incidents, the list of quarantined items can be filtered to show only items that match certain criteria. You can also use the user interface to delete items in quarantine.
You can monitor your FPSP environment by viewing statistics reports and health monitors. There are health monitors for scan jobs, services, engines, and licensing. You can also view summary and detail reports about malware detections and filter matches.
In the FPSP Administrator Console, the Policy Management view is primarily used for configuration. You can change the default settings to better suit your FPSP environment and create customized filters.
The Policy Management settings are grouped by protection technology: Antimalware and Filters. A Global Settings view provides configuration settings that apply across protection technologies.
Antimalware protection consists of antivirus and antispyware protection and both are configured in the Antimalware group. Filtering enables you to restrict or allow content based on file type, file name, file name extension, and other criteria.
FPSP contains subgroups within Antimalware and Filters. This enables administrators, for example, to create different antimalware and filtering settings for an realtime and scheduled scans.
After installation, antimalware protection starts automatically using predefined settings. Using the FPSP Administrator Console, you can adjust the default values and create custom filters.
In addition to continuous protection through the realtime scan, FPSP lets you schedule scans of stored data. The scheduled scan typically runs only at a specific time and can be set to run on a recurring basis. The scheduled scan can also be configured differently than the realtime scan. For example, in the Filters view, each filter can be independently enabled for different scan types. In the Global Settings - Scan Options pane, you can specify scanning of different SharePoint sites for the scheduled scan.
In the FPSP Administrator Console, the Tasks view is used for manually starting a one-time job, such as an on-demand scan. This scan is best used during an outbreak to immediately scan just a few specific sites that you suspect may be compromised by a malware threat or may contain restricted or disallowed content or files.