Configuring the Client Software on a Configuration Manager Site Server

Applies To: Forefront Endpoint Protection

As part of the Forefront Endpoint Protection installation on the Configuration Manager site server, the Forefront Endpoint Protection client is installed with customized settings. In the following situations, you must recreate or modify the Forefront Endpoint Protection client customized settings:

• If you install Forefront Endpoint Protection on a Configuration Manager site server running the Configuration Manager agent, the customized settings are overwritten by the Default Server Policy and can adversely affect the operation of your Configuration Manager site server. To remediate, you must create a new policy and apply it to the Configuration Manager site server. For more information, see the Creating and applying the customized policy section in this topic.

• If Configuration Manager or SQL Server is not installed in the default location, or the SQL Server instance is not MSSQLSERVER, you must update the customized settings to reflect your environment settings. For more information, see the Updating customized settings section in this topic.

To create and apply the customized policy

1. Create a new Forefront Endpoint Protection policy using the FEP Configuration Manager 2007 including Defaults template. For more information, see Creating a Policy.

2. If Microsoft SQL Server is installed on the Configuration Manager site server computer, edit the policy, click Antimalware, click Excluded processes, and then add the relevant processes from the following table. For more information about editing policies, see Editing a Policy.

   SQL Server version	Processes
   SQL Server 2008	%programfiles%\Microsoft SQL Server\MSSQL10. <instance> \MSSQL\Binn\SQLServr.exe %programfiles%\Microsoft SQL Server\MSAS10. <instance> \OLAP\Bin\MSMDSrv.exe %programfiles%\Microsoft SQL Server\MSRS10. <instance> \Reporting Services\ReportServer\Bin\ReportingServicesService.exe where <instance> is the name of your SQL Server instance. The default SQL Server instance is MSSQLSERVER.
   SQL Server 2005	%programfiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe %programfiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe %programfiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe

3. Select an existing, or create a new, collection in which the Configuration Manager site server is the only member. If you need to create a new collection, do the following:

   1. In the Configuration Manager console, expand System Center Configuration Manager, expand Site Database, expand Computer Management, click Collections, and then in the Actions pane, click New Collection.

   2. Complete the New Collection Wizard that appears, as follows:

      1. On the General page, type the name for the collection.

      2. On the Membership Rules page, click the icon with a computer image.

      3. Complete the Create Direct Membership Rule Wizard that appears, as follows:

         1. On the Search for Resources page, do the following:

            1. In the Resource class list, click System Resource.

            2. In the Attribute name list, click Name.

            3. In the Value box, type the name of your Configuration Manager site server computer.

         2. On the Collection Limiting page, in the Search in this collection box, enter All Systems.

         3. On the Select Resource page, in the Resources list, select the name of your Configuration Manager site server computer.

4. Assign the new policy to the collection. For more information, see Assigning a Policy to Endpoint Computers.

   Important

   If Configuration Manager or SQL Server is not installed in the default location, or the SQL Server instance is not MSSQLSERVER, you must update the customized settings to reflect your environments settings.

Updating Customized Settings

If Configuration Manager or SQL Server is not installed in the default location or the SQL Server instance is not MSSQLSERVER, you must update the customized settings to reflect your environments settings. To update your customized settings, edit the relevant policy or the settings on the Forefront Endpoint Protection client, and modify the paths specified in the following sections:

• Excluded files and locations

• Excluded processes

  Note

  This is only required if Microsoft SQL Server is installed on the Configuration Manager site server computer.