FEP 2010 Reports

Applies To: Forefront Endpoint Protection

Forefront Endpoint Protection reports consist of malware and health reports, and operational reports. The section describes where the reports are located, how the reports are run, the kind of information they provide, and the command options available for generated reports.

Forefront Endpoint Protection Security Reports

Forefront Endpoint Protection malware and health reports are located in the Reports node under the Forefront Endpoint Protection node. These reports provide administrators with information about the antimalware protection status of, and malware activity on, client computers where Forefront Endpoint Protection is deployed. There are five predefined Forefront Endpoint Protection reports, three of which are run directly from the Reports node (source reports), and two that are run by clicking links within them.

Additionally, the Computer Details Report can be run by navigating to a collection, selecting a computer, and then in the actions pane clicking Run FEP Computer Details Report. In this instance, the report is filtered to display information for the selected computer.

The Protection, Deployment, Health, and Security status report sections are based on the last status reported by the FEP client software and current collection membership, unless otherwise noted. Malware and Antimalware activity report sections are based on historical information and computers are displayed based on the collections of which the computer was member when the activity occurred.

The following table contains a list of the reports.

Report name Description Accessed by Sections

Antimalware Activity Report

This report provides an overview of antimalware status, malware alerts, and malware detections.

Reports node

  • Security Alerts—Displays a summary of raised Forefront Endpoint Protection alerts. For more information, see Using Alerts to Monitor Malware Detections.

  • Security Status—Displays a summary of computers by Forefront Endpoint Protection client status.

  • Antimalware Activity—Displays a dashboard of information about all detected malware.

  • Malware Activity—Displays lists of the top malware infections by severity and frequency.

Antimalware Protection Summary Report

This report provides an overview of antimalware deployment and health.

Reports node

  • Antimalware Deployment and Health—Displays a dashboard of antimalware information.

  • Security Status—Displays a summary of computers by Forefront Endpoint Protection client status.

Malware Details Report

This report displays further details about a specific malware.

Clicking a link in a source report

  • Malware Details—Displays details about the detected malware.

  • Antimalware Activity—Displays a dashboard of information about the detected malware.

  • Infected Computers—Displays a list of computers that have been infected with the detected malware.

Computer List Report

This report displays a list of computers that can be filtered by collection, name, protection status, security state, antimalware signature version, detected malware, and last antimalware scan time.

Reports node or clicking a link in a source report

Computer List—When you run this report from the Reports node, it displays a list of computers to which the Forefront Endpoint Protection client is deployed. When run by clicking a link in a source report, it displays a filtered list of computers according to the clicked link.

Computer Details Report

This report displays further details about a specific computer.

Clicking a link in a source report or run directly on a computer in a collection

  • Computer Details—Displays details about the specified computer.

  • Protection Status—Displays information about the status of the Forefront Endpoint Protection client features.

  • Malware Activity—Displays a summary of malware information followed by a list of malware that has been detected on the specified computer and its last reports state.

Forefront Endpoint Protection reports have links that you can click to view additional data, such as more detailed information about items in the source report. For example, you can click a malware name in the Antimalware Activity Report (source report) to view the Malware Details Report (target report) and display more information about this malware. The source report passes the malware name to the target report based on which line in the source report you choose to obtain more information.

Important

The FEP reports only show antimalware activity; Network Inspection Service detections are not included in the Forefront Endpoint Protection reports. Network Inspection Service detection events are recorded to the Windows Event Log.

Note

On a computer running Windows® 7 or Windows Server® 2008 R2, where the regional date and time format is specified as Hebrew (Israel), dates and times will display in reverse format in the Forefront Endpoint Protection console.

To resolve the issue, apply the following hotfix:

KB2030901 (https://go.microsoft.com/fwlink/?LinkId=205598).

Command Options

When you run a report, you can use the menu bar commands to do the following:

  • To view the report with different parameters, change the report filters accordingly, and then click View Report.

  • To search the report, in the Find box, type the search term, and then click Find.

  • To use the report data in another application, in the Select a format box, select an export file format, and then click Export.

  • To view the most recent information, click Refresh.

  • To print the report, click Print.

The following table lists the default settings when running reports:

Report Setting Value

Collection:

All Desktops and Servers

Report time Span:

Week

Operational Reports

Forefront Endpoint Protection operational reports are located in the standard Configuration Manager Reports node under the Reporting node. These reports provide administrators with tracking and troubleshooting information about Forefront Endpoint Protection deployments on, and policy distribution to, client computers. There are seven predefined Forefront Endpoint Protection reports, three of which can be run directly from the Forefront Endpoint Protection dashboard, and four that can be run by clicking successive links in them.

The following is a list of the reports.

Report name Description Accessed by Details

Deployment Overview

This report displays the breakdown of the Microsoft Forefront Endpoint Protection client deployment status per collection.

Dashboard or Configuration Manager Reports

For each collection, the following information is provided:

  • Count—The total number of computers in the collection.

  • The number of computers in each of the following deployment states: Removed, Failed, Pending, Out of date, Deployed, and Not targeted.

  • Deployed %—The percentage of computers on which the Forefront Endpoint Protection client has been successfully installed.

You can click the links in the left-hand column to view the Deployment for a specific collection report.

Deployment for a specific collection

This report displays the breakdown of the Microsoft Forefront Endpoint Protection client deployment status for a specific collection.

Configuration Manager Reports

For the specified collection, for each deployment state, the total number of computers in that state is displayed.

You can click the links in the left-hand column to view the Deployment for a specific collection in a specific state report.

Computers with a specific deployment state

This report displays a list of computers in a collection and the specific deployment state.

Configuration Manager Reports

For the specified collection and deployment state, for each computer, a summary of Forefront Endpoint Protection deployment details is displayed.

You can click the links in the left-hand column to view the FEP information for a specific computer report.

Policy Distribution Overview

This report displays the breakdown of policy distribution states per collection. The report will only enumerate computers with Microsoft Forefront Endpoint Protection deployed.

Dashboard or Configuration Manager Reports

For each collection, the following information is provided:

  • Computers—The total number of computers in the collection.

  • The number of computers in each of the following distribution states: Failed, Pending, and Distributed.

  • Success %—The percentage of computers on which the Forefront Endpoint Protection policy has been successfully applied.

You can click the links in the left-hand column to view the Policy Distribution for a specific collection report.

Policy Distribution for a specific collection

This report displays the policy distribution states for a specific collection.

Configuration Manager Reports

For the specified collection, for each distribution state, the total number of computers in that state is displayed.

You can click the links in the left-hand column to view the Policy Distribution for a specific collection in a specific state report.

Computers with a specific policy distribution state

This report displays a list of computers in a collection and the specific policy state.

Configuration Manager Reports

For the specified collection and deployment state, for each computer, a summary of Forefront Endpoint Protection deployment details is displayed.

You can click the links in the left-hand column to view the FEP information for a specific computer report.

FEP information for a specific computer

This report displays a summary of Forefront Endpoint Protection information for a specific computer.

Dashboard or Configuration Manager Reports

For the specified computer, the following details are displayed:

  • The latest Forefront Endpoint Protection summary information.

  • The network adapters on the computer.

  • Historical Forefront Endpoint Protection client activity information.

You can click the links in the left-hand column to view to other standard Configuration Manager reports.

Concepts

Reports Overview