Client Security overview
Applies To: Forefront Client Security
Client Security provides three important functions:
Protection—Client Security provides a single solution designed to help guard against emerging threats and other traditional attacks. Scans identify malware, such as spyware, rootkits, and viruses. Scans also assess your security state by checking for vulnerabilities such as missing software updates.
Control—Client Security gives administrators the ability to determine the specific security configuration for client computers, including the frequency and type of scans, the default response to a specific threat, when to raise an alert, and how much control to give end users over scans.
Reporting—Client Security prioritizes security issues by using detailed reports and alerts. Reports include current and historical trend information about threats, vulnerabilities, and computer details.
All of these are included in an architecture that can integrate with your existing infrastructure.
This topic introduces the user interface and discusses the major features in more detail.
User interface
The user interface includes a Dashboard tab and Policy Management tab.
Dashboard tab
When working with Client Security, you will spend much of your time on the Dashboard tab in the Microsoft Forefront Security Management Console. The dashboard is the starting point for performing many tasks. It provides useful high-level information indicating the security status of your environment as well as navigational access to other areas of the Client Security console.
The dashboard provides:
A high-level status of the health of your enterprise (from the Client Security perspective).
An entry point to reports.
An entry point to alerts.
.gif "Client Security dashboard")
For a detailed description of the dashboard and the available features, see the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkID=86997).
Policy Management tab
A Client Security policy is a collection of settings that you can apply to many client computers. Using the Policy Management tab in the console, you can create, modify, and delete policies.
.gif "Policy tab")
Policies determine when client computers download definitions, the scan type and frequency, and the response to individual malware. In addition, the policy determines the end-user experience in the Client Security agent.
Feature overview
The following table describes the major Client Security features.
| Feature | Description | Tasks | For more information |
|---|---|---|---|
Policies |
Determine the state of the client computer, which clients are affected, the specific operations a scan performs, and what information to report to the Client Security server. Client Security stores policies as a collection of registry key settings. |
Create, edit, and deploy policies by using the Client Security console. |
Working with policies in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkId=87538) |
Reports |
Describe your environment, including both snapshots and historical trends for alerts, deployments, computers, threats, and vulnerabilities. |
Access reports from the Client Security console, from a Web browser, and from Microsoft Operations Manager (MOM) alerts. By default, reports are displayed as HTML files, although they can be exported as an XML file, a Microsoft Office Excel® spreadsheet, and other formats. |
Working with reports, alerts, and events in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkId=87539) |
Security state assessment (SSA) scans |
Detect potential security issues on the client computer, including missing security updates and plaintext passwords. |
Schedule by using Client Security policies. Results of SSA scans are available in reports and alerts. |
Scanning for malware and vulnerabilities in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkId=87541) |
Malware scans |
Detect malware, including spyware, viruses, and rootkits. |
Schedule by using Client Security policies. May also be run on demand by both administrators and users. Results of malware scans are available in reports and alerts. |
Scanning for malware and vulnerabilities in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkId=87541) |
Real-time protection |
Generate alerts when malware attempts to install itself or run on the client computer. |
Configure by using Client Security policies. Results are available in reports and alerts. |
Configuring real-time protection in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkID=87542) |
Alerts |
Generate based on the severity of the threat or vulnerability. The alert level, which can be set per policy, determines when an alert is generated for a group of computers. |
Access from the Client Security console and resolve in the MOM Operator console. |
Working with reports, alerts, and events in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkId=87539) |
Definitions |
Identify new malware and new SSA checks. Definitions are published by Microsoft. |
Update on client computers from Microsoft Update via Microsoft Windows Server® Update Services (WSUS). |
About definitions in the Client Security Administrator's Guide (https://go.microsoft.com/fwlink/?LinkID=86997) |