Administrator Console overview


Applies to: Forefront Protection 2010 for SharePoint

Topic Last Modified: 2011-04-25

The Forefront Protection 2010 for SharePoint Administrator Console enables you to easily manage Microsoft Forefront Protection 2010 for SharePoint (FPSP) on a single SharePoint server.

  • All FPSP features that are configurable in the user interface can be also configured by using Windows PowerShell commands. For more information about using Windows PowerShell commands, see Using Windows PowerShell.

  • You cannot configure remote servers using the Forefront Protection 2010 for SharePoint Administrator Console, but another option available to you for managing FPSP on multiple servers, such as in an enterprise, that Microsoft recommends is the Microsoft Forefront Protection Server Management Console (FPSMC). You can download FPSMC from the Microsoft Download Center at the following location: Microsoft Forefront Protection Server Management Console (FPSMC) 2010. Documentation for FPSMC can be found in the TechNet library at Forefront Protection Server Management Console.

    Additionally, the Microsoft Forefront Protection Server Script Kit provides another multi-server management option for Forefront Protection 2010 for SharePoint.

The FPSP Administrator Console is designed around three major administrative functions: live monitoring of server protection events, configuring server policy settings, and tools for performing specific tasks as needed. These correspond with the typical administrative workflow. After the initial FPSP configuration, you most frequently monitor incidents reported and possibly quarantined by FPSP. Less frequently, you adjust policy settings or perform a specific task.

To move between the three main views in the user interface (Monitoring, Policy Management, and Tasks), click the desired button in the lower-left corner. The subdivisions within each view appear in an Explorer-like tree above the buttons. A central pane contains the primary screen information, such as configuration settings. This pane is flanked by navigation tools in the left pane and action tools in the right pane.

In the FPSP Administrator Console, the Monitoring view provides details about detected threats or filter matches (called incidents), quarantined items, system health, and statistical data. This view is also where you can configure e-mail notifications to keep administrators and other types of users informed about FPSP activity.

As an administrator, you can use the FPSP Administrator Console user interface to view the current protection events, or incidents. When malware, such as viruses or spyware, is detected, or if a filter is matched, an incident is logged and you can view details about it. Incidents can be filtered so that the user interface shows, for example, only those of a particular type or that occurred at a particular time.

The Monitoring view also enables you to see a list of items that have been quarantined. Similar to incidents, the list of quarantined items can be filtered to show only items that match certain criteria. You can also use the user interface to delete items in quarantine.

You can monitor your FPSP environment by viewing statistics reports and health monitors. There are health monitors for scan jobs, services, engines, and licensing. You can also view summary and detail reports about malware detections and filter matches.

In the FPSP Administrator Console, the Policy Management view is primarily used for configuration. You can change the default settings to better suit your FPSP environment and create customized filters.

The Policy Management settings are grouped by protection technology: Antimalware and Filters. A Global Settings view provides configuration settings that apply across protection technologies.

Antimalware protection consists of antivirus and antispyware protection and both are configured in the Antimalware group. Filtering enables you to restrict or allow content based on file type, file name, file name extension, and other criteria.

FPSP contains subgroups within Antimalware and Filters. This enables administrators, for example, to create different antimalware and filtering settings for an realtime and scheduled scans.

After installation, antimalware protection starts automatically using predefined settings. Using the FPSP Administrator Console, you can adjust the default values and create custom filters.

In addition to continuous protection through the realtime scan, FPSP lets you schedule scans of stored data. The scheduled scan typically runs only at a specific time and can be set to run on a recurring basis. The scheduled scan can also be configured differently than the realtime scan. For example, in the Filters view, each filter can be independently enabled for different scan types. In the Global Settings - Scan Options pane, you can specify scanning of different SharePoint sites for the scheduled scan.

In the FPSP Administrator Console, the Tasks view is used for manually starting a one-time job, such as an on-demand scan. This scan is best used during an outbreak to immediately scan just a few specific sites that you suspect may be compromised by a malware threat or may contain restricted or disallowed content or files.


Community Additions