About Discovery
Applies To: Forefront Endpoint Protection
In Operations Manager, the Discovery Wizard can be used to define a query. However, the FEP 2010 Security Management Pack is preconfigured to target Microsoft.Windows.Server.Computer. This query will return a True value if the FEP 2010 client is installed on a client that is running a server operating system. If you also want to target clients that are running computer operating systems, you must configure Operations Manager to target those clients.
Objects the FEP Security Management Pack Discovers
The FEP Security Management Pack discovers the object types described in the following table. Not all of the objects are automatically discovered. Use overrides to discover the object types that are not discovered automatically. For more information about how to configure discovery to target clients running computer operating systems, see Configuring Client Discovery.
| Category | Object | Discovered automatically |
|---|---|---|
Server Discovery |
Microsoft.Windows.Server.Computer |
Yes |
Client Computer Discovery |
Microsoft.Windows.Client.Computer |
No |
Discovery Intervals
By default, FEP object discovery is configured to run at specified intervals. As such, it is possible that clients will not reflect updated properties in the Details pane when viewed in the console. You can override the default discovery interval, but it is recommended that you use caution when setting discovery interval configurations as running discovery more frequently can impact performance.
The following table shows the default discovery intervals.
| Object | Default discovery (hours) |
|---|---|
Protected Server Candidate Discovery |
8 |
Protected Client Candidate Discovery |
8 |
Protected Endpoint Discovery |
24 |
Object Properties
The discovery process returns information that is then displayed in the Operations Manager console. Details for selected endpoints can be viewed in the Operations Manager console Monitoring view.
The following table shows the properties for discovered endpoints that are running the FEP client software.
| Protected Endpoint properties | Additional information |
|---|---|
Client version |
|
Antimalware engine status |
|
Real-time protection status |
|
Real-time protection scan direction |
|
NIS status |
Supported only by Windows Vista with SP1 or later |
Windows Firewall status |
|
Antivirus definitions version |
|
Antispyware definitions version |
|
NIS definitions version |
|
Antivirus definitions age (days) |
|
Antivirus definitions creation (GMT) |
|
Antispyware definitions age (days) |
|
Antispyware definitions creation (GMT) |
|
Last quick scan age (days) |
|
Last quick scan start time (GMT) |
|
Last quick scan end time (GMT) |
|
Last full scan age (days) |
|
Last full scan start time (GMT) |
|
Last full scan end time (GMT) |
|
Definitions download location |
|
Policy name |
|
Policy set date |
|
Failed policy name |
|
Failed policy date |
|
Policy failure details |
|
Installation pending restart |
|
Computer ID |
The following table shows the properties for discovered endpoints that are not running the FEP client software.
| Unprotected Endpoint properties | Additional information |
|---|---|
Operating System Name |
|
Deployment State |
|
Deployment State More Information |
|
ComputerID |