FEP 2010 Security Management Pack Monitoring
Applies To: Forefront Endpoint Protection
You can monitor the client computers that run the FEP client software in a variety of ways. The monitoring mechanisms of Forefront Endpoint Protection Security Management Pack are summarized in the following table.
| Item | Description |
|---|---|
Object classes |
Classes identify all FEP protected and FEP unprotected clients. For information about FEP classes, see Object Classes. |
Discovery |
Discovery is the way objects are identified by Operations Manager. For information about FEP discovery, see About Discovery. |
Rules |
Rules perform designated operations. For example, rules can raise alerts when security incidents occur. For more information about FEP rules, see About Rules. |
Monitors |
Monitors are event-driven mechanisms that collect information about vulnerabilities and the security state of FEP clients. For more information about FEP monitors, see About Monitors. |
Views |
Views display health states of clients, as well as alerts and events. For more information about FEP views, see About Views. |
Alerts |
Alerts can indicate whether there is an issue in your environment. For more information about FEP alerts, see About Alerts. |
Tasks |
Tasks trigger on-demand actions that are required for fixing vulnerabilities and the security state of FEP clients. For more information about FEP tasks, see About Tasks. |
Viewing Endpoint Properties
There are two ways to view endpoint information; by using the Health Explorer and by viewing the Details pane. If you want to view multiple properties for the same endpoint, the Details pane is the easiest way to view these properties. However, it is important to note that the Health Explorer and the Detail View pane are populated via different mechanisms. Properties viewed through the Health Explorer are delivered by monitors and alerts, which are event driven. Properties viewed by using the Detail View pane are discovery driven. This means that information that is viewed through the Health Explorer for a selected endpoint can reflect different property values than viewing the same information by using the Detail View pane. For example, if an event occurs after the property information is refreshed by discovery, the Health Explorer will display the latest updated information for that property. The Detail View pane will not receive updated property information until the next time discovery runs.
For more information about FEP monitors, see About Monitors. For more information about FEP discovery, see About Discovery.
Monitoring Cluster Nodes
The Forefront Endpoint Protection client software is not cluster aware. Although it is possible to view all nodes through Operations Manager, the passive node of a cluster cannot be monitored by using the Forefront Endpoint Protection Security Management Pack.