Release Notes

Applies To: Forefront Endpoint Protection

These release notes contain information that is required to successfully install, deploy, and use Microsoft® Forefront® Endpoint Protection. They contain information that is not available in the product documentation.

Microsoft Forefront Endpoint Protection Update Rollup 1

For more information about FEP Update Rollup 1, see What's New in FEP 2010 Update Rollup 1.

FEP and Configuration Manager 2007 R3

Configuration Manager 2007 R3 supports specifying the connection to a Microsoft SQL Server database in the format server\instance,port. FEP does not support connecting to a database in this format. You must start the SQL Browser service, and then change the connection string used by Configuration Manager 2007 R3.

For more information about how to change the SQL Server connection string, see How to Move the Site Database in the Configuration Manager library on TechNet.

Applying the Reporting Fix (KB2554364) May Require a Server Restart

When you apply the prerequisite Microsoft Forefront Endpoint Protection reporting fix, you may need to restart the server on which you installed the fix. For more information, see Microsoft Knowledge Base article 2554364.

Custom Data Retention Value Reset After Running a Repair or Applying Update Rollups

You can customize the data retention value by using the steps outlined in FEP 2010 Reporting Database Maintenance. However, after running a repair on your FEP installation, or after applying an Update Rollup, the data retention value is reset to the default value of 12 months. You must perform the steps in FEP 2010 Reporting Database Maintenance in order to rest the data retention value to what is required in your organization.

After Installing Update Rollup 1, Uninstalling the FEP Console Extension Update Causes an Exception when Editing Policies

After you install all FEP Update Rollup 1 components, uninstalling the FEP console extension update causes an exception when editing policies.

To fix this issue, you must repair the FEP console extensions. On the computer running the Configuration Manager console, in the Control Panel, in Programs and Features, right-click Microsoft Forefront Protection 2010 Console and then click Repair.

When You Repair a FEP Installation, You Must Use the Appropriate FEP Media

If you need to repair a FEP installation, you must use the appropriate FEP media. The following table describes the possible combinations.

Installation Type Repair Media

FEP RTM, upgraded to Update Rollup 1

FEP RTM

Installation performed from slipstreamed FEP Update Rollup 1 media

FEP Update Rollup 1 slipstreamed media

Microsoft Forefront Endpoint Protection

Running a Repair on Microsoft Forefront Endpoint Protection When Reporting Fails

The user account used to run a repair on Forefront Endpoint Protection Reporting must be assigned the Content Manager SQL Server Reporting Services role.

For more information about the Content Manager SQL Server Reporting role, see Content Manager Role (https://go.microsoft.com/fwlink/?LinkId=207653) in the SQL Server Books Online.

Note

When User Account Control (UAC) is enabled on the SQL Server Reporting Services server, the role assignment cannot be inherited from the following groups or repair will fail:

  • Administrators—local group

  • Domain Administrators—domain group

X-Axis Labels Are Not Displaying Properly in the Antimalware Protection Summary Report

In some circumstances, when running the Antimalware Protection Summary report, the x-axis labels do not display properly. This occurs only when running Microsoft SQL Server® 2008 or SQL Server 2008 R2 reporting services.

Install one of the following SQL Server cumulative updates to fix the report:

Note

It is recommended that you install the SQL Server cumulative update prior to installing Forefront Endpoint Protection. If the SQL Server cumulative update is installed after Forefront Endpoint Protection is installed, you will need to run a repair on the Microsoft Forefront Endpoint Protection 2010 Reporting component.

Managing the Customer Experience Improvement Program Setting on the Forefront Endpoint Protection Server

After installing Forefront Endpoint Protection you cannot change your membership in the Customer Experience Improvement Program (CEIP) through the user interface.

To manually configure the CEIP setting, modify the following registry key on the Forefront Endpoint Protection server:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Forefront Endpoint Protection 2010\config\SqmEnabled

  • Setting the registry key to 1 joins the CEIP.

  • Setting the registry key to 0 removes membership in the CEIP.

For the change to take effect you need to restart the computer.

Microsoft Forefront Endpoint Protection Client Software

Managing the Customer Experience Improvement Program Setting on Forefront Endpoint Protection Clients

Forefront Endpoint Protection clients automatically join the CEIP. Users can modify this setting; however, the administrator cannot control the CEIP setting via a Forefront Endpoint Protection policy created in the Configuration Manager console.

To configure the CEIP setting, create the following registry key on the Forefront Endpoint Protection client computer:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft AntiMalware\Miscellaneous Configuration\SqmConsentApprove

  • Setting the registry key to 1 joins the CEIP (default).

  • Setting the registry key to 0 removes membership in the CEIP.

After the registry key has been created, the user can no longer change this setting from the Forefront Endpoint Protection client.

For the change to take effect you need to restart the computer.

Operating System Upgrade

After the operating system on a client computer is upgraded, the Forefront Endpoint Protection client software no longer functions as expected. To avoid this, you must uninstall the Forefront Endpoint Protection client software before running the operating system upgrade.

This applies to the following operating system upgrade paths:

  • Windows XP to Windows Vista®

  • Windows Vista to Windows Vista SP1, Windows Vista SP2, or Windows® 7

Custom Scan on Virtual Drives in Windows XP

On computers running Windows XP, malware residing on a virtual drive will not be detected during a custom scan of the virtual drive. A virtual drive is created by applications using Application Virtualization (App-V) technology, such as Microsoft Office 2010. Quick scans and full scans properly detect the malware.

Forefront Endpoint Protection Does Not Uninstall Symantec on Computers Running x64 Operating Systems

The Forefront Endpoint Protection client software does not uninstall the Symantec Antivirus Corporate Edition client on computers running a 64-bit operating system. On these computers, you need to manually uninstall the Symantec software before deploying the Forefront Endpoint Protection client software.

Forefront Endpoint Protection Client Stops Reporting Malware Activity When the System Event Log Is Full

Client malware activity incidents are reported from the client to the Forefront Endpoint Protection server based on the entries in the System event log. If the System event log is full and no new events can be written, no new malware activity will be reported to the Forefront Endpoint Protection server.

It is recommended that you configure the properties of the System event log to overwrite events when needed, so that new events can be written and are not lost.