Microsoft Forefront Client Security
Version: Microsoft Forefront client security 2010.
Forefront Client Security is a unified Internet security software package from Microsoft. Forefront Client Security provides business networks with protection from viruses, worms and other malware threats. The software can protect all of the machines on a Windows network infrastructure, including the servers and the client desktops and laptops.
Netsurion Open XDR supports Microsoft Forefront Client Security and monitors it and generates alerts, reports for critical events.
Netsurion Data Source Integrations for Microsoft Forefront Client Security allows you to monitor following:-
- Monitoring client security activity.
- Monitoring malware protection.
- Monitoring real time protection.
- Monitoring quarantine restore activity.
- Monitoring scan activity.
Once events are received into Netsurion Open XDR; alerts and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Forefront Client: Client security engine failed | This alert is generated when client security engine failed. |
| Security | Forefront Client: Configuration change | This alert is generated when configuration change occurs. |
| Security | Forefront Client: Malware detected | This alert is generated when malware detected. |
| Security | Forefront Client: Malware protection action failed | This alert is generated when malware protection action failed occurs. |
| Security | Forefront Client: Update failed | This alert is generated when update failure occurs. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Forefront Client: Client security configuration change | This category based report provides information related to client security configuration change. |
| Security | Forefront Client: Client security engine failure | This category based report provides information related to client security engine failure. |
| Security | Forefront Client: Malware detected | This category based report provides information related to malware detected. |
| Security | Forefront Client: Malware protection action failed | This category based report provides information related to malware protection action failed. |
| Security | Forefront Client: Malware protection action success | This category based report provides information related to malware protection action success. |
| Security | Forefront Client: Malware protection engine update failed | This category based report provides information related to malware protection engine update failed. |
| Security | Forefront Client: Malware protection engine updated | This category based report provides information related to malware protection engine updated. |
| Security | Forefront Client: Malware protection signature reverted | This category based report provides information related to malware protection signature reverted. |
| Security | Forefront Client: Malware protection signature update failed | This category based report provides information related to malware protection signature update failed. |
| Security | Forefront Client: Malware protection signature updated | This category based report provides information related to malware protection signature updated. |
| Security | Forefront Client: Quarantined item restore failed | This category based report provides information related to quarantined item restore failed. |
| Security | Forefront Client: Quarantined item restore success | This category based report provides information related to quarantined item restore success. |
| Security | Forefront Client: Real time protection agent configuration change | This category based report provides information related to real time protection agent configuration change. |
| Security | Forefront Client: Real time protection agent status | This category based report provides information related to real time protection agent status. |
| Security | Forefront Client: Real time protection start up failed | This category based report provides information related to real time protection startup failed. |
| Security | Forefront Client: Scan cancelled | This category based report provides information related to scan cancelled. |
| Security | Forefront Client: Scan completed | This category based report provides information related to scan completed. |
| Security | Forefront Client: Scan disabled | This category based report provides information related to scan disabled. |
| Security | Forefront Client: Scan enabled | This category based report provides information related to scan enabled. |
| Security | Forefront Client: Scan failed | This category based report provides information related to scan failed. |
| Security | Forefront Client: Scan started | This category based report provides information related to scan started. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and Microsoft Forefront client security 2010.
Download Integration Guide for configuration instructions and more information.