Written by Brendan Gibb, SBSC Community in British Columbia

We have been using Microsoft Forefront Antigen as a replacement for the managed antivirus products we deployed for the past ten years. Every one of our small business and larger clients uses a managed deployment model because over the years we quickly determined that it was much less expensive overall, though the savings are primarily over a three year period as the products are always more expensive up front. Properly deployed, however, we need to be able to make use of some key technologies to get the benefits:

1. Group Policy to manage and enforce the deployment.
2. Sound reporting to detect issues with clients that may not be examined daily.
3. Windows Server Update Services to detect missing patches and provide some sense of the health of the environment.

Obviously Forefront was a good fit in its current form. The deployment model uses Group Policy to roll out the configuration and settings to the registry of systems that require Antivirus. WSUS detects machines that have the registry settings for the antivirus client and include updates and the new product to clients when they are approved by the administrator. Problems are collected by SQL Server Reporting Services and used to generate the most detailed reports I have ever seen in an antivirus product. Overall I am very pleased.

There are some things to remember about this product that require some getting used to:

• It is purchased and licensed using the Open Value program, so make sure that the SKU and quantities are correct by talking to a licensing representative who knows what they are talking about.
• You must be careful about the SQL version that you have access to. Small Business Server 2003 deploys SQL 2005 Workgroup Edition and this product does not support certain caching features required by the SQL Reporting Services. It will deploy with errors, but the reporting is completely offline without a SQL 2005 Standard or SQL 2005 Enterprise Edition available. You can still manage and deploy the clients however, but it does weaken the offering somewhat. However, I like the product enough that we still use it even with this limitation and it works fine otherwise.
• Performance tuning is an absolute must. You need to decide how much performance you want VS the level of filtering you are looking for. We generally favor performance in our environment so we scan with only two virus engines. You can use up to 8 different ones if you are really focused on virus detection and removal.
• SQL Server 2005 Reporting Services is required for deployment and this sometimes has some interesting quirks in setup. It is definitely important that this service has been installed and confirmed to be working by connecting to the websites that are created and used by the service.

I would recommend this product to anyone for its ease of use and effectiveness. If anyone has detailed questions I am happy to answer them. Just email me at bgibb@browenit.com and if I can help I will.

Brendan N. Gibb

Related Post: Download notes or watch on-demand the Microsoft Forefront exclusive webcast