Microsoft Forefront Endpoint Protection (FEP) Network Inspection System (NIS)

I’ve had a few people ask me what’s NIS do in FEP.  Well basically it monitors network traffic looking for known network exploit signatures.  When one is found FEP logs it the Event Viewer and disregards the traffic.  This way the network exploit can’t be ran on the workstation or server. See network exploits don’t read or write to a hard drive so real-time protection is useless because real-time protection looks at files on the hard drive.

The next question that I get asked is doesn’t that cause a performance hit?  Well sort of but not really.  See when Microsoft finds out about a network exploit they begin to create, test, then make publicly available a patch.  In that time a workstation or server is vulnerable to that network exploit.  Microsoft finds the exploit signature and will add it to a virus definition update so NIS will stop it before it reaches the OS until a patch can be created, tested, and deployed.  What’s really cool is FEP will look to see if a patch has been applied for a network exploit and if it has it won’t monitor for that signature because it assumes that workstation or server is patched for it!  The more patches and updates you have on a workstation or server the less NIS will look for and the better performance you’ll get!  

YAY for FEP and NIS!

Blogs are boring unless they have a screenshot or something so here’s one.

screenshot.14

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s