Using the Forefront Endpoint Protection (FEP) Best Practices Analyzer (BPA)

The FEP BPA includes checks to scan both Forefront Endpoint Protection (FEP) and Configuration Manager for configuration problems, missing dependencies, incorrect settings, or other issues that could adversely affect the health of your FEP installation.

  1. Download and install The Microsoft Baseline Configuration Analyzer Version 2.0 (MBCA).  http://go.microsoft.com/fwlink/?LinkId=206778
  2. MBCA requires Windows PowerShell 2.0.  It’s included in Windows Server 2008 R2 but must be installed for Windows Server 2008 or Windows Server 2003.
  3. Download and install the FEP BPA.  There’s one for x86 and one for x64.http://www.microsoft.com/downloads/en/details.aspx?FamilyID=04f7d456-24a2-4061-a2ed-82fe93a03fd5
  4. Run FEP MBCA checks on the ConfigMgr server FEP is installed on.

Start the application.

screenshot.58

Make sure you choose FEP 2010 for your product.

screenshot.59

It’s running.

screenshot.60

Below are my results.

screenshot.61

Below are more of my results.

screenshot.62

The first example is expected for my lab environment.  I have the ConfigMgr agents check in every 5 minutes.  In a real world environment this would be way too often.  The default is 60 minutes.

The second example is expected for my lab environment.  I don’t have any alerts setup yet.

So there you have it.  Let a tool tell you what’s wrong!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s