Forefront support

system · June 1, 2010, 11:39pm

(imported topic written by rdamours91)

Do you know if there will be any proposed future Forefront AV client support…when Microsoft can figure out their own stuff out.

Just wondering if the theoretical engines, signatures, etc will be updated like you handle other av clients.

BenKus · June 2, 2010, 4:47am

(imported comment written by BenKus)

Hi rdamours,

I think right now we are in wait-and-see mode… I don’t believe that we have any specific plans right now and I am not sure if forefront lets you update their definitions from outside their agent…

Ben

system · June 2, 2010, 6:46pm

(imported comment written by rdamours91)

That is what I was kind of getting at. They look like they want their own update infrastructure in place.

We may be part of a provincial agreement where the product is free for us but we would have a hard time justifying all of their update infrastructure. It’s one of the reasons we chose BigFix as our enterprise management suite

Let me know if you get a chance to play with it at some point.

system · June 18, 2010, 3:27pm

(imported comment written by SLB)

I realize this is an oldish thread but I’ve recently been trying to see if I can find the defination date of a Forefront client and saw this thread so I thought I’d let people know what I found out. If you want to check if a client has recent Forefront definitions, you can do this by querying the local registry of a machine as MS write the date of the Forefront definition into the registry. Its takes a bit of mathematics to get to the date as the reg value is a reg_binary value represent the number of nano seconds that have elapsed since Jan 1st 1601 00:00:00. The conversion is, decimal value of the 1st octect + decimal value of the 2nd octect multipled by 2^8 + decimal value of the 3rd octect multipled by 2^16 + decimal value of the 4th octect multipled by 2^24 + decimal value of the 5th octect multipled by 2^32 + decimal value of the 6th octect multipled by 2^40 + decimal value of the 7th octect multipled by 2^48 + decimal value of the 8th octect multipled by 2^56 then divide by 10000000. This give you the total number of seconds elapsed since Jan 1st 1601 00:00:00 which you can add to get the defination date. In relevance terms this is

((((hexadecimal integer (first 2 of it))+(hexadecimal integer (first 2 of last 14 of it) * 256)+(hexadecimal integer (first 2 of last 12 of it) * 65536)+(hexadecimal integer (first 2 of last 10 of it) * 16777216)+(hexadecimal integer (first 2 of last 8 of it) * 4294967296)+(hexadecimal integer (first 2 of last 6 of it) * 1099511627776)+(hexadecimal integer (first 2 of last 4 of it) * 281474976710656)+(hexadecimal integer (last 2 of it) * 72057594037927900)) /10000000 ) of (value “AVSignatureApplied” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates” of native registry as string)) * second + “01 Jan 1601 00:00:00” as universal time

Hope this is of use to some of you.

Rob

BenKus · June 18, 2010, 10:39pm

(imported comment written by BenKus)

Nice job, Rob!

Ben

system · June 29, 2010, 11:08am

(imported comment written by rdamours91)

Excellent…

That is what I was wondering about the mechanics of the updates, time stamping etc.

system · July 26, 2010, 8:18pm

(imported comment written by SystemAdmin)

along the same lines, are there any plans to have ForeFront added to the Client Manager for Endpoint Protection Dashboard? Our environment has a mixed bag of various AV products and recently been using Forefront from a server perspective.

system · November 8, 2010, 10:12pm

(imported comment written by murtasma91)

We are also intrested in what BigFix plans are for Forefront support, just chiming in so I can be notified of any updates to this thread.

system · May 3, 2011, 6:54pm

(imported comment written by SystemAdmin)

Looking for help to add this to a software distribution package. Forefront Endpoint Protection runs on our SCCM server, but would like another alternative to installing the client. This package, uninstalls Microsoft Security Essentials and the MOM client. Not sure how to create the correct syntax to do this. This is the command line in sccm: cscript.exe Policies\ApplyPolicy.vbs "FEPInstall.exe /s /q "

system · August 6, 2011, 7:20am

(imported comment written by lavaliant91)

Would really like Forefront support added. We’re having to bring up an SCCM instance just for Forefront.

system · September 8, 2011, 4:21pm

(imported comment written by SystemAdmin)

Any updates on forefront support?

jhonda · September 8, 2011, 8:14pm

(imported comment written by JasonHonda)

We’ll be adding support for Forefront shortly to the CMEP site. This is a lite integration as with all the other products in CMEP. Simple dashboard reporting like the rest, and a wizard to create definition update fixlets. Look out for it in the coming weeks.

system · September 8, 2011, 8:49pm

(imported comment written by SystemAdmin)

Fantastic!! thanks for the update.

smalul · December 7, 2020, 7:20am

Great!! I know this is an old topic, but the same mechanism also applies to the very current Windows Defender signature update.
(reg key is “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates” and the value is “SignaturesLastUpdated”, i’ll just put it here…)