Microsoft’s Endpoint Protection Overview

First, let’s make it clear what an endpoint is. In Microsoft’s world this term represents any client computer, server, or laptop in an organization. Forefront Endpoint Protection is a line-of-business application developed by Microsoft to provide defense against viruses, worms, and other threats.

Forefront Endpoint Protection (FEP) 2010 was closely tied to System Center Configuration Manager (SCCM) through the infrastructure. This was beneficial for organizations which had already adopted SCCM, but was a challenge for ones without it implemented.

In their latest release, the Endpoint protection is actually part of the System Center family and takes the name System Center Endpoint Protection (SCEP) 2012. The integration of SCEP with SCCM allows you to centrally manage your endpoints. You can scan them for both updates and viruses. You can also schedule your scans so that they happen automatically.

In a typical scenario you would use one software solution for managing the updates of your endpoints, such as Windows Software Update Services (WSUS), and another solution for antivirus protection, such as McAfee. This means you have to open one management tool for WSUS and another one for McAfee.

By using a single dashboard, you can easily notice potential problems with your endpoints such as missing updates and potential viruses. This central management can save your IT staff significant time. The idea is that you should not look at the anti-virus protection as a separate solution. With Endpoint Protection, anti-virus protection is integrated into your whole IT management solution. Furthermore, SCEP ensures your Windows Firewall is also up and running, and any set policies take effect.

The SCEP client is very lightweight and any competitive antivirus solutions are automatically removed before installation. This can ease your adoption of SCEP when you have another solution in place.

A SCEP client is installed on all the endpoints, and it is automatically updated with definitions of known and unknown threats. The methods SCEP uses include:

Behavior monitoring – allows the agent installed on the system to monitor the registry, the active processes and the system operations in order to identify any suspicious activities. If an activity is considered suspicious, then it is sent to Microsoft for investigating. If malware is detected, a signature is released.

Dynamic Signature Service – keeps a dynamically updated list of all known signatures of attacks. With this feature the agent installed on the endpoint is able to get real-time information about whether an activity is considered malicious or not. If it is considered to be malicious, then corrective actions are applied, like quarantine or removal.

Dynamic translation – is used by the agent to run code in a virtual environment and investigate it, before allowing it to run on the actual endpoint with the real resources. It can be used with code like ActiveX and JavaScript that run in the browser.

And the good news – Microsoft provides an absolutely free product, Microsoft Security Essentials, which can be used by end clients and uses the same core as the Forefront Endpoint Protection.