Using the Client Security agent
Applies To: Forefront Client Security
The Client Security agent can enable users to start malware scans, schedule scans, configure malware scan exclusions and response overrides, view the results of scans, and configure other options. The degree to which a user can access and control the Client Security agent depends on the Client Security policy deployed to the computer. For more information, see Controlling the end-user experience.
If the policy deployed to a computer allows it, the user can access the Client Security agent UI by double-clicking the Client Security notification area (formerly known as system tray) icon. (The user can also access the UI by clicking Start, pointing to All Programs, pointing to Microsoft Forefront, and then clicking Forefront Client Security.) Users can find detailed information about the agent in its online Help.
Notification area icon meanings
The notification area icon for the Client Security agent changes depending on:
The state of the agent.
The presence of messages about malware detection or other events. To view messages (if the policy deployed to the computer allows it), the user can double-click the notification area icon, which opens the Client Security agent UI.
The following table describes the icon's various forms and their meanings.
Icon | Description |
---|---|
The Client Security agent has no messages for the user. The circle rotates if the Client Security agent is currently performing any of the following tasks:
|
|
The Client Security agent completed a scan and did not detect harmful or unwanted software. Definitions are up to date. The Client Security agent has no messages for the user. |
|
The Client Security agent has issued a low or medium alert message. The low or medium alert message may indicate any of the following:
|
|
The Client Security agent has issued a high or severe alert message. This may indicate the discovery of known malware of a high or severe severity. |
|
The Client Security agent has issued an alert message about possible malware but has not been able to identify the software. In most cases, software detected is likely to be harmless. |
Prompts for unclassified software
You can configure the Client Security agent, either by policy or in the Client Security agent UI, to prompt the user when the agent detects unclassified software. Client Security definitions include information about trusted software in addition to malware. It also monitors the behavior of applications. Prompting users to allow potentially unwanted actions by unclassified software can help protect your organization from new malware that isn't yet identified by the most recently approved and distributed definitions.
To avoid prompting users for common, legitimate applications that Client Security detects as potentially malicious software, exclude the applications from scans. For more information, see Excluding files, folders, and file types from scans.
Common tasks with the Client Security agent
The following table provides the starting steps for performing common tasks with the Client Security agent.
Task | How to get started |
---|---|
Starting a scan. |
To run a quick scan, click Scan. To run a full or custom scan, click the down arrow next to the Scan button and then configure the scan. |
Stopping a scan. |
Click Stop Scan. |
Checking status, including determining:
|
Click Home and view the information under Status. |
Checking for definition updates manually. |
Click the down arrow next to Help, and then click Check for updates. |
Viewing the results of previous scans and actions taken by the Client Security agent. |
Click History. |
Viewing and configuring default actions. |
Click Tools, and under Tools and Settings, click Options. Under Default actions, view and configure the actions as needed. Note If you select Ignore for a particular alert level, the Client Security agent always ignores malware of the specified alert level and never logs events when it detects malware of the specified alert level. |
Viewing and acting on quarantined items. |
Click Tools, and under Tools, click Quarantined items. |
Viewing and acting on allowed items. |
Click Tools, and under Tools and Settings, click Allowed items. |
Configuring the Client Security agent. |
Click Tools, and under Settings, click Options or Microsoft SpyNet. |