Share via

FEP 2010

Applies To: Forefront Endpoint Protection

Once you have finished configuring and deploying policies, you are ready to deploy Forefront Endpoint Protection to client computers. You can deploy in two ways:

Regardless of the method you use to run the installation program, the program checks for and uninstalls the following antimalware clients:

  • Symantec Endpoint Protection version 11

  • Symantec Corporate Edition version 10

  • McAfee VirusScan Enterprise version 8.5 and version 8.7

  • Trend Micro OfficeScan version 8.0 and version 10.0

  • Forefront Client Security version 1 including the Operations Manager agent

If the previously installed antimalware client has a tamper protection feature enabled, for example, if the software is password protected, you need to disable that tamper protection before you can install Forefront Endpoint Protection. Otherwise, the Forefront Endpoint Protection installation program will not be able to uninstall the existing antimalware client. See the documentation for the previously installed antimalware client for information about tamper protection or other settings you may need to configure before you can successfully uninstall the software.

In addition, if you use a mechanism to automatically distribute and install antimalware to your client computers, you need to disable automatic installation before you install Forefront Endpoint Protection. For example, if you use WSUS to distribute Forefront Client Security (FCS) to your endpoints, before you install Forefront Endpoint Protection, you need to configure WSUS to not automatically reinstall FCS.


  • The FEP client software is automatically installed to the following folder:

    %programfiles%\Microsoft Security Client

    You cannot change the destination folder. Using the %programfiles% path prevents users who are not members of the local Administrators group on the computer from tampering with the installation of the FEP client software.

  • The path to where the Setup files are located should only contain ASCII characters.

  • In some cases, after you restore a computer image on which you installed the FEP client software, the computer is displayed in Configuration Manager in the Locally Removed collection. To resolve this problem, uninstall and reinstall the FEP client software on this computer.

  • On servers with a large number of short network connections, such as file servers, there may be a performance impact when the Behavior Monitoring policy setting is enabled. It is recommended that you disable the Behavior Monitoring policy setting in the Default Server Policy or any policy you plan to assign to servers.

    To disable the Behavior Monitoring policy setting

    1. In the Configuration Manager console, expand System Center Configuration Manager, expand Site Database, expand Forefront Endpoint Protection, and then click Policies.

    2. Double-click the Default Server Policy or another policy that is assigned to servers.

    3. In the policy properties dialog box, click the Antimalware tab.

    4. In the list, click Real-time protection, in the details clear the check box for Use behavior monitoring, and then click OK to save the policy.


Prerequisites for Deploying Forefront Endpoint Protection on a Client