Forefront Client Security (FCS) is Microsoft's agent-based anti-malware offering for client computers (desktops, laptops, or servers). The platform is centrally managed, allowing administrators to both configure policies governing the operation of the agents, as well as view reports generated as a result of operations carried out by the agents on the client computers.

FCS includes two primary components: The client agent, which runs on 32 or 64-bit Windows 2000/XP/2003 machines; and the central management and alerting/reporting servers, which run on Windows Server 2003 (32-bit only) platforms. The platform leverages components both from Microsoft Operation Manager and Microsoft SQL Server; all of which are included in the purchase price (the included SQL Server components are optional for those customers that already have SQL Server; a separate version of FCS is offered without them).

On the agent side, the vendor boasts the ability to perform both real-time and scheduled scanning for malware, including viruses, spyware, rootkits, worms, etc. Real-time scanning is performed via "mini-filter" technology with the Windows Filter Manager, which enables the scanning of files before they run; while scheduled and on-demand scans check in-memory processes as well as targeted directories and "common malware extensibility points." The vendor notes that malware identification is performed via behavior analysis, tunneling signatures, and heuristic detection; with definition updates delivered to the client via Windows Server Update Services or Microsoft Update (a failover option is also offered; such that updates can be received from Microsoft Update for roaming users).

Agent actions are reported to the central reporting/alerting server (alert level settings can be configured to specify the type and volume of alerts and events generated by different groups of protected machines through the management server), where the administrator can use drill down features to see the machines infected as well as the security status of specific machines. Of course, policies can be defined and targeted based on A/D OUs and security groups (and the vendor states that the product is optimized for the use of A/D Group Policy). Customized E-mail/pager alerts are supported.

Agent deployment can be performed through WSUS (the agents are downloaded from Microsoft Update and then distributed to individual machines) or through the customer's existing deployment tools.

In addition to the malware scanning and removing capabilities, FCS can also perform "security state assessment" (SSA) checks, which scan the host computer for common environmental and/or configuration vulnerabilities; examining data from the registry, file system, WMI, IIS metabase, SQL, and more. The vendor states that the checks are based on best-practice info and known vulnerabilities.

Forefront Client Security is available now as a part of the vendor's Microsoft Enterprise Client Access License suite via Microsoft Volume Licensing; stand alone availability is expected in via standard Microsoft volume licensing channels. Pricing is on a per user/per device basis; starting at $12.72 per user or device, per year for the security agent and at $2,468 per year for the management console.

Visit the Microsoft Web site for further information.