Monitoring Forefront Endpoint Protection 2010 - FEP operational reports

In an earlier post we mentioned the integration of FEP with Configuration Manager and described the FEP dashboard, which is an extension to the Configuration Manager console. Another aspect of this integration is the FEP troubleshooting reports, which make usage of Configuration Manager reporting framework.

To begin with, each operation going from the server to FEP clients (or vice versa) is performed by Configuration Manager. It is only natural that troubleshooting should use the information kept in the Configuration Manager database and surface that to administrators trying to troubleshoot FEP operations.

Two main tasks performed by administrators are client roll out (deployment) and policy distribution. These two tasks use the Configuration Manager software distribution capabilities (a SW package being advertised to a collection).

FEP provides two troubleshooting scenarios, which can be found at the bottom of the FEP dashboard.


Figure 1 - Links to FEP troubleshooting reports

  • Deployment Overview: Identify deployment success ratio, which FEP client versions are found in the org, as well as errors reported while trying to roll out FEP to clients.
  • Policy Distribution Overview: Identify distribution success ratio, which policies are actually applied on clients, as well as errors reported while trying to apply policies.

The third link brings administrators to a single report where all of the Configuration Manager related activity is presented (including network data) for a single computer. This is useful when administrator is trying to work out a problem on a specific computer.

Deployment Overview report

After opening the deployment overview report, an administrator immediately sees the deployment status for each collection in his Configuration Manager deployment. This is extremely useful since the FEP dashboard is not filtered by collections.

Next, the administrator can select a collection and drill down to see more deployment details.

Note: Like any Configuration Manager report, an administrator may click the icon on the left (clip_image005) to drill down for more.

Tip: In order to generate a report for the entire organization, simply select the “all systems” collection


Figure 2 - FEP Deployment overview

After the report has been filtered by collection, the administrator is presented with breakdown of FEP versions found, as well as deployment states and failures.

Having computers grouped by their deployment state (or failure) enables an administrator to troubleshoot a single computer and apply the fix to all computers facing the same symptom.


Figure 3 - FEP Deployment for a specific collection

Finally, the administrator can drill down to a specific computer and see FEP related data such as deployment activities, policy distribution and network related data.


Figure 4 - Computer details report

Policy Distribution Overview

Since policy distribution is similar to client roll out (both use the Configuration Manager software distribution capabilities), troubleshooting follows the same concepts and uses similar reports.


Figure 5 - FEP Policy Distribution Overview

Ziv Rafalovich,
Senior Program Manager