By Andrew Garcia  |  Posted 2007-05-23 Print this article Print

Reporting The FCS console presents a dashboard with an executive-level view of the deployment, presenting at-a-glance insight into the ratio of clients reporting issues versus those without problems and those who have not reported in recently. The dashboard also presents quick links to create a variety of summary reports that provide a top-level view of infection status with total systems affected, aggregate malware reports and enterprisewide security-state assessments. We particularly like the Deployment Summary report, which breaks down the status of policy deployment, spyware and anti-virus signature distribution, and client engine deployment onto a single page and even singles out some of the information on a per-security-policy basis. From these high-level reports, we could quickly drill down to more specific details and instances as needed by administrators tasked with resolving the problems—for instance, identifying missing patches and unnecessary services from a specific machine on the network.
The reports are initially presented as a Web page, but we could easily export reports to XML, CSV, Excel or PDF formats. Using the included MOM reporting engine, we could access the same reports as above, plus a few others, or design our own reports with the SQL Report Builder. We found we could use the MOM report engine to schedule periodic snapshot reports to provide regular insight into ongoing system behavior.
Detection In our malware detection tests, we quickly noticed that FCS real-time file system did not initially work in our tests using virtualized client instances. For instance, with all protections enabled, we were able to download our malware bundles to the virtualized clients hard drive either from the Web, a file share or a thumb drive. Fortunately, the real-time protections worked as expected on a Windows XP-based laptop client, and we suspect that FCS does not interact in an expected fashion with VMwares virtualized disk drives. Although this circumstance is certainly not a deal breaker, it may hinder the FCS testing process in some organizations. During a disk sweep, FCS did detect 10 different malware strains infecting 14 of our sample files. The Windows Filter Manager, meanwhile, helped block the installation of these infected bundles before they could take root on our system. However, our malware test suite consisted of 29 executables known to contain malware (a mix of viruses, adware, Trojans and other malware)—which added up to a lackluster sub-50 percent detection rate. We verified this by individually submitting the samples to, which ran each of our samples through 31 different scanners and assessment solutions. Kaspersky Anti-Virus 6.0 is a robust AV tool. Read eWEEK Labs review here. However, some buggy behavior tempered even this marginal success. When we found the malware with our manual scan, we noticed the icon in the system tray changed from its usual state (a green check mark) to a warning (a red x). When we closed the client interface without choosing a course of action to clean the found infections, we discovered that the next time we opened the interface, the system tray icon had reverted to a green check mark, and the history contained no mention of the previous scans findings. Findings were correctly reported to the central console, however. Analogs Hayden acknowledged FCS has not yet coped with some minor threats (such as tool bars) around his network as well but said he was quite happy with the softwares performance nonetheless. FCS had already detected many malware instances around his network that Analogs previous solution had missed. But, more important, Hayden said Microsofts Premier Support Services team was ready to assist when an outbreak hit the network. Microsofts team even went so far as to accept a full disk image to help isolate an unknown infection, something his previous anti-virus vendor was unwilling to do. ´ Senior Technical Analyst Andrew Garcia can be reached at Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel