Administrator Console overview

The Forefront Protection 2010 for SharePoint Administrator Console enables you to easily manage Microsoft Forefront Protection 2010 for SharePoint (FPSP) on a single SharePoint server.

Note:
Managing protection for multiple SharePoint servers is more efficient with the Forefront Protection Manager management console; for more information about using Forefront Protection Manager to manage a multiple SharePoint environment, see Protecting your SharePoint environment with FPSP in the Forefront Protection Manager Operations Guide. All FPSP features that are configurable in either user interface can also be configured by using Windows PowerShell commands. For more information about using Windows PowerShell commands, seeUsing Windows PowerShell.

Note:

Managing protection for multiple SharePoint servers is more efficient with the Forefront Protection Manager management console; for more information about using Forefront Protection Manager to manage a multiple SharePoint environment, see Protecting your SharePoint environment with FPSP in the Forefront Protection Manager Operations Guide. All FPSP features that are configurable in either user interface can also be configured by using Windows PowerShell commands. For more information about using Windows PowerShell commands, seeUsing Windows PowerShell.

About the Administrator Console

The FPSP Administrator Console is designed around three major administrative functions: live monitoring of server protection events, configuring server policy settings, and tools for performing specific tasks as needed. These correspond with the typical administrative workflow: after the initial FPSP configuration, you most frequently monitor incidents reported and possibly quarantined by FPSP. Less frequently, you adjust policy settings or perform a specific task.

To move between the three main views in the user interface (Monitoring, Policy Management, and Tasks), click the desired button in the lower left corner. The subdivisions within each view appear in an Explorer-like tree above the buttons. A central pane contains the primary screen information, such as configuration settings. This pane is flanked by navigation tools in the left pane and action tools in the right pane.

About the Monitoring view

In the FPSP Administrator Console, the Monitoring view provides details about detected threats or filter matches (called incidents), quarantined items, system health, and statistical data. This view is also where you can configure e-mail notifications to keep administrators and other types of users informed about FPSP activity.

As an administrator, you can use the FPSP Administrator Console user interface to view the current protection events, or incidents. When malware, such as viruses or spyware, is detected, or if a filter is matched, an incident is logged and you can view details about it. Incidents can be filtered so that the user interface shows, for example, only those of a particular type or that occurred at a particular time.

The Monitoring view also enables you to see a list of items that have been quarantined. Similar to incidents, the list of quarantined items can be filtered to show only items that match certain criteria. You can also use the user interface to delete items in quarantine.

You can monitor your FPSP environment by viewing statistics reports and health monitors. There are health monitors for scan jobs, services, engines, and licensing. You can also view summary and detail reports about malware detections and filter matches.

About the Policy Management view

In the FPSP Administrator Console, the Policy Management view is primarily used for configuration. You can change the "out-of-the-box" settings to better suit your FPSP environment and create customized filters.

The Policy Management settings are grouped by protection technology: Antimalware and Filters. A Global Settings view provides configuration settings that apply across protection technologies.

Antimalware protection consists of antivirus and antispyware protection and both are configured within the Antimalware group. Filtering enables you to restrict or allow content based on file type, file name, file extension, and other criteria.

FPSP contains subgroups within Antimalware and Filters. This enables administrators, for example, to create different antimalware and filtering settings for an realtime and scheduled scans.

After installation, antimalware protection begins automatically using predefined settings. By using the FPSP Administrator Console, you can adjust the default values, as well as create and enable custom filters.

In addition to continuous protection via the realtime scan, FPSP allows for scheduled scanning of stored data. The scheduled scan runs only at a specific time and can be set to run on a recurring basis. The scheduled scan can also be configured differently than the realtime scan. For example, within the Filters view, each filter can be independently enabled for different scan types. In the Global Settings - Scan Options pane, you can specify scanning of different SharePoint folders for the scheduled scan.

About the Tasks view

In the FPSP Administrator Console, the Tasks view is used for manually launching a one-time job, such as an on-demand scan. This scan is best used during an outbreak to immediately scan just a few specific sites that you suspect may be compromised by a malware threat or may contain restricted or disallowed content or files.