2
System Requirements
Updated: January 1, 2011Applies To: Forefront Endpoint Protection
To get started with Microsoft Forefront Endpoint Protection, your computers must meet the
minimum requirements for installing the Forefront Endpoint Protection server and deploying
the Forefront Endpoint Protection client. Use the following topics to help you prepare the computers in your environment:
Prerequisites for Installing Forefront Endpoint Protection on a Server Prerequisites for Deploying Forefront Endpoint Protection on a Client
Prerequisites for Importing the Forefront Endpoint Protection Security Management Pack
================================================
1. Prerequisites for Installing Forefront Endpoint Protection on a
Server
Updated: June 28, 2011
Applies To: Forefront Endpoint Protection
The Forefront Endpoint Protection Setup wizard includes a prerequisites verification that checks that the prerequisites are already installed before you continue with the installation. If the prerequisites verification check identifies missing prerequisites, the check points you to locations where you can download and install the required components.
Forefront Endpoint Protection Server Prerequisites
The following table is the list of minimum requirements for installing the Forefront Endpoint Protection server.
Prerequisite Minimum requirements Notes
Memory 2 GB of RAM
Available disk
space Protection server: 600 Forefront Endpoint MB Forefront Endpoint Protection database: 1.25 GB Forefront Endpoint Protection reporting database: 1.25 GB
In database recovery situations in a large scale deployment (more than 10,000 client computers), the computer running Microsoft SQL Server® where the Forefront Endpoint Protection reporting database resides may require that the tempdb database be configured with a 500 GB Logical Unit Number (LUN) for its data file. For more
information about configuring the tempdb data file, see Optimizing tempdb Performance
(http://go.microsoft.com/fwlink/?LinkId=206862). Operating
system 2003 Standard, Windows Server® Enterprise, or Datacenter Edition Service Pack 2 (x86 or x64), or Windows Server 2008 Standard, Enterprise, or Datacenter Service Pack 1 (x86 or x64), or Windows Server 2008 R2 Standard, Enterprise, or Datacenter (x64) Database
servers Server 2005 Standard Microsoft SQL
or Enterprise Edition
Service Pack 3 (x86 or x64), or
Microsoft SQL
System Requirements – Microsoft Forefront Endpoint Protection 2010 2 Server 2008 Standard or Enterprise (x86 or x64), or Microsoft SQL Server 2008 R2 Standard or Enterprise (x86 or x64)
Verify that all computers that are running SQL Server are joined to the domain, that the user account running Setup is a member of sysadmin SQL Server role, and that all SQL Server services are running. Additionally, in nonclustered SQL Server environments, the SQL Server services should be configured to start automatically.
The user account running Setup will be set as the owner of the following SQL Server
databases: FEPDB_XXX FEPDW_XXX Additional requirements for installing Forefront Endpoint Protection reporting database SQL Server Analysis Services SQL Server Integration Services SQL Server Reporting Services SQL Server Agent
For SQL Server Analysis Services, the user account running Setup, or a domain group of which it is a member, must belong to the server administrator role on your specified SQL Server Analysis Server. For more information, see Analysis Server Properties Dialog Box
(http://go.microsoft.com/fwlink/?LinkID=20420 4).
The Forefront Endpoint Protection reporting database and server running SQL Server
Analysis Services must be installed on the same SQL Server instance.
On the computer that is running SQL Server Analysis Services, the following ports must be open for incoming traffic:
SQL Server (TCP 1433)
SQL Server Analysis Services (TCP 2383)
For more information, see Configuring the Windows Firewall to Allow SQL Server Access
(http://go.microsoft.com/fwlink/?LinkId=12836 5).
For Forefront Endpoint Protection reporting to function, you must make sure that the
Forefront Endpoint Protection client that is installed as part of Forefront Endpoint Protection has access to definition updates via the
Configuration Manager client agent, Windows Server Update Services, or Microsoft Update. Additional requirements for installing Forefront Endpoint Protection reporting database on a SQL Server cluster
The name you entered in the SQL Network Name box for your SQL Server cluster must be registered in the domain.
SQL Server Integration Services must be installed on all nodes and must be part of the cluster group.
Configuration
Microsoft System Center Configuration Manager 2007 R2 installed and configured to use SQL Server Reporting Services, or Microsoft System Center Configuration Manager 2007 R3 installed and configured to use SQL Server Reporting Services
The following client agents are installed and configured: Hardware Inventory Software Distribution Desired Configuration Management Additional
requirements Forefront Endpoint No other version of Protection is installed Microsoft Windows Installer version 3.1 Microsoft .Net Framework 3.5 Service Pack 1 Configuration Manager Hotfix KB2271736 (http://go.microsoft.com /fwlink/?LinkId=203936) SQL Server Analysis Management Objects The computer where Setup is run is not pending a restart from a previous install or update
The user account running Setup is a domain account for the domain of which the Forefront Endpoint Protection server is a member, has local administrative credentials, and has Configuration Manager administrative
credentials
You must install SQL Server Analysis Management Objects on the computer where Setup is run when the Forefront Endpoint Protection reporting database is being installed on a remote computer.
You can download the SQL Server Analysis Management Objects for your version of SQL Server from the following locations:
For SQL Server 2008 R2, visit Microsoft SQL Server 2008 R2 Feature Pack
(http://go.microsoft.com/fwlink/?LinkId=206 861), go to the Microsoft SQL Server 2008 R2 Analysis Management Objects section, and download the appropriate file based on your system architecture.
For SQL Server 2008, visit Microsoft SQL Server 2008 Feature Pack
(http://go.microsoft.com/fwlink/?LinkId=206 625), go to the Microsoft Analysis Management Objects section, and download the appropriate file based on your system architecture.
For SQL Server 2005, visit Feature Pack for Microsoft SQL Server 2005
(http://go.microsoft.com/fwlink/?LinkId=206 624), go to the Microsoft SQL Server 2005 Management Objects Collection section, and download the appropriate file based on your system architecture.
Forefront Endpoint Protection Console Prerequisites
System Requirements – Microsoft Forefront Endpoint Protection 2010 4
Prerequisite Minimum requirements
Configuration
Manager Service Pack 2 Console, or Microsoft System Center Configuration Manager 2007
Microsoft System Center Configuration Manager 2007 R2, or
Microsoft System Center Configuration Manager 2007 R3
Additional requirements
Microsoft .Net Framework 3.5 Service Pack 1 Configuration Manager Hotfix KB2271736
(http://go.microsoft.com/fwlink/?LinkId=203936)
The computer running Setup is not pending a restart from a previous install or update
The user account running Setup is a domain account for the domain of which the Forefront Endpoint Protection server is a member, has local administrative credentials, and has Configuration Manager
administrative credentials
2. Prerequisites for Deploying Forefront Endpoint Protection on a
Client
Updated: June 28, 2011
Applies To: Forefront Endpoint Protection
The following table is a list of the prerequisites for deploying the Forefront Endpoint Protection on client computers.
Prerequisite Requirement
Configuration
Manager A Microsoft System Center Configuration Manager 2007 site that has Forefront Endpoint Protection server installed.
Note:
If you have client computers that do not require the central deployment and management features of Forefront Endpoint Protection server and you intend to manually install the
Forefront Endpoint Protection client, the Configuration Manager prerequisites stated for client computers are not required. For more information, see Deploying the Client Software by Using the
Command Prompt.
Operating
system Windows 7 (x86 or x64) Windows 7 XP mode
Windows Vista (x86 or x64) or later versions
Windows XP Service Pack 2 (x86 or x64) or later versions Windows Server 2008 R2 (x64) or later versions
Windows Server 2008 R2 Server Core (x64)
Windows Server 2008 (x86 or x64) or later versions
Windows Server 2003 Service Pack 2 (x86 or x64) or later versions Windows Server 2003 R2 (x86 or x64) or later versions
For the following operating system, you can deploy the Forefront Endpoint Protection client and deploy Forefront Endpoint Protection policies, but the client will not be able to report status back to the Forefront Endpoint Protection dashboard.
Windows Server 2008 Server Core (x86 or x64)
For the following operating systems, do not enable File-based or Enhanced Write Filters.
Windows Embedded Standard 7 SP1 images based on the FEP 2010 dependency template
Windows Embedded POSReady 7 Windows ThinPC
Note:
On the following operating systems, the Forefront Endpoint Protection client software can be installed manually. However, policies cannot be applied to them, nor can they be centrally managed by Forefront Endpoint Protection:
Windows 7 Starter
Windows 7 Home Premium Windows Vista Basic
Windows Vista Home Premium Windows XP Home Edition
Available disk
space 255 MB
Additional requirements
Windows Installer 3.1 or later versions
System Requirements – Microsoft Forefront Endpoint Protection 2010 6 Filter manager rollup package for Windows XP Service Pack 2 (x86)
KB914882 (http://go.microsoft.com/fwlink/?LinkID=207000) Competitive
uninstall The client installation checks for and uninstalls the following existing antimalware clients: Symantec Endpoint Protection version 11
Symantec Corporate Edition version 10
McAfee VirusScan Enterprise version 8.5 and version 8.7 and its agent
Forefront Client Security version 1 and the Operations Manager agent
TrendMicro OfficeScan version 8 and version 10
© 2011 Microsoft. All rights reserved. Terms of Use | Trademarks | Privacy Statement
3. Prerequisites for Importing the Forefront Endpoint Protection
Security Management Pack
Updated: January 1, 2011
Applies To: Forefront Endpoint Protection
The following table lists the minimum requirements for importing the Forefront Endpoint Protection Security Management Pack.
Prerequisite Minimum requirement
System Center Operations Manager 2007
System Center Operations Manager 2007 R2
The following table lists the minimum requirements for the Reporting management pack for use with the Forefront Endpoint Protection Security Management Pack.
Prerequisite Minimum requirement
Reporting
components Operations Manager 2007 R2 in order to use the Reporting feature. Reporting components must be installed for System Center
