Jump to content
RESET Forums (homeservershow.com)

WHS 2011 and Antivirus


Recommended Posts



So far so good. WHS-2011 and WHS-V1 updated fine this morning and FF seems to be running well.


I have both set up to run quick scans every 2 hrs and to check for updates before running a scan. I am intentionally doing this to see how often it updates and what kind of performance hit I may notice -- these are both virtual machines running on top of an HTPC build with and i3-2120 -- so I'm currious if I can dog the system down.


I would suggest that before beginning the process of installing FF on a 2011 build that the user update "windows update" to include all Microsoft products as explained in the TechNET notes in my previous message.

Link to comment
Share on other sites

  • Replies 138
  • Created
  • Last Reply

Top Posters In This Topic

  • tinkererguy


  • pcdoc


  • ikon


  • Joe_Miner


Top Posters In This Topic

I'd be surprised if you see updates more than once in 24 hours.


As of 7pm FF on the WHS2011 has updated the definitions on 10-04-2011 three(3) times starting with:


Definition 1.113.874.0

Definition 1.113.904.0

Definition 1.113.933.0


I then checked FF running on the WHS-V1 and found the same three(3) updates.


On both machines I have FF set to do a quick scan about every 2 hours and do a check/download any new updates/definitions


When I was checkint the microsoft/windows update log on both machines it showed 904 as an automatic update while 874 and 933 were listed as other updates so Im guessing the automatics were done by the microsoft/windows automatic update while the "other updates" were done by FF.


Is that how you would read it?

Link to comment
Share on other sites

Yes, those would be three updates, but once the database gets stabilized once a day should be the norm.

Link to comment
Share on other sites

I've now incorporated the new Windows Update related information that is key to getting Microsoft Forefront Client Security not just installed, but also regularly updated (thank you David and Joe_Miner!). I'll remind you this is not the latest version called "Microsoft Forefront Client Security 2010," since that version won't install.


I've also created an entirely new and now accurate video of the Forefront install on WHS2011 process. All early indicators I've looked at so far seem to be good.


Most of my blog updates were done with WHS2011, as working on the v1 version (and a whole new set of screenshots) is not a priority at the moment.


See blog entries and videos here:



Link to comment
Share on other sites

If you are reading this thread you will certainly want to listen to podcast 155 where we discuss ForeFront and anti-virus for WHS 2011 and v1.

Link to comment
Share on other sites



I just wanted to confirm that David's method to load Forefront client (FF) works.


I tested his approach in a different VM (Enterprise) of WHS-2011 using his approach which is also outlined in TechNET notes at http://technet.micro...y/bb625083.aspx part of which I copy below (but the whole article is well worth reading IMHO...)




To install the Client Security agent on Windows Vista without the reporting and alerting component

    On computers running Windows Vista, click Start, point to All Programs, and then click Accessories.

    Right-click Command Prompt, and then click Run as administrator.

    In the User Account Control dialog box, click Continue.

    In the Command Prompt window, change to the location of the Client Security Client folder, type the following command, and then press ENTER:
    clientsetup.exe /NOMOM





In my case -- this time the first thing I did was make sure that Windows Update was set to update all Microsoft Products like we discussed in the earlier post.


I then copied the x64 folder to my downloads folder and as you can see Clientsetup.exe /nomom executed with no problem -- absolutely no problem loading FF as you can see by the Yellow FF icon in the lower right -- note: when FF first loads it downloads the latest definitions but it needs an engine update -- that's why the icon is yellow I think --



Instead of clicking FF to let it update it's engine I clicked windows (microsoft) update and that worked



FF is running well and the FF icon is green



As a side note: My other VM (Hal) of WHS-2011 that I loaded FF on by your direct method is running strong and yesterday it updated with three more definition files yesterday (Oct 5) (1.113.966, 993, 1022) and it has already updated 1.113.1052 this morning. I currently have it set to scan every 2 hrs and check for updates before scanning -- same setup for both WHS-2011 VM's running FF -- trying to detect any performance issues. No issues so far.

Edited by Joe_Miner
Link to comment
Share on other sites

Just to bring things back full circle, is it most peoples' opinion that the reason to use ForeFront is because it will install on WHS? Is anyone thinking ForeFront is better than MSE?

Link to comment
Share on other sites

Just to bring things back full circle, is it most peoples' opinion that the reason to use ForeFront is because it will install on WHS? Is anyone thinking ForeFront is better than MSE?


For a production build I think the answer is neither one.

The MSE version that can be run is a beta that AFAIK was never designed to work on a server and by being a beta would be expected (at least by me) to be buggy.

For testing purposed I see Forefront as the better choice because it can be loaded on to WHS and it has a history of “working on” and is “designed to” work on Servers – for protection of a test Server I’m running in a VM it’s a win-win because I get to learn more about Forefront and it enables me to try some things in the future with my test set-up that I might not have the nerve otherwise. But the only access I have to Forefront is via my TechNET account and even then I can only get it to load by loading an older (2006) version and upgrading from there.

For a production version of WHS-2011 I don’t see Forefront as a viable solution for WHS-2011 for one simple reason – you can’t load the latest version (2010) and I doubt if we’ll be able to load the 2012 version when it’s available -- Microsoft deliberately blocks installation of the 2010 version onto WHS-2011 – when trying to load the 2010 FF it links you to a page that lists the platforms that FF2010 will run on which is everything but WHS :)



  • Windows 7 (x86 or x64)
  • Windows 7 XP mode
  • Windows Vista (x86 or x64) or later versions
  • Windows XP Service Pack 2 (x86 or x64) or later versions
  • Windows Server 2008 R2 (x64) or later versions
  • Windows Server 2008 R2 Server Core (x64)
  • Windows Server 2008 (x86 or x64) or later versions
  • Windows Server 2003 Service Pack 2 (x86 or x64) or later versions
  • Windows Server 2003 R2 (x86 or x64) or later versions


Forefront supports even Windows 7 XP mode – because that’s used by businesses for legacy programs SO Forefront is only targeted to the business market -- for a WHS-2011 we’re out of luck (unless Microsoft has a change of heart with Forefront 2012)


Part of the problem I see for WHS-V1 and WHS-2011 may be that AV vendors (speculation alert) aren’t allowed (by licensing(?)) to install directly onto the machine but instead must be installable via the connector – at least that appears to be part of the reason McAfee is getting out of the WHS-V1 market and doesn’t seem too anxious to jump into the WHS-2011 market. https://kc.mcafee.com/corporate/index?page=content&id=KB61113

Link to comment
Share on other sites

Joe_Miner, your assessment of the situation is greatly appreciated, I so appreciate your stepping in (while I was away for a day), and putting up so much great info!


You found the perfect document at http://technet.micro...y/bb625083.aspx, it sure would have saved me some trouble figuring out the install (I get impatient), but now it's here, and this is great!


I haven't decided if I should re-do all my screenshots and video, just for this change in launch method, it's all so time consuming (yours is the legit way that Microsoft intended, mine is the lazy way with no commands to memorize). It sure looks like the end result is exactly the same (both ways kick of the MSI). I've now added addendum/notes to my posts.


More important, I'm also working to try to get more info on what is going on with the future of antivirus solutions at Microsoft, since we don't all want to be wasting our time learning something if it doesn't have much life left and/or is unsupported.


Just a footnote: having been a user of some competitor's antivirus products for about a decade, I never really saw much difference between server products and client products, perhaps Microsoft stuff is similar. I'm not talking about virus signature distribution and/or AV intall mechanisms (those are server components), I'm just talking about the client install that goes with those deployment features. Generally, client looks just like a client whether installed on a server OS or a client OS, with daily quick scans, etc. So, as long as the vendor doesn't actually prevent the client product from installing on a server OS, and the signatures are updated regularly, I'm not very that worried about using Forefront Client Security for now (instead of nothing), since it at least seems to be stable and frequently install, and works an awful lot like MSE from a usability perspective.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...