Microsoft Forefront Antivirus Migration Documentation

Most UW-owned Windows computers that are connected to the UW wired network will be automatically migrated from OfficeScan antivirus to Forefront Client Security antivirus. Forefront antivirus will now update the same way campus Windows Operating Systems currently do – via UW’s central Windows Software Update Service (WSUS).

Automatic migrations will take place over the two week period between February 28 and March 11, 2011. Migrations will take place on a building-by-building schedule. Users will be individually notified of the date their system will be migrated and be given instructions on manually migrating if they so choose. If your machine still has not migrated after March 11, please contact your IT User Consultant.

UW-owned Windows computers that are not connected to the UW wired network, such as off campus computers and laptops, present special challenges for receiving and maintaining antivirus software and pattern file updates (as well as Microsoft Windows updates, patches, and service packs) from the central WSUS services. For such computers, Information Technology recommends opting out of UW’s WSUS services and then install Forefront manually (see below for information on opting out and manual installation instructions).

Personally owned Windows computers are not covered by UW licensing. Personal computers should be manually configured to receive patches via “Microsoft Update” whereby patches are received directly from Microsoft. Users should also install Microsoft Security Essentials or other antivirus software of choice.

For more information also see the Microsoft Forefront Client Security FAQ.
 

(1) Microsoft Securety Essentials - http://www.microsoft.com/security/pc-security/mse.aspx
(2) Hardwired to UW network
(3) OU (Organizational Units) are sections of the UWYO domain administered by departments
(4) WSUS (Windows Software Update Service) - UW’s Windows patching service
 

• Auto-migration
  Computers participating in auto-migration will be set to automatically uninstall OfficeScan and install Forefront.
  
  
• Manual migration
  
  1. Save all documents and close all programs
     
  2. Click the Start menu button, and click in the Search program and files box (or click Run in Windows XP)
     
  3. In the Search program and files box (or the Run window), type \\uwapps.uwyo.edu\antivirus\forefront\ManualMigrateForefront.vbs, and press Enter.
     
  4. If prompted for your username and password, enter your username in as uwyo\username and the password is your domain password.
     
  5. In the Security Warning screen, click Open.
     
  6. There will be many popup windows. Click Yes or OK to all prompts.
     
     Note: If there is a prompt to enter a password to uninstall Trend OfficeScan, the password is either R00f$Snow or Icy$R0ads (for both passwords, the 0 is the number zero).
     
     The computer must be allowed to reboot to ensure the installation properly completes. After you log in, you should have a green icon in your system tray at the bottom right corner of your screen, which indicates that the antivirus is running as expected and is receiving updates. If you do not have this icon or if it is orange, contact the IT Help Desk at 307-766-4357, Option 1, or email userhelp@uwyo.edu.
     
     
  These instructions are also available on Information Technology’s AskIT web site at How to Uninstall Trend OfficeScan and Install Microsoft Forefront Client Security with Manual Migration Tool.
   
• (Future) Automatic WSUS Forefront deployment
  When the Campus Forefront migration is deemed complete, IT will set Campus WSUS (Windows Software Update Service) to deploy Forefront to all (new or existing) computers that do not already have Forefront installed. This feature cannot be enabled until all computers have uninstalled OfficeScan.

• Computers in the UWYO domain
  • Computers in the UWYO domain that are connected to the UW wired network will be migrated to Forefront automatically. This will be done a few buildings at a time. Users will receive an email detailing the migration schedule.
• Third Party Domains will not participate in automated Forefront migration because the computers do not connect to the UW UWYO/WINDOWS Active Directory. It is recommended that administrator use the manual migration utility and computers should be set to update Forefront via Microsoft Update.
• Computers with Active Directory computer accounts connected to the UW wireless network or a foreign network will not participate in auto-migration because they do not have network connectivity at boot-time. These computers should use the manual migration utility immediately.
• Personally-owned computers should use Microsoft Security Essentials or other antivirus options due to licensing restrictions.

• UW computers registered in the UWYO domain can be “opted out” of the auto-migration process. This will prevent auto-migration, WSUS automated Forefront deployment as well as patch and service pack installation from central IT. Users should contact Information Technology’s Help Desk at 766-4357, option 1, to request to be opted out of UW WSUS update services.
• Users that opt out of WSUS\ automated Forefront should manually install Forefront and get updates directly from Microsoft. The computer should be setup to download and install updates at consistent times when the user typically has network access
• IT recommends that computers not connected to the UW campus wired network be opted-out of WSUS\automated Forefront process.
• Third party domains and Workgroup computers are opted-out by default.
• Users must reboot the computer while they are connected to the Campus network after opting out in order for it to take effect. The computer cannot be connected via VPN or Wireless at boot-time for the opt-out mechanism to work.

• Forefront settings are enforced by Active Directory Group Policies.
• These settings include a 1 hour signature update interval.
• Users will have the ability to:
  • Scan now
  • Update now
  • Restore Quarantine Items
  • Change scan actions
  • Change exclusion lists
  • Cancel Scheduled Scans currently set to Wednesday 00:00.
  • Unless users have opted-out of WSUS/Forefront their machines will be required to run Forefront.
• User will not have the ability to:
  • Change Scheduled Scan date\time
  • Change advanced options
• If a client computer is offline for two consecutive scheduled scans, Client Security starts the scan the next time the antimalware service starts.

• There is no web reputation filter in Forefront.