How to install Microsoft Forefront Client Security Antivirus on Windows Server 2012 Essentials
Forefront, remarkably, has worked nicely on Windows Home Servers since 2007.
How to install Microsoft Forefront Client Security Antivirus on Windows Home Server v1
TinkerTry.com/antivirus4whs
How to install Microsoft Forefront Client Security Antivirus on Windows Home Server 2011
TinkerTry.com/antivirus4whs2011
How to install Microsoft Forefront Client Security Antivirus on Windows Server 2012 Essentials
TinkerTry.com/antivirus4ws2012e
The thing is, it's entirely unsupported, and Forefront's future is anything but certain. See Mary Jo Foley's Microsoft axes many of its Forefront enterprise security products, with support likely ending in 2015. Microsoft newer System Center 2012 Endpoint Protection won't even install on WS2012.
But you know what? At least Forefront is not third party, and Microsoft has never stated official support for any version of Forefront on any Home Server version anyway. Windows Server 2012 Essentials is no exception. Oh yeah, then there's this. It works. Yep, looks familiar, and functions pretty much the same as the Windows Defender on Windows 8 and Security Essentials on Windows 7, with Windows Update responsible for bringing down the signature updates, automatically. Nice.
I've been using Forefront 1.5 for 17 days now on my newly built WS2012 system. And I ran it for about 4 months on the Release Candidate. No issues or problems to note thus far. No installer conflicts, no nagging.
Haven't tried Forefront on Windows Server 2012 yet, but I don't see any reason why it wouldn't work exactly the same. Read about other options here. Microsoft Intune might be nice, but it ain't free.
Here's the summary:
The gotchas:
- you need MSDN or Technet
- you need the patience to do this setup only once, hopefully it'll last you for years to come, but we really cannot be sure
- it's entirely unsupported by Microsoft on this particular server operating system
- my install instructions cover the client only, protecting the server itself only, admittedly
- if you have proper antivirus on all connected clients 100% of the time, then it's not really needed, many would argue
The goodness:
- it works
- it's unobtrusive
- it's not a 3rd party software vendor, leveraging the Windows Update capability you already use for regular signature updates
- the WS2012 Dashboard tells me if clients fall behind on their own antivirus software signature updates
Also check out the 13,000+ folks reading this post these last 5 months over home HomeServerShow Forums:
Antivirus software for Server 2012 Essentials started By Hanzoy, Oct 13 2012 07:11 AM
Microsoft Forefront Client Security Download/Install/Update Guide
Jump to the video below if you prefer details descriptions and narration, or you may find it easier to follow this step-by-step visual guide:
1) Download and install Forefront
a) login to your MSDN or TechNet, then use this URL to search for "Forefront Client Security" for you, click Go, and you'll get one result
download en_forefront_client_security_x86_x64_cd_x13-62435.iso
Forefront Client Security (x86 and x64) - CD (English)
ISO|English|Release Date: 3/21/2008|Details
b) Double-click the ISO which mounts it as a drive-letter
c) press Win+X, choose 'Command Prompt (Admin)'
d) change to the drive letter of the opened ISO file, in my case, I typed:
E:
cd \CLIENT\X64
clientsetup.exe /NOMOM
2) Download KB2508823 and KB2524280
Why? Because I found that if you don't, you won't be able to run Windows Update and have definitions download and install without errors. These items are handles easiest from IE, where you Add them to your cart, then checkout to download (free).
a) copy and paste this URL
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2508823
into your WS2012E Internet Explorer
b) when prompted
This website wants to install the following add-on: 'Microsoft Update Catalog' from Microsoft Corporation'.
click Install, then choose Yes
d) paste this URL
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2524280
into your WS2012E Internet Explorer (you can ignore the Enhanced Security Configuration is enabled warnings, it'll work despite that default setting)
e) click the Add button again
f) click 'view basket'
g) click 'Download' (pictured here), save into a directory you'll remember
3) Install KB2508823
Double-click the executable filename inside KB2508823 that starts with 'all', accept the terms, then click OK to install, it confirms when you're done, ignoring notification tray pop-ups.
4) Install KB2524280
Double-click the executable filename inside KB2524280 that starts with 'all', accept the terms, then click OK to install, it confirms when you're done, ignoring notification tray pop-ups. Don't worry, those warnings get fixed later.
5) Eject E: drive
Press 'Win+E' to launch Explorer, right-click on the E: drive (that represents the mounted ISO file), and choose 'Eject'
6) Launch Dashboard
a) launch 'Windows Server 2012 Essentials Dashboard', click HOME, 'Get updates for other Microsoft products', 'Click to activate Microsoft Update'
b) Choose Use Microsoft Update, click 'OK'
c) click Settings
d) click Change
e) click 'Turn on automatic updates'
f) Turn off all checkboxes, then turn on just Forefront updates, and click 'Install'
g) Double-click on the Forefront tray icon, it turns to Green Checkbox, indicating you're done
h) Optionally, you may wish to run Windows Update again to complete any remaining updates it offers, rebooting as necessary, until there are no more updates.
Alternatively, view the video and follow-along, step-by-step
screenshot step-by-step to appear right here too, coming soon!
Because there is a very specific set of 2 patches you must install properly for Windows Updates to work, I'd strongly recommend backing up first, and watching the video before you decide to try this entirely-at-your-own-risk installation.
Known issues:
Clients PCs that have slightly out of date antivirus signatures tend to clutter the Windows Server 2012 Essentials Dashboard with a lot of yellow warning for this one Windows Update element not yet applied. Same goes for the server itself, also showing alerts that the latest update hasn't yet been applied (to Forefront).
See also:
Protecting home computers, Published: December 16, 2009
technet.microsoft.com/en-us/library/bb625083.asp
Suitable Anti Virus for Windows Server 2012 and 2008R2, January 31, 2013:
social.technet.microsoft.com/Forums/en-US/winservergen/thread/b25b73d9-87b2-4249-88c9-89bfd92725dc
Antivirus software for Server 2012 Essentials Started By Hanzoy, Oct 13 2012 08:11 AM
All Comments on This Article (20)
This is how i got SCEP to install and update on my Server 2012 r2 Essentials box
1. Go to the System Centers Evaluations page at Microsoft (http://tinyurl.com/ovzyraf)
2. Download the SC2012_sp2_Configmgr_SCEP.exe found under the "System Center 2012 R2 Configuration Manager and Endpoint Protection SP1"
3. Extract the zip to locate the "Client" folder
4. Open up a command prompt with elevated permissions and navigate to this folder.
5. Type in the following command: scepinstall.exe /disableoslimit
You will now get virus definitions updated to the client
Upgrading Client
Though the above steps work for installing and getting virus updates, when MS release version updates to the SCEP client, they will fail because of the OS. So similar to what you had to do for the initial install, you will have to do for (potentially) each client update.
I got the idea on how to do the initial install based on "Martin's" post on how to upgrade the client. I have followed his procedures and I was able to update the client. You can find his instructions here http://tinyurl.com/ou8nuet
Good Luck!
Yes, amazing how something we think is old/outdated can still have an impact, even years down the track :) I can imagine that it would've been a blast (NOT!) trying to figure this out :)
Well, that sure is nice to hear, glad this older article is still of value. I was fun to figure this install out...
Thank you so much Paul. I was stuck but your clear instructions helped me get Forefront installed and working correctly on my Essentials R2 server at home. Great work!
I couldn't figure out how to uninstall the above forefront updates and hope it has no ill effects.
Anyway to uninstall them, it seems they were never installed.
John, thank you for the information sharing, nice workaround!
I too have often done stuff like run out of space on a C: drive in a thin provisioned VM, kinda easy to accidentally do. You are not alone!
quick update, Windows Updates are working. It was my VM it ran out of space (d'oh). I was unable to install update kb2884678 do to the fact endpoint is not supported on WSE2012. I had to manually download it using a windows downloader tool and manually install using kb2884678.exe /disableoslimit
Maybe in the future I should have held of until the release of R2 from upgrading my WHS 2011. I like some of the new mobile features and the fact RWA is now html5 vs silverlight.
Endpoint updated with the latest definitions and windows update was still able to find 64 updates but the installs kept failing, I just hope its my VM because I was messing around with it and must have screwed it up, oh well.
Hopefully it works for you as I could love to use it on my production server.
I will do, as soon as I have a scratch VM (been focused more on 2012 R2 lately). Sorry to hear updates are having issues, this sounded so promising!
This issue sounds a little like the strange stuff I ran into, until I came up with the exact sequence of install steps above for Forefront.
Thanks for visiting John, and I think I may still have a pristine WS2012E (R1) VM to test on, will let you know if I make any progress...BTW, you going to R2 soon? Unfortunate that there is no upgrade path, eh?
it seems it installed correctly and also updated fine in the VM, but now my windows updates seem to be having issues. It could just be my VM so please test and confirm.
Paul I been using forefront for a while now, and just messing around with some VM's to see if i could get WSCEP 2012 and always got the same message as you posted below. Today i tried from command line "SCEPInstall.exe /disableoslimit" without quotes and it worked YAY!!
If you have some time can you see if it works for you and if the updates work. I'm using WSE2012 R1
Glad it worked out for you! By the way, would you be willing to mention if you are using Windows Server 2012 Essentials, or Windows Server 2012 R2 Essentials?
And FYI, no, I haven't tried System Center Endpoint Protection since, once I got Forefront working, I kind of forgot about worrying about it.
Yes, definitely working. Sorry for late reply.
Can you verify if your daily definition updates are working?
Here's the error I had gotten:
Sounds promising, thank you!
I had tried System Center Endpoint Protection back in January 2013, and shared my failed attempt here:
http://homeservershow.com/forums/index.php?/topic/4513-antivirus-software-for-server-2012-essentials/#entry52501
where I got an error upon trying to install it
http://db.tt/ODUZzmr9
so apparently something has changed, I'll have to give this another try.
No need to jump through these hoops. Windows System Center Endpoint Protection 2012 with SP1 installs fine on WSE2012. Download from Technet or MSDN sub.
Thanks for this Paul,
I agree with all your points, great info.
I've been running my WSE2012 "naked" for the past few months, needed motivation to download and install Forefront Client Security :)
Sure, it works fine, the only issue is that it complains too much about outdated definitions - cluttering the dashboard as you've put it.
Paul Braren | TinkerTry.com
Wow, great info Dave, thank you so much for detailing it here, I'm honored!
Folks, see below Dave's method to get SCEP (System Center Endpoint Protection) antivirus installed on Windows Server 2012 R2 Essentials.