How to install Microsoft Forefront Client Security Antivirus on Windows Server 2012 Essentials

Posted by Paul Braren on Mar 13 2013 in
  • HomeServer
  • Windows
  • Forefront, remarkably, has worked nicely on Windows Home Servers since 2007.

    How to install Microsoft Forefront Client Security Antivirus on Windows Home Server v1
    TinkerTry.com/antivirus4whs

    How to install Microsoft Forefront Client Security Antivirus on Windows Home Server 2011
    TinkerTry.com/antivirus4whs2011

    How to install Microsoft Forefront Client Security Antivirus on Windows Server 2012 Essentials
    TinkerTry.com/antivirus4ws2012e

    The thing is, it's entirely unsupported, and Forefront's future is anything but certain. See Mary Jo Foley's Microsoft axes many of its Forefront enterprise security products, with support likely ending in 2015. Microsoft newer System Center 2012 Endpoint Protection won't even install on WS2012.

    But you know what? At least Forefront is not third party, and Microsoft has never stated official support for any version of Forefront on any Home Server version anyway. Windows Server 2012 Essentials is no exception. Oh yeah, then there's this. It works. Yep, looks familiar, and functions pretty much the same as the Windows Defender on Windows 8 and Security Essentials on Windows 7, with Windows Update responsible for bringing down the signature updates, automatically. Nice.

    Separated-at-Birth-Windows-Defender-on-Windows-8-versus-Forefront-on-Windows-Server-2012-Essentials
    Separated at Birth – Windows Defender on Windows 8 – Forefront on Windows Server 2012 Essentials
    About-Forefront-1.5
    About Forefront 1.5

    I've been using Forefront 1.5 for 17 days now on my newly built WS2012 system. And I ran it for about 4 months on the Release Candidate. No issues or problems to note thus far. No installer conflicts, no nagging.

    Haven't tried Forefront on Windows Server 2012 yet, but I don't see any reason why it wouldn't work exactly the same. Read about other options here. Microsoft Intune might be nice, but it ain't free.

    Here's the summary:

    The gotchas:

    • you need MSDN or Technet
    • you need the patience to do this setup only once, hopefully it'll last you for years to come, but we really cannot be sure
    • it's entirely unsupported by Microsoft on this particular server operating system
    • my install instructions cover the client only, protecting the server itself only, admittedly
    • if you have proper antivirus on all connected clients 100% of the time, then it's not really needed, many would argue

    The goodness:

    • it works
    • it's unobtrusive
    • it's not a 3rd party software vendor, leveraging the Windows Update capability you already use for regular signature updates
    • the WS2012 Dashboard tells me if clients fall behind on their own antivirus software signature updates

    Also check out the 13,000+ folks reading this post these last 5 months over home HomeServerShow Forums:
    Antivirus software for Server 2012 Essentials started By Hanzoy, Oct 13 2012 07:11 AM

    Microsoft Forefront Client Security Download/Install/Update Guide

    Jump to the video below if you prefer details descriptions and narration, or you may find it easier to follow this step-by-step visual guide:

    1) Download and install Forefront

    a) login to your MSDN or TechNet, then use this URL to search for "Forefront Client Security" for you, click Go, and you'll get one result

    download en_forefront_client_security_x86_x64_cd_x13-62435.iso
    Forefront Client Security (x86 and x64) - CD (English)
    ISO|English|Release Date: 3/21/2008|Details

    Forefront-Client-Security-download

    b) Double-click the ISO which mounts it as a drive-letter

    c) press Win+X, choose 'Command Prompt (Admin)'

    d) change to the drive letter of the opened ISO file, in my case, I typed:

    E:
    cd \CLIENT\X64
    clientsetup.exe /NOMOM
    Installation-completed-successfully

    2) Download KB2508823 and KB2524280

    Why? Because I found that if you don't, you won't be able to run Windows Update and have definitions download and install without errors. These items are handles easiest from IE, where you Add them to your cart, then checkout to download (free).

    a) copy and paste this URL
    http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2508823
    into your WS2012E Internet Explorer

    b) when prompted
    This website wants to install the following add-on: 'Microsoft Update Catalog' from Microsoft Corporation'.
    click Install, then choose Yes

    install-Microsoft-Update-Catalog-add-on
    UAC-for-Microsoft-Update-Catalog

    d) paste this URL
    http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2524280
    into your WS2012E Internet Explorer (you can ignore the Enhanced Security Configuration is enabled warnings, it'll work despite that default setting)

    e) click the Add button again

    f) click 'view basket'

    g) click 'Download' (pictured here), save into a directory you'll remember

    Microsoft-Update-Catalog
    both-files-downloaded

    3) Install KB2508823

    Double-click the executable filename inside KB2508823 that starts with 'all', accept the terms, then click OK to install, it confirms when you're done, ignoring notification tray pop-ups.

    KB2508823-install
    KB2508823-Installation-completed-successfully

    4) Install KB2524280

    Double-click the executable filename inside KB2524280 that starts with 'all', accept the terms, then click OK to install, it confirms when you're done, ignoring notification tray pop-ups. Don't worry, those warnings get fixed later.

    KB2524280-install
    KB25242480-Installation-completed-successfully

    5) Eject E: drive

    Press 'Win+E' to launch Explorer, right-click on the E: drive (that represents the mounted ISO file), and choose 'Eject'

    Eject-E-drive

    6) Launch Dashboard

    a) launch 'Windows Server 2012 Essentials Dashboard', click HOME, 'Get updates for other Microsoft products', 'Click to activate Microsoft Update'

    Windows-Server-2012-Essentials-Dashboard-click-HOME-Get-updates-for-other-Microsoft-products-Click-to-activate-Microsoft-Update
    Windows Server 2012 Essentials Dashboard – click HOME, ‘Get updates for other Microsoft products’, ‘Click to activate Microsoft Update’

    b) Choose Use Microsoft Update, click 'OK'

    Use-Microsoft-Update
    Choose Use Microsoft Update, click ‘OK’

    c) click Settings

    click-Settings

    d) click Change

    click-Change

    e) click 'Turn on automatic updates'

    Turn-on-automatic-updates

    f) Turn off all checkboxes, then turn on just Forefront updates, and click 'Install'

    Turn-off-all-checkboxes-then-turn-on-just-the-Forefront-related-entries
    Turn off all checkboxes, then turn on just Forefront updates, and click ‘Install’

    g) Double-click on the Forefront tray icon, it turns to Green Checkbox, indicating you're done

    Double-click-on-the-Forefront-tray-icon-it-turns-to-Green-Checkbox-indicating-youre-done
    Double-click on the Forefront tray icon, it turns to Green Checkbox, indicating you’re done

    h) Optionally, you may wish to run Windows Update again to complete any remaining updates it offers, rebooting as necessary, until there are no more updates.


    Alternatively, view the video and follow-along, step-by-step

    screenshot step-by-step to appear right here too, coming soon!

    Because there is a very specific set of 2 patches you must install properly for Windows Updates to work, I'd strongly recommend backing up first, and watching the video before you decide to try this entirely-at-your-own-risk installation.

    Known issues:
    Clients PCs that have slightly out of date antivirus signatures tend to clutter the Windows Server 2012 Essentials Dashboard with a lot of yellow warning for this one Windows Update element not yet applied. Same goes for the server itself, also showing alerts that the latest update hasn't yet been applied (to Forefront).

    See also:
    Protecting home computers, Published: December 16, 2009
    technet.microsoft.com/en-us/library/bb625083.asp

    Suitable Anti Virus for Windows Server 2012 and 2008R2, January 31, 2013:
    social.technet.microsoft.com/Forums/en-US/winservergen/thread/b25b73d9-87b2-4249-88c9-89bfd92725dc

    Antivirus software for Server 2012 Essentials Started By Hanzoy, Oct 13 2012 08:11 AM