How to install Microsoft Forefront Client Security Antivirus on Windows Server 2012 Essentials
Forefront, remarkably, has worked nicely on Windows Home Servers since 2007.
How to install Microsoft Forefront Client Security Antivirus on Windows Home Server v1
TinkerTry.com/antivirus4whs
How to install Microsoft Forefront Client Security Antivirus on Windows Home Server 2011
TinkerTry.com/antivirus4whs2011
How to install Microsoft Forefront Client Security Antivirus on Windows Server 2012 Essentials
TinkerTry.com/antivirus4ws2012e
The thing is, it's entirely unsupported, and Forefront's future is anything but certain. See Mary Jo Foley's Microsoft axes many of its Forefront enterprise security products, with support likely ending in 2015. Microsoft newer System Center 2012 Endpoint Protection won't even install on WS2012.
But you know what? At least Forefront is not third party, and Microsoft has never stated official support for any version of Forefront on any Home Server version anyway. Windows Server 2012 Essentials is no exception. Oh yeah, then there's this. It works. Yep, looks familiar, and functions pretty much the same as the Windows Defender on Windows 8 and Security Essentials on Windows 7, with Windows Update responsible for bringing down the signature updates, automatically. Nice.
I've been using Forefront 1.5 for 17 days now on my newly built WS2012 system. And I ran it for about 4 months on the Release Candidate. No issues or problems to note thus far. No installer conflicts, no nagging.
Haven't tried Forefront on Windows Server 2012 yet, but I don't see any reason why it wouldn't work exactly the same. Read about other options here. Microsoft Intune might be nice, but it ain't free.
Here's the summary:
The gotchas:
- you need MSDN or Technet
- you need the patience to do this setup only once, hopefully it'll last you for years to come, but we really cannot be sure
- it's entirely unsupported by Microsoft on this particular server operating system
- my install instructions cover the client only, protecting the server itself only, admittedly
- if you have proper antivirus on all connected clients 100% of the time, then it's not really needed, many would argue
The goodness:
- it works
- it's unobtrusive
- it's not a 3rd party software vendor, leveraging the Windows Update capability you already use for regular signature updates
- the WS2012 Dashboard tells me if clients fall behind on their own antivirus software signature updates
Also check out the 13,000+ folks reading this post these last 5 months over home HomeServerShow Forums:
Antivirus software for Server 2012 Essentials started By Hanzoy, Oct 13 2012 07:11 AM
Microsoft Forefront Client Security Download/Install/Update Guide
Jump to the video below if you prefer details descriptions and narration, or you may find it easier to follow this step-by-step visual guide:
1) Download and install Forefront
a) login to your MSDN or TechNet, then use this URL to search for "Forefront Client Security" for you, click Go, and you'll get one result
download en_forefront_client_security_x86_x64_cd_x13-62435.iso
Forefront Client Security (x86 and x64) - CD (English)
ISO|English|Release Date: 3/21/2008|Details
b) Double-click the ISO which mounts it as a drive-letter
c) press Win+X, choose 'Command Prompt (Admin)'
d) change to the drive letter of the opened ISO file, in my case, I typed:
E:
cd \CLIENT\X64
clientsetup.exe /NOMOM
2) Download KB2508823 and KB2524280
Why? Because I found that if you don't, you won't be able to run Windows Update and have definitions download and install without errors. These items are handles easiest from IE, where you Add them to your cart, then checkout to download (free).
a) copy and paste this URL
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2508823
into your WS2012E Internet Explorer
b) when prompted
This website wants to install the following add-on: 'Microsoft Update Catalog' from Microsoft Corporation'.
click Install, then choose Yes
d) paste this URL
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2524280
into your WS2012E Internet Explorer (you can ignore the Enhanced Security Configuration is enabled warnings, it'll work despite that default setting)
e) click the Add button again
f) click 'view basket'
g) click 'Download' (pictured here), save into a directory you'll remember
3) Install KB2508823
Double-click the executable filename inside KB2508823 that starts with 'all', accept the terms, then click OK to install, it confirms when you're done, ignoring notification tray pop-ups.
4) Install KB2524280
Double-click the executable filename inside KB2524280 that starts with 'all', accept the terms, then click OK to install, it confirms when you're done, ignoring notification tray pop-ups. Don't worry, those warnings get fixed later.
5) Eject E: drive
Press 'Win+E' to launch Explorer, right-click on the E: drive (that represents the mounted ISO file), and choose 'Eject'
6) Launch Dashboard
a) launch 'Windows Server 2012 Essentials Dashboard', click HOME, 'Get updates for other Microsoft products', 'Click to activate Microsoft Update'
b) Choose Use Microsoft Update, click 'OK'
c) click Settings
d) click Change
e) click 'Turn on automatic updates'
f) Turn off all checkboxes, then turn on just Forefront updates, and click 'Install'
g) Double-click on the Forefront tray icon, it turns to Green Checkbox, indicating you're done
h) Optionally, you may wish to run Windows Update again to complete any remaining updates it offers, rebooting as necessary, until there are no more updates.
Alternatively, view the video and follow-along, step-by-step
screenshot step-by-step to appear right here too, coming soon!
Because there is a very specific set of 2 patches you must install properly for Windows Updates to work, I'd strongly recommend backing up first, and watching the video before you decide to try this entirely-at-your-own-risk installation.
Known issues:
Clients PCs that have slightly out of date antivirus signatures tend to clutter the Windows Server 2012 Essentials Dashboard with a lot of yellow warning for this one Windows Update element not yet applied. Same goes for the server itself, also showing alerts that the latest update hasn't yet been applied (to Forefront).
See also:
Protecting home computers, Published: December 16, 2009
technet.microsoft.com/en-us/library/bb625083.asp
Suitable Anti Virus for Windows Server 2012 and 2008R2, January 31, 2013:
social.technet.microsoft.com/Forums/en-US/winservergen/thread/b25b73d9-87b2-4249-88c9-89bfd92725dc
Antivirus software for Server 2012 Essentials Started By Hanzoy, Oct 13 2012 08:11 AM