Forefront Client Security TechCenter >
Forefront Client Security Forums
>
Forefront Client Security Alerting and Monitoring
>
Any way to determine which clients have been uninstalled?
Any way to determine which clients have been uninstalled?
- We noticed in the FCS Management console that the number of managed computers fluctuates (usually because of newly installed FCS Clients.) However recently we noticed this number decrease , causing to be concerned that certain end-users (with administrative privileges on their PC) have possibly uninstalled the FCS Client.
Is there a way to see the recent "uninstall activity", either with a report or via a SQL query? (I looked through the MOM logs, but couldn't decipher anything useful.)
Thanks,
Dan Chiasson
Answers
- Hey Dan,
The Connectivity report shows computers which have or have not reported in the last 30 days. You can see clients here which have not reported in a long time; for example clients which have had the MOM agent uninstalled. If perhaps they chose to leave the MOM agent installed and uninstall other Forefront Client components they would show up in the MOM consoles as a managed agent but would not be a Client Security client. If you open the MOM Operators console and choose the State view, you should see a column showing FCS agents. All of your clients should have a check mark.
Lastly, a script runs daily on Client Security agents and updates the client state(version, definition info, IP, etc). That information is visible in the Deployment and Computer Details reporting(among others). Uninstalling some Client Security components, but not others, should be visible in these reports.
Hopefully these will help shed light on any uninstalled agents,
Craig
Forefront Client Security Support- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 14, 2009 4:03 AM
- Marked As Answer byDan Chiasson Wednesday, July 15, 2009 3:21 PM
All Replies
- Hey Dan,
The Connectivity report shows computers which have or have not reported in the last 30 days. You can see clients here which have not reported in a long time; for example clients which have had the MOM agent uninstalled. If perhaps they chose to leave the MOM agent installed and uninstall other Forefront Client components they would show up in the MOM consoles as a managed agent but would not be a Client Security client. If you open the MOM Operators console and choose the State view, you should see a column showing FCS agents. All of your clients should have a check mark.
Lastly, a script runs daily on Client Security agents and updates the client state(version, definition info, IP, etc). That information is visible in the Deployment and Computer Details reporting(among others). Uninstalling some Client Security components, but not others, should be visible in these reports.
Hopefully these will help shed light on any uninstalled agents,
Craig
Forefront Client Security Support- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 14, 2009 4:03 AM
- Marked As Answer byDan Chiasson Wednesday, July 15, 2009 3:21 PM
- Thanks Craig. It's a lot clearer now.
Regards,
Dan
