locked
NAP Antivirus and WSUS RRS feed

  • Question

  • Hi guys,

    Do you have "how to" to configure NAP for Antivirus and WSUS ? I already succeded at Windows Firewall. Is it as simpel just check the option that Antivirus and Windows Update must on at the WSHV and continue to add the IP Address at the remediation server group ?

     

    Tuesday, April 19, 2011 7:25 AM

Answers

  • Hi Customer,

          You could deploy antivirus and wsus nap via configure antivirus and windows update in WSHV and add their server into remediation server group.

    The difference is firewall and windows update nap could  automatically remediate noncompliant health states, antivirus nap need client to operate antivirus application by manual.

    If you want to antivirus nap automatically remediate, you need to install third part SHV for antivirus application.

    Windows Security Health Validator

    http://technet.microsoft.com/en-us/library/cc731260(WS.10).aspx


    Regards, Rick Tan
    • Marked as answer by Rick Tan Monday, April 25, 2011 6:10 AM
    Tuesday, April 19, 2011 9:16 AM

All replies

  • Hi Customer,

          You could deploy antivirus and wsus nap via configure antivirus and windows update in WSHV and add their server into remediation server group.

    The difference is firewall and windows update nap could  automatically remediate noncompliant health states, antivirus nap need client to operate antivirus application by manual.

    If you want to antivirus nap automatically remediate, you need to install third part SHV for antivirus application.

    Windows Security Health Validator

    http://technet.microsoft.com/en-us/library/cc731260(WS.10).aspx


    Regards, Rick Tan
    • Marked as answer by Rick Tan Monday, April 25, 2011 6:10 AM
    Tuesday, April 19, 2011 9:16 AM
  • For nap to support WSUS you have to just enable the corresponding SHV as you said and configure WSUS as remediation server. You can also handle it if you have SCCM in the environment as SCCM supports NAP and WSUS can be integrated in it.

     

    For antivirus your status can only be checked by the default SHA provided in operating system . If you want to update also you have to install Sha from the vendors and all the antivirus vendors dont support nap. You can check the list from this location.

     

    http://www.microsoft.com/windowsserver2008/en/us/nap-partners.aspx

    • Proposed as answer by vinit pandey Tuesday, April 19, 2011 9:55 AM
    Tuesday, April 19, 2011 9:55 AM
  • Thanks All, already tried for three of them :)

    Tuesday, April 19, 2011 10:24 AM