Installing MS ForeFront Protection 2010 for SharePoint

Pre Req's : 

• Create a new Forefront admin account: SPForefrtadm (careful on account name length as have had problems)
  

• Make account SP farm admin (not good i know but req)

• Add account to server(s) local administrator & WSS_ groups.

• Add account to SQL server with roles dbcreator, public, securityadmin

One last thing  here, I got the following error when installing

This appeared in the event log : 

Insufficient SQL database permissions for user 'Name: domain\spforefrtadm SID: S-1-5-21-4128845870-1776218058-854377484-3634 ImpersonationLevel: None' in database 'SharePoint_Config_name' on SQL Server instance 'servername'. Additional error information from SQL Server is included below.

The SELECT permission was denied on the object 'Versions', database 'SharePoint_Config_name', schema 'dbo'.

• So looks like it requires dbo SQL permissions on the Config DB too.

This is so wrong MS! sort it out!!

To Install Forefront for SP ::

 Run forefrontsharepointsetup.exe  (needs to be installed on each server, one at a time)
Accept licence agreement > Next > Next
Change data folder locations to d:\path
Enter proxy details (if req)
Enter SP farm account (SPForeFntAdm) & PWD > Next
Do not use MS for updates, or do if you have a mgmt server > Next
Do not join customer experience > Next > Next
Click close to finish.
Run the "Forefront protection for SharePoint console"
Click “Activate now”
Enter the licence key : enter your lic
Enter agreement details ::
Licence Agreement number:
EXP DATE:

Repeat on each WFE\ Application servers.


To Configure the Forefront AV you may want to consider the following :
Select policy management > Antimalware > Realtime
Once installed, Set process count to "2", Maximum container scan time to "60" seconds and click "save". (this saves a huge number of threads being used and a long wait time if problems during file scans)

Note this next step is not required but you may want to consider to avoid each AV scanner chewing up your sever memory and frankly a bit of AV overkill.
Select policy management > Global Settings > Advanced options > Engine Management
Under "intelligent Engine Management" Select "Manual" and Disable all but "Microsoft Antimalware Engine" and click "save"



Run whole process above on each server in turn as the CA web services are restarted. So don’t run the installs all at the same time.

Once done with installs, on your central admin server navigate to

Central Admin > Security > Manage AV settings

Set your required settings for the Farm AV.

optional : 
Antivirus Time Out
something short unless you like waiting

Antivirus Threads
2 unless you have lots of memory