When deploying Forefront Endpoint Protection, making a few simple changes to your existing Antivirus Software before installing FEP can increase the success of your deployment. Below is a list of tasks:
1.) Disable any passwords for your AV software - Symantec, Trend, Etc... all have an option for password protecting the AV client. Common password protection configurations include removing the ability to view the console and uninstall the AV product. Though this feature helps lockdown the client, it can also hinder your AV removal routine.
2.) Turn off any AV Tamper Protection- This feature is supposed to protect the AV software from being 'Tampered with' by a virus; however, it could also detect your uninstallation routine as an attack and lock out important services associated with the AV. If turning it off is out of the question, try to at least add your uninstallation routine to the exception list.
3.) Remove or reconfigure schedule scans- Schedule scans can be configured to run at any hour or any day. It is a good idea to look at your current scanning policy to coordinate your deployment. Uninstallation routines could be delayed due to a scheduled scan running or could even cause the uninstallation routine to reboot the machine in order to free up the associated processes for removal
4.)Verify that your existing AV product or software distribution program is not configured to automatically reinstall the AV software that you just removed. A lot of companies want to make sure that every client on their network has AV software, and unmanaged computer scans are great for this purpose. However, the last thing you want is to have to go back and remove the old AV software again after your deployment!
Check out this blog post and other blogs about Forefront Endpoint Protection here