Archive

Archive for the ‘ForeFront Family’ Category

Overview of Forefront Protection 2010 for Exchange Server

July 21, 2011 11 comments

Microsoft acquired Sybari Software Inc. in 2005 and, with it, acquired its
Antigen for Exchange product line. Microsoft later released its first suite of
Microsoft-branded Antigen products in June 2006 — marking its first line of
antivirus products specifically for Exchange Server 2000 and Exchange Server
2003.

The next generation of this product — Forefront Security for Exchange Server — was
released shortly after the debut of Exchange Server 2007. This version was
enhanced to support the new role-based architecture and leverage the new
transport pipeline in Exchange Server 2007.

Forefront Protection 2010 for Exchange
Server
is the current generation and next evolution of antispam and antivirus protection
from Microsoft. Microsoft’s 2005 acquisition of FrontBridge Technologies Inc., a
managed services provider for corporate email compliance, security and high
availability, paved the way for its hosted security solution for Exchange, which
now includes Forefront Online Protection 2010 for Exchange Server.

Exchange 2010 built-in antispam
protection

When you deploy an edge transport server role, a wide range of
antispam agents are installed that leverage Exchange Server 2010’s built-in API
hooks. Exchange 2010’s antispam transport agents are derived from long-standing
Exchange Server technology (Figure 1).

A list of Exchange 2010's antispam transport agents

Figure 1. Exchange Server 2010 already has plenty of antispam transport
agents built in.

Transport agents were first introduced in Exchange 2007 and can directly leverage the
transport pipeline to allow antivirus and antispam applications to proactively
scan inbound and outbound email processed by the edge transport server before it
enters or exits an organization.

If the edge transport server isn’t deployed, the
antispam transport agents can be imported onto a hub transport server role using the
install-AntispamAgents.ps1 script. This allows any Exchange Server
deployment topology to benefit from antispam protection. Of course, an antispam
application will only address half of the problem; you still need an antivirus
product to protect the organization from malware.

Forefront Protection for Exchange Server (On-premises)
Forefront
Protection 2010 for Exchange Server (FPE) is an on-premises application that can
be implemented in the internal network on the hub transport and mailbox roles.
It can also be implemented in the perimeter network, on the edge transport or
threat management gateway (TMG). FPE was designed to provide three distinct
layers of filtering: connection filtering, protocol filtering and content
filtering.

Layer 1 – Connection filtering (Approximately 80% of inbound spam
rejected)

  • DNS Block List (DNSBL)
  • IP Allow/IP Block
  • Sender ID

Layer 2 – SMTP filtering (3% to 5% rejected)

  • Sender
  • Recipient
  • Global safe list
  • Global block list
  • Sender ID
  • Backscatter

Layer 3 – Content filtering (55% to 60% rejected)

  • Cloudmark
  • Automatic updates every 45 seconds

FPE can also be installed on the mailbox role. The table below lists
available configuration options when FPE is installed on a mailbox server.

Forefront solution Description
Forefront Endpoint Protection 2010 Malware protection for business desktop PCs, laptops and server
operating systems that is easier to manage and control
Microsoft Forefront Protection 2010 for Exchange Server Multiple-engine antimalware and anti-spam protection for
on-premises Microsoft Exchange Server environments
Microsoft Forefront Online Protection for Exchange Microsoft-hosted antimalware and anti-spam service offering
enterprise-class reliability for messaging security and management
Microsoft Forefront Protection 2010 for SharePoint File filtering, keyword blocking and antivirus scanning for
Microsoft Office SharePoint Server document libraries
Microsoft Forefront Security for Office Communications
Server
Virus scanning and content filtering for instant message
conversations and file transfers
Forefront Threat Management Gateway Web Protection Service URL filtering and Web antimalware update service for Forefront
Threat Management Gateway 2010

Microsoft Forefront Protection Server Management
Console (FPSMC) 2010

Microsoft Forefront Protection Server Management
Console (FPSMC) 2010, allows administrators to manage not only multiple FPE
servers within an organization but also the settings for FOPE, is available as a
free download. FPSMC has an intuitive graphical
interface that administrators can use for server discovery, configuration
deployment, reporting, and quarantine management.

FOPE administrators can also utilize FPSMC as it is integrated with Forefront
Online Protection for Exchange. FPSMC also includes some reports to help
administrators understand the nature and trends of malware and spam
protection.

The FPE Server Administrator Console does an adequate job of allowing you to
configure FPE and FOPE for an organization and is all that is really necessary
for single server deployments. The new dashboard view (Figure 2) makes it very
easy to track current activity and the status of the different components in
FPE.

A look at the FPE dashboard
Figure 2. You can manage FPE from its new
dashboard.

New Forefront features to look
for

Forefront Protection for Exchange Server has several features that
might be new to Exchange Server administrators.
Let’s take a look at some of the coolest new features and how they work.

DNSBL. This feature automates subscriptions to real-time block list
(RBL) services and enables configuration through a single mouse click. This is
possible because Microsoft has already subscribed to some of the most respected
RBL providers to create its own DNS block list (DNSBL). When you enable DNSBL,
you subscribe to the Microsoft list; enabling DNSBL will eliminate subscriptions
fees that are often required to transfer block-list information to your servers.
It can also eliminate the headache of managing and configuring your own
subscriptions.

Backscatter. This feature protects your organization from bogus
non-delivery report (NDR) messages. Prior to the release of FPE 2010, there was
no Microsoft solution that could prevent fictitious NDR messages from being
delivered to users’ mailboxes. When you enable Backscatter and generate a set of
keys, each outbound message will have an attached token that’s based on a hashed
tab to P1.MailFrom: in the email header. If the external messaging system
that receives the email must return a non-delivery report, the token will be
returned as well.

If the Backscatter feature on Exchange 2010 transport servers can validate
the hash, then the NDR will be allowed into the organization. However, if the
NDR is missing the hashed tag or Backscatter cannot validate the hash, then the
NDR message will be dropped.

Note: To prevent inadvertently dropping valid NDR messages, all
transport servers must have the Backscatter feature enabled. At the very least,
it should be enabled on all Internet-facing transport servers.

Cloudmark. You can license this antispam solution from Microsoft for
both FPE and FOPE. Once FPE is installed, it will replace the default antispam
connection filter engine with Cloudmark. Cloudmark has proven to have a 99.77%
catch rate. Microsoft guarantees a 98% catch rate in its server-level agreement
(SLA) for FOPE.

Third-party spam and virus protection
Microsoft claims that there
are four features in Forefront Protection 2010 for Exchange Server that
differentiates the product from third-party solutions.

1. FPE uses five simultaneous scanning engines.
2. It uses multi-layer
defense architecture.
3. FPE is easy to administer, monitor and report.
4.
The solution supports a hybrid model that integrates both on-premise and online
servers as well a singular solution.

Despite these advantages, however, it isn’t everything for everyone.
Sometimes you need a third-party antivirus or antispam solution. There are a
number of well-known antivirus and antispam vendors for Microsoft Exchange
Server. When it comes down to choosing the best one for your enterprise, which
factors should you consider? Key aspects to look for in a third-party antivirus
solution for Exchange Server 2010 are:

  • Support for latest VSAPI
  • Support for hub, edge and mailbox roles
  • Use of transport agents for scanning
  • Support for antivirus stamping
  • Support for multiple scanning engines

Can the cloud reduce your spam carbon footprint?
There is a
concept with antimalware and antispam prevention that suggests the sooner you
can eliminate the threat, the less it will cost your organization. To describe
this concept in today’s environmentally conscious landscape, some have coined
this as “reducing the carbon footprint of spam and malware.”

The last 10 years has seen an explosion in hardware appliances and
perimeter-based email security designed to prevent unwanted email from even
making it inside an organization. The downside to these solutions is that they
require additional security expertise to maintain and they must be kept up to
date in order to be effective. For many organizations, there is not enough staff
to meet these challenges. The consequences of a solution failing are too great
for many organizations, so they have begun to seek alternatives.

The use of cloud-based managed security solutions for email systems has
increased significantly over the last few years. Cloud-based security solutions
give companies the potential to maintain the smallest carbon footprint possible
for malware and spam because these solutions eliminate unwanted email in the
cloud — not in the perimeter.

When Microsoft acquired FrontBridge, it became one of the top email hygiene
providers along with Postini (Google), Message Labs (Symantec), SOPHOS and Trend
Micro. Today there are more than 10 well-known hosted email hygiene/security
providers to select from as well as several lesser-known vendors.

Microsoft’s technological advances with FOPE make it an excellent choice for
a managed security solution in the cloud and a strong competitor with the
predominant providers. The strongest argument for FOPE, however, is that it is
the only solution that is tightly integrated with its on-premises counterpart,
FPE. FOPE can also be enabled and provisioned with a few clicks of the mouse,
using the same tools you need to manage FPE.

Example deployment topologies
FPE and FOPE were designed to support
environments of all sizes. FOPE is a hosted solution, so it was designed to
scale support for even the largest enterprises. There are different ways to
deploy FPE and FOPE for an Exchange Server 2010 organization. FPE can protect
Exchange organizations with single servers with combined roles or with dedicated
server roles. FOPE can be leveraged by itself without FPE. However the most
comprehensive solution is to deploy both FOPE and FPE together.

  • On-Premises: Combined Exchange Server roles
    All Exchange Server
    roles are combined on a single server. Although the client access server role
    and unified messaging role are on the same server, FPE does not directly support
    them. All email and voicemail are submitted to the mailbox role; therefore, CAS
    and UM roles are indirectly protected (Figure 3).Forefront Protection for Exchange Server indirectly protects the unified messaging and client access server roles.
    Figure 3. Though not directly supported, the
    client access server and unified messaging roles are protected by FPE.
  • On-Premises: Dedicated Exchange Server roles
    FPE is installed on
    the edge, hub and mailbox server roles, but it isn’t necessary to install on the
    UM or CAS roles. This topology gives Exchange administrators the greatest level
    of flexibility when sizing each server to meet the resource requirements of both
    Exchange 2010 and FPE. A TMG was also deployed to provide protection for the CAS
    role (Figure 4).Forefront Protection for Exchange Server is installed on the edge, hub and transport server roles.
    Figure 4. FPE is installed on the edge, hub and
    mailbox server roles.
  • On Premises/Hosted: Hybrid
    FPE and FOPE are deployed as a holistic
    antimalware/antispam solution. The Forefront Protection Manager allows admins to
    centrally manage the antispam policy. There is an additional FOPE gateway server
    in this configuration. This function takes very little resources and is used to
    push the antispam policy to FOPE from the FPMSC (Figure 5).Forefront Protection for Exchange Server and Forefront Online Protection for Exchange Server may be deployed together as a hybrid solution.
    Figure 5. FPE and FOPE can be deployed together
    as a hybrid antispam/antimalware solution.

Deployment recommendations
There are a few general rules you should
follow when deploying Forefront Protection for Exchange Server.

  • Deploy FPE on an edge transport server.
  • Deploy FPE on all hub transport servers.
  • Deploy FPE on all mailbox servers.
  • Run all five engines, if possible, and run no less than two engines for
    fault tolerance.
  • During a malware outbreak, enable the Scan after engine update
    setting for real-time scanning on mailbox servers.
  • Optionally, deploy FPE on a Threat Management Gateway (TMG) instead of an
    edge server.
  • Use the Forefront Protection 2010 for Exchange
    Server Capacity Planning Tool
    .

Because running antivirus software consumes additional resources, it is
important to plan appropriately. The capacity planning tool let you select
reference architecture and customize the memory and hardware constraints. After
it runs, it will produce a summary of the hardware requirements and number of
servers that should be used, based on the specified constraints.

Viruses and worms of a decade ago seemed like the biggest threats to
messaging security, but when you consider what they have evolved into today, for
example: the latest phishing and malware attacks with criminal intent, it is no
surprise the security industry has evolved as well. Email administrators are at
the center of the malware and spam storm and have the greatest responsibility to
provide their organizations with appropriate levels of protection.

The good news is there are more antispam and antimalware solutions on the
market than there have ever been that are specifically designed for messaging
systems. Microsoft has even included several layers of antispam protection built
into Exchange Server 2010. As the industry moves forward, it seems that the more
noticeable trends are the managed security solutions. The managed security
solutions in the cloud are becoming more attractive to administrators that have
found the task of keeping pace with the exponentially growing threats to their
email systems more and more difficult to perform.

Advertisements

Deploying Forefront Client Security Using SCCM 2007 – Step-By-Step

November 18, 2010 6 comments

This is a Step-By-Step guide for using SCCM2007 to Deploy Forefront Client Security Client Agents.

Pre-Requisites:

1. Installed and configured FCS management server.

2. FCS Policy configured and deployed on client machines.

3. Windows Update policy Configured and deployed on client machines.

4. Client Installation Files (the Client directory on the installation CD) on a shared directory on the FCS server (only read permissions needed).

Creating the Installation Package

1. Open SCCM 2007 Console and then go to Computer Management -> Software Distribution -> and right click Packages -> New -> Package.
clip_image002

2. Configure all package details and click next.
clip_image004

3. On the Data Source tab, configure the data source as the file share you’ve created with the client setup files on the installation server. On the scheduling part, you can choose to leave it by default, or configure a schedule for updating the client package.
After finished with all the settings, click finish.
I’ve chosen 6 hours since I’m downloading the new definitions every days using a script and updating the installation package everyday to be installed with the newest definitions.
clip_image006

4. Now go back and expand the newly created package. The first thing we need to do is to configure a distribution point for the package. For that, right click the distribution points -> New Distribution points.
clip_image008

5. On the distribution points wizard, walk through the welcome screen and on to the Copy package window. Then select the specified distribution point you wish to distribute your package from (the default choice should be the SCCM server itself). Then click next and close.
clip_image010

6. The next phase is creating the program to run the clientsetup.exe. in order to that, go back to the SCCM console and expand the FCS package. Right click programs ->New -> Program.
clip_image012

7. On the general page, type a program name and comment and then configure the command line you need to run the clientsetup.exe with. It should be something like:
clientsetup.exe /CG ForefrontClientSecurity /MS fcsserver.domain.com.
On the Run selection, I recommend using hidden in order not to disturb your users while deploying FCS.
Then click next.
clip_image014

8. On the requirements page, enter a 350MB disk space limit (the limitation by FCS pre-requisites). Then limit the platforms this program can run upon: since we are currently building a package using the x86 client agent version, we need to select only x86 platforms. In addition, we cannot select all x86 2000 and XP since the FCS client is limited to 2000SP4 and XPSP2, so pay attention and check only the proper platforms.
Then click next.
clip_image016

9. On the Environment page, choose that program can run whether or not the user is logged on (which automatically checks the “Run with administrative rights” option.
Note: you should have configured by the administrative account used to install programs. If not, you can find more information about configuring SCCM accounts on: http://technet.microsoft.com/en-us/library/bb680323.aspx .
Then Click next.
clip_image018

10. Go through the Adavanced, Windows Installer ,MOM Maintenance and summery pages and click close.
Note: you configure things you want under advanced or mom maintenance if you wish, but this is not necessary.
clip_image020

Note: The package with just created is used for installing the x86 client agent. In case you have x64 platforms in your domain you need to repeat the process and create a x64 package. Just pay attention when choose the running platforms, only select the x64 systems.

Creating a Task Sequence to Removing existing AV solution and Deploy FCS Package

1. Open SCCM 2007 Console and then go to Computer Management -> Operating System and right click Task Sequence -> New -> Task Sequence.
clip_image022

2. On the create new task sequence page, select “Create a new custom task sequence” and click next.
clip_image024

3. On the task sequence informatino page, type the task sequence name choose the x86 boot image (or x64 – depends on your client agent deployment). Then click next and close.
clip_image026
clip_image028

4. Now go back to the console and on the task sequence window, right click the newly created task sequence and select edit.
clip_image030

5. Now we create the task sequence that will run on the client.
Click Add-> General run command line.
clip_image032

6. Fill in the proper details and on the command line, write the full path to the removal script.
clip_image034
Note:
Some AV solutions require a reboot and won’t let anything else get installed on the system after removing them before your reboot the system.
If your case is one of those, then after adding the remove XXX task, click Add -> General Restart Computer.
clip_image036

7. Now we need to add the FCS deployment package. Click add -> General -> Install software
clip_image038

8. Now feel the name and description of the Installation task and select install single application, click browse and select the FCS package your created earlier.
clip_image040

9. This phase is optional, although I recommend working through it since this is one of the greatest added values of deploying FCS using SCCM.
After configuring the SCCM WSUS Distribution Point settings and syncing with Microsoft Update, you need to be able to see Forefront Updates (hotfixes) in the Software Update Deployment part of the SCCM console.
Go to Computer Management -> Software Updates -> Update Repository -> Updates -> Microsoft -> Forefront Client Security.
clip_image042

10. Select the Updates that relate to FCS and right click -> Deploy Software Updates. Make sure you choose only updates named “Update for Microsoft Forefront Client Security” and not the “Client Update for Microsoft Forefront Client Security”.

11. On the Software updates general page, type a name for the software update deployment and click next.
clip_image044

12. On the deployment template, click create new (unless you already have a deployment template you wish to use – then you can skip this step).
clip_image046

13. On the collection page, choose the collection where you wish to deploy forefront and click next.
clip_image048

14. On the Display/Time Settings, choose Suppress display notifications on client, client local time and set the deadline to 1 hour. Then click next.
clip_image050

15. On the Restart settings page, check the suppress restart on servers and workstation and click next.
clip_image052

16. Go through the Event Generation and Download Settings (leaving them in default settings) and on the create template, give a new name to the template and click next.
clip_image054

17. On the deployment Package page, name the newly created package and fill out the package source UNC (Specifies the location of the software update source files. When the deployment is generated, the source files are compressed and copied to the distribution points that are associated with the deployment package).
Note: The shared folder for the deployment package source files must be manually created before proceeding to the next page.
clip_image056

18. On the distribution points page, click browse and add your default Distribution point. Then click next.
clip_image058

19. On the download location page, choose from the internet and click next.
clip_image060

20. On the language selection page, select the relevant languages and click next.
clip_image062

21. Move thorugh the schedule, Nap evaluation and summery pages, and click close.
clip_image064

22. Now what we want to do is to add all the updates to the installation package and by that, making sure our clients are installed from the beginning with the most up-to-date version of all the client engines.
Go back to the task sequence you’ve created earlier and edit it. Click add -> General -> Install Software Updates.
clip_image066

23. Type the name for this task, choose mandatory software updates and click ok.
clip_image068
Note: another optional way of adding the updates to the package is downloading the update directly from Microsoft update catalog (http://catalog.update.microsoft.com/v7/site/Search.aspx?q=forefront), packaging them and adding them is an install software task in the task sequence.

Advertising the Task sequence

1. Go back to the SCCM console and right click the task sequence you created and choose advertise.
clip_image070

2. Fill the name and comment for the advertisement and choose the collection where you wish to distribute FCS. Then click next.
clip_image072

3. On the schedule page, select your preferred schedule for deployment. I usually work with “as soon as possible. Then click next.
clip_image074

4. On the distribution point page, select the Access content directly option and click next.
clip_image076

5. Go through the Interaction, Security and summery pages leaving everything in default settings and click close.
clip_image078

That’s it! You’ve deployed FCS using SCCM2007. Congratulations

Fine tuning Microsoft ForeFront Server Security for Exchange

November 14, 2010 2 comments

ForeFront is Microsoft s security solution for MicrosoftExchange 2007. Installing ForeFront is less than half the battle however. Afteryou get Forefront installed, you ve got to fine tune its settings for MicrosoftExchange 2007. Brien Posey shows how to fine tune ForeFront Server Sercurityfor Exchange.

After the install

After that you have installed ForeFront, it’s time tofinish configuring and fine tuning it. You can access the administrativeconsole by selecting the ForeFront Server Security Administrator command fromthe Start | All Programs | Microsoft ForeFront Server Security | ExchangeServer menu. Upon doing so, you will see a prompt asking you which server youwant to connect to. The current server is selected by default, so just clickOK.

Click OK to skip the message regarding ForeFront’sevaluation period, and you be taken into the administrative console, shown in FigureA.

 

Figure A

This is the default view of the ForeFront Server Security Administratorconsole.

Configuring Scanning Engine Bias

Lesson number one when it comes to configuring ForeFrontis that having multiple scanning engines at your disposal isn’t always what itseems. When I walked you through the initial setup, I showed you how you couldconfigure ForeFront to use up to five different scanning engines. In a way thisis deceptive though, because depending on how ForeFront’s Bias settings areconfigured, ForeFront may not use all of those scanning engines simultaneously,which kind of defeats the whole purpose of using ForeFront.

To configure the Bias settings, click the Settings buttonin the column on the left, and then click the Antivirus button, found withinthe Settings section. When you do, you will see the screen shown in Figure B.

 

Figure B

The Antivirus screen allows you to configure ForeFront’s Bias settings.

If you look at the bottom of this screen, the first thingthat you will probably notice is the File Scanners section. As you can see inthe figure, the File Scanners section lists the various scanning engines thatare available. The scanning engines that you chose during the initial setupprocess are selected by default, but if you want to switch scanning engines forsome reason, you can do that by deselecting the scanning engine that you wantto remove, and selecting a new scanning engine.

Now, take a look at the Bias drop down list. You willnotice that the Bias setting is configured to favor certainty. This means thatby default, ForeFront will use its various scanning engines in a way that willbe likely to catch most, if not all of the viruses that come into your ExchangeServer.

Although this probably sounds as though ForeFront isconfigured to use all of the scanning engines to catch viruses, that’s notwhat’s actually happening. Microsoft’s documentation for ForeFront indicatesthat the Favor Certainty Bias setting causes ForeFront to fluctuate betweenusing half of the scanning engines and using all of them.

Before I move on, I want to quickly address the notion ofusing half of the scanning engines. When I talk about the other available Biassettings, you will find that several of them use half of the scanning engines.By default though, ForeFront is designed to use five different scanningengines. Since ForeFront can’t use two and a half scanning engines, itconsiders half of the scanning engines to be three. Of course that assumes thatyou have configured ForeFront to use all five available scanning engines. Ifyou have chosen less than five scanning engines, then half of them will be lessthan three. The table below lists what ForeFront considers to be half of thescanning engines in various situations:

Number of Scanning Engines Half of the Scanning Engines
5 3
4 2
3 2
2 1
1 1

Now that you know what ForeFront means by ‘half of thescanning engines’, here are the various Bias settings that you can choose from,and what those settings mean:

Bias Setting Meaning
Maximum Performance ForeFront will only use one scanning engine at a time.
Favor Performance ForeFront will fluctuate between using one scanning engine, and half of your scanning engines.
Neutral ForeFront will scan each message with half of the scanning engines.
Favor Certainty ForeFront will fluctuate between using half of the scanning engines and all of them.
Maximum Certainty ForeFront will scan all messages using all of the scanning engines.

As you can see, there is a tradeoff between certainty andperformance. Each scanning engine has some impact on system performance. Themore scanning engines you use at a time, the bigger that impact. ForeFront isdesigned to use its scanning engines as efficiently as possible. Items arestamped once they have been scanned. This helps to improve performance byeliminating redundant scanning. Even so, you may want to experiment withdifferent bias settings in order to find the best balance between performanceand accuracy.

One last thing that I want to show you before I move onis the Action section at the bottom of the screen. You can use the settingsfound in this section to control what happens when an infected message isdetected. By default, the message is cleaned and quarantined, but you have theoption of changing this behavior. As you can see in the figure, you have theoption of enabling or disabling quarantines and notifications by selecting ordeselecting the appropriate check boxes. The Actions drop down list gives youthe option of skipping the infection (detecting it only), cleaning andrepairing the infected file, or deleting the infected attachment. The choice isyours.

Controlling What Gets Scanned

The next thing that I want to show you is how you cancontrol exactly what it is that ForeFront scans. To do so, click on theSettings button on the right, and then click on the Scan Job button. When youdo, you will see the screen that is shown in Figure C.

 

Figure C

The Scan Job section allows you to control what is scanned for viruses.

If you look at the top portion of this screen, you willsee a listing for Transport Scan Job. This scan job is created by default, andis responsible for scanning messages as they move through the transportpipeline. Keep in mind that in my lab I have installed ForeFront onto an edgetransport server. According to my research though, ForeFront creates the samejob on hub transport servers.

In pretty much every Microsoft management utility that Ican think of, you are able to right click on the items listed within theconsole, choose the Properties command from the resulting shortcut menu, andthen edit the listing’s properties on the resulting properties sheet. TheForeFront Server Security Administrator is different though. The job or jobsthat are listed are not clickable. If you want to control what is beingscanned, then you must simply select the job and then select the appropriatecheck boxes within the Transport Messages section below.

As the names of the check boxes imply, selecting theInbound check box causes SMTP messages from the Internet to be scanned as theyenter your Exchange Server organization. Inbound messages are by far the mostimportant messages to scan.

Outbound messages are messages that your users send torecipients outside of your Exchange Server organization. It is usually a goodidea to scan outbound messages. You never know when a user in your organizationmight contract an e-mail virus, and you would not want that user to be able tospread that virus to your customers or suppliers.

The third scanning option is Internal. If you select thisoption, then messages sent between users within your Exchange Serverorganization will be automatically scanned for viruses. I have read casestudies in which some companies disable internal scanning for performancereasons. The logic is that if inbound and outbound messages are being scanned,then there is no reason why any of the internal messages should ever beinfected. Furthermore, workstation level antivirus software that’s integrated intoOutlook should be able to stop any infections from being spread internally.

In a way, I can see the logic in this point of view, andI do not disagree with the idea that disabling internal scanning can help toimprove the server’s performance. Personally though, I think that if ForeFrontoffers you the chance to scan messages flowing across the internal transportpipeline, then you should take advantage of that capability. Sure, you can relyon client level antivirus software to detect viruses as they are accessedthrough Outlook, but taking this approach does not allow you to use multiplescanning engines to scan internal messages.

Another reason why I think that you should enableinternal scanning is that if you disable internal scanning, then there is thepotential for infected messages to make it into user’s inboxes. Yes, clientlevel antivirus software can disinfect the messages as users open them throughOutlook, but do you really want to have viruses present within your informationstore database? Besides, what happens if a user uses OWA to open an infectedattachment instead of using Outlook?

The good news is that Inbound, Outbound, and Internalmessage scanning is enabled by default. If you do decide to make a changethough, keep in mind that the change will not take effect until you click theSave button located in the lower, right hand corner of the console screen.

One last thing that is worth pointing out on this screenis the Deletion Text and Tag Text buttons. The Deletion Text button allows youto control the contents of the notification that a user receives ifnotifications are enabled and an infected attachment is deleted. By default,the user receives a short message containing the name of the infected file andthe name of the virus that was detected.

The Tag Text button allows you to add a tag line to amessage’s subject line if ForeFront suspects that the message might be spam. Idon’t really want to get into ForeFront’s spam filtering capabilities sincethey initially mirror those that are built into Exchange 2007. If you want touse ForeFront to filter spam though, you can access those capabilities byclicking the Filtering button, as shown in Figure D.

 

Figure D

You can use ForeFront to control spam filtering.

Performing Exchange Server Maintenance

One last issue that I want to discuss is that ofperforming Exchange Server maintenance. Periodically, you will probably want toinstall service packs or hot fixes for Exchange. If you are using an automaticupdate mechanism, such as Windows Server Update Service (WSUS), then you won’tusually have to worry about what I am about to show you. If you typicallyperform manual updates though, then this is important.

To install an update for Exchange Server once ForeFronthas been installed, you must begin by stopping all of the Exchange Serverrelated services. After doing so, you must temporarily disable ForeFront. Theeasiest way of accomplishing this is to open a Command Prompt window, andnavigating to the folder in which ForeFront is installed. You must then use theFSCUtility command with the /disable switch to disable ForeFront. Assuming thatForeFront is installed in the default location, the actual commands that youwould use are:

C:

CD\Program Files (x86)\Microsoft ForeFrontSecurity\Exchange Serer

FSCUtility /disable

Once you have executed these commands, you can apply yourExchange Server update. When the update process is complete, you can re-enableForeFront by entering the following commands:

FSCUtility /enable

EXIT

Keep in mind that you may still have to restart thevarious Exchange Server services.

One thing that you might have noticed about the first setof commands that I showed you is that the default installation path forForeFront is \Program Files (x86)\Microsoft ForeFront Security\Exchange Server.This installation path indicated that the server is running a 64-bit version ofWindows, but a 32-bit version of ForeFront. The reason for this is that Iinstalled ForeFront onto my lab server directly from the Exchange 2007installation DVD. Microsoft does offer a 64-bit version of ForeFront, which youshould be using for real world deployments.

“Microsoft Forefront Security for Exchange Server with Service Pack 1”

November 14, 2010 2 comments
Microsoft has release a new version of ForeFront Security for Exchange (FSE) which supports the new Release of Exchange Server 2007 Service Pack 1. so this new release will work with Exchange Server 2007 SP1 Environment. Also this release supports the new Windows Server 2008 Operation System which will be released hopefully first Quarter of 2008, as I far i know.

The new release of ForeFront Security for Exchange SP1 (FSE) includes also new enhancements for content filtering and manageability. These enhancements include:

  • Seamless support for organizations running IPv6.
  • Improved content filtering with installable keyword lists that can be used to eliminate email containing profanity in eleven supported languages.
  • Improved integration with Microsoft System Center Operations Manager through new management packs that allow administrators to proactively monitor the state of their Exchange 2007 protection.
  • Increased flexibility for scanning or blocking high compression zip files and RAR archives.

Some tips for Installation and Upgrade to the new ForeFront Security for Exchange Server 2007 SP1:

  • Forefront Security for Exchange users who are running Exchange 2007 RTM and wish to upgrade to Exchange 2007 SP1 must first upgrade to Forefront Security for Exchange SP1.
  • If you upgraded ForeFront Security for Exchange to the new SP1 Release then you must stop all ForeFront services before upgrading Exchange Server 2007 to SP1 “Don’t Forget That”.

Now go and Download New Release of “Microsoft Forefront Security for Exchange Server with Service Pack 1”

Categories: ForeFront Family

This is your first post

November 14, 2010 2 comments