Services

 

Applies to: Forefront Protection for Exchange

The Microsoft Forefront Protection 2010 for Exchange Server (FPE) services are the components that run on the Exchange server and control all back-end functionality of FPE.

About services

The following sections describe the services used by FPE.

Microsoft Forefront Server Protection Controller service

The Microsoft Forefront Server Protection Controller service acts as the server component that FPE connects to for monitoring. This service coordinates all realtime, scheduled, transport, and on-demand scanning activities.

Note

The startup type defaults to manual. If you change the startup type to anything other than manual, FPE may not scan properly.

After being installed, the Microsoft Forefront Server Protection Controller service becomes a dependency of the Microsoft Forefront Server Protection Registration service. Due to other dependencies, whenever the Microsoft Exchange Information Store service is started or stopped, the same occurs with the Microsoft Forefront Server Protection Controller service. The Task Scheduler service must be operating properly in order for the Microsoft Forefront Server Protection Controller service to initialize.

Important

For a mailbox-only server role, if the Microsoft Forefront Server Protection Controller service or the Microsoft Forefront Server Protection Monitor service is stopped, mail continues to flow but is not scanned for malware. For all other server roles, you must also stop the Exchange services (by selecting Yes when the Stop Other Services prompt appears).

Microsoft Forefront Server Protection Monitor service

The Microsoft Forefront Server Protection Monitor service monitors the Exchange Information Store and Transport stack in order to ensure that FPE provides continuous protection of your messaging environment.

Note

The Microsoft Forefront Server Protection Monitor service must run under the Local System account. If it is changed to run under a different account, FPE may not start.

Microsoft Forefront Server Protection ADO/EWS Navigator service

The Microsoft Forefront Server Protection ADO/EWS Navigator service connects with Exchange Web Services (EWS) or ActiveX Data Objects (ADO) in order to retrieve content to scan. It is always in a stopped state unless you are using the Forefront Protection 2010 for Exchange Server Administrator Console in order to browse mailboxes in Active Directory Domain Services or if there is an on-demand scan in progress.

Microsoft Forefront Server Protection Registration Service

The Microsoft Forefront Server Protection Registration service registers the Forefront Transport agent in order to ensure that messages are scanned by the FSCTransportScanner process. The Microsoft Forefront Server Protection Registration service becomes a dependency on the Microsoft Exchange Transport service. This service normally only runs for a brief time (less than a minute) when FPE initializes. It then shuts down and does not need to be running for transport scanning to occur.

Microsoft Forefront Server Protection Mail Pickup Service

The Microsoft Forefront Server Protection Mail Pickup service delivers messages generated by FPE, such as notifications, for mail delivery. It also handles the delivery of messages from quarantine. If this service is disabled, no notifications are generated, and items cannot be delivered from quarantine.

Microsoft Forefront Server Protection Eventing Service

The Microsoft Forefront Server Protection Eventing service processes FPE events, including incidents logging, quarantine logging, and notifications.

Microsoft Forefront Server Protection VSS Writer Service

The Microsoft Forefront Server Protection VSS Writer Service provides added functionality for backing up and restoring FPE through the Volume Shadow Copy Service (VSS) framework.

The Microsoft Forefront Server Protection VSS Writer Service is installed automatically. It must be running when the VSS application requests a backup or restore. To configure the service, use the Microsoft Windows Services applet. The service installs on all operating systems but is only required on server systems.

When running, FPE locks and has exclusive access to the data files. When the Microsoft Forefront Server Protection VSS Writer Service is not running, backup programs running on Windows do not have access to the data files, and backups must be performed using regular FPE backup and restore procedures. For more information, see Backing up and restoring.

Use the Microsoft Forefront Server Protection VSS Writer Service to permit Windows backup programs to copy FPE data files while FPE is running.

Important

Before using the VSS Writer Service restore functionality, stop all Microsoft Forefront Server Protection services, and then restart the Microsoft Forefront Server Protection VSS Writer Service.

About VSS

The VSS is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. The VSS provides a consistent interface that allows coordination between user applications that update data on disk (writers) and those that back up applications (requestors).

The VSS captures and copies stable images for backups on running systems, particularly servers, without unduly degrading the performance and stability of the services they provide. For more information on the VSS, see your Windows documentation.

Required permissions

The Microsoft Forefront Server Protection VSS Writer Service must run under the Local System account.

Features

The Microsoft Forefront Server Protection VSS Writer Service supports:

  • Full backup and restore of configuration settings, all quarantined items, and malware, spam, and filtering incidents

  • Online backups

The Microsoft Forefront Server Protection VSS Writer Service does not support:

  • Restoring to another location

  • Online restores

  • Differential backup and restores