Trend ScanMail configuration: SkipWildcardSearchInGC registry value is set to 0

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2009-09-15

The Microsoft® Exchange Server Analyzer Tool queries the Win32_Service Microsoft Windows® Management Instrumentation (WMI) class to determine value of the Started key for the Trend Micro ScanMail for Microsoft Exchange ScanMail_Action service. A value of True indicates the ScanMail_Action service is running, and a value of False indicates it is not running.

The Exchange Server Analyzer also reads the following registry entry to determine if ScanMail for Microsoft Exchange is configured for wildcard character searches against the Active Directory® directory service:

HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\CurrentVersion\SkipWildcardSearchInGC

A value of 1 for the SkipWildcardSearchInGC registry entry indicates wildcard searches are disabled. A value of 0 for the SkipWildcardSearchInGC entry indicates that wildcard searches are enabled.

In addition, the Exchange Server Analyzer also queries Active Directory to determine the count of the entries listed in the homeMDBBL attribute of each mailbox store. The count of this attribute represents the number of mailboxes on the mailbox store.

If the Exchange Server Analyzer determines that the ScanMail_Action service is running, that the Exchange server contains more than 100 mailboxes, and that the SkipWildcardSearchInGC registry entry is set to 0, a warning is displayed.

Trend Micro ScanMail for Microsoft Exchange provides antivirus protection for Exchange Server. Setting the SkipWildcardSearchInGC value to 1 prevents ScanMail for Microsoft Exchange from resolving a name with a wildcard character (*) in it. Querying a name with a wildcard character can significantly slow down the Exchange Server computer's performance because ScanMail for Exchange ends up checking the entire directory. In addition, the following performance counters will be high if the recommendations in this article are not implemented:

• MSExchangeIS/Virus Scan Queue Length

• MSExchangeIS/RPC Requests

• MSExchangeIS/RPC Averaged Latency

For more information about fortifying an Exchange environment against e-mail transmitted viruses and worms, see "Slowing and Stopping E-Mail Viruses in an Exchange Server 2003 Environment" (https://go.microsoft.com/fwlink/?LinkId=47587).

For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:

• 328841, "XADM: Exchange and Antivirus Software" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)

• 823166, "Overview of Exchange Server 2003 and antivirus software" at (https://go.microsoft.com/fwlink/?linkid=3052&kbid=823166)

• 306105, "XGEN: Microsoft's Position on Antivirus Solutions for Exchange 2000" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)

• 245822, "Recommendations for troubleshooting an Exchange computer with antivirus software installed" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)

For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Server Partners: Antivirus Web site (https://go.microsoft.com/fwlink/?LinkId=16226).