General Options, accessed from the SETTINGS shuttle, provides access to a variety of system-level settings for Forefront Security for SharePoint, eliminating the need to directly access the registry to change them.
Although there are many options that can be controlled through the General Options panel, each of them has a default (enabled, disabled, or a value), which is probably the correct one for your enterprise. It is rare that any of these settings would need to be changed. However, several of the settings were entered during installation and you might need to change one of them from time to time.
The General Options work pane is divided into several sections: Diagnostics, Logging, Scanner Updates, and Scanning.
Diagnostics
| Additional Manual | Logs every file scanned by the manual scanner. |
| Additional Realtime | Logs every file scanned by the realtime scanner. |
| Notify on Startup | Indicates that FSSP should send a notification to all the e mail addresses listed in the Virus Administrators list (Realtime Scan, Email) whenever the Realtime Scan Job starts. Only SMTP addresses may be used. (For more information about setting up notifications to Administrators, see Event Notifications.) |
Logging
| Enable Event Log | Enables the logging of FSSP events to the event log. Enabled by default. |
| Enable Performance Monitor and Statistics | Enables the logging of FSSP performance statistics in Performance Monitor. Enabled by default. |
| Enable Forefront Program Log | Enables the FSSP program log (ProgramLog.txt). Enabled by default. |
| Enable Forefront Virus Log | Enables the FSSP virus log (VirusLog.txt). Disabled by default. |
| Max Program Log Size | Specifies the maximum size of the program log. Expressed in kilobytes (KB). The minimum size is 512 KB. A value of 0 (the default) indicates that there is no limit to the maximum size. |
For more information about the log files and Performance Monitor, see SharePoint reporting and statistics.
Scanner updates
| Redistribution Server | Indicates that a server will be the central hub to distribute scanner updates to other servers. (For more information, see Distributing Updates.) |
| Perform Updates at Startup | Indicates that engines should be automatically updated every time FSSP is started. |
| Send Update Notification | Sends a notification to the Virus Administrator each time a scan engine is updated. (For more information about setting up notifications to Administrators, see Event Notifications.) |
| Use Proxy Settings | Indicates that proxy settings are to be used. (For more information, see Updating Through a Proxy.) |
| Use UNC Credentials | Indicates that UNC credentials are needed. (For more information, see Distributing Updates.) |
| Proxy Server Name/IP Address | Indicates the name or IP address of the proxy server. Required, if using proxy settings. |
| Proxy Port | Indicates the port number that Forefront Security for SharePoint should use. Required, if using proxy settings. The default is port 80. |
| Proxy Username | Indicates the name of a user with access rights to the proxy server, if necessary. Optional field. |
| Proxy Password | Indicates the appropriate password for the proxy user name, if necessary. Optional field. |
| UNC Username | Indicates the name of a user with access rights to the UNC path, if necessary. Optional field. |
| UNC Password | Indicates the appropriate password for the UNC user name, if necessary. Optional field. |
For more information about updating the scan engines, see SharePoint file scanner updating.
Scanning
| Block/Delete Corrupted Compressed Files | Indicates if compressed files that are corrupted will be deleted or blocked, depending on the Action settings for the Realtime and Manual Scan Jobs. They are reported as a CorruptedCompressedFile virus. Enabled by default. |
| Block/Delete Corrupted Uuencode Files | Indicates if UUENCODE files that are corrupted will be deleted or blocked, depending on the Action settings for the Realtime and Manual Scan Jobs. They are reported as a CorruptedCompressedUuencodeFile virus. Enabled by default. |
| Block/Delete Encrypted Compressed Files | Indicates if encrypted compressed files will be deleted or blocked, depending on the Action settings for the Realtime and Manual Scan Jobs. (Encrypted files cannot be scanned by AV scan engines.) They are reported as an EncryptedCompressedFile virus. |
| Treat ZIP Archives containing highly-compressed files as Corrupted Compressed | Specifies whether ZIP archives containing highly-compressed files are reported as corrupted compressed. If the archive is reported as corrupted compressed, and if the option to Block/Delete corrupted compressed files is enabled, the archive is deleted. If Block/Delete corrupted compressed files is not enabled, the files in the ZIP archive are passed to the virus engines to be scanned, in their compressed form. The ZIP archive itself is also passed to the virus engines. If scanned and no threat is found, the message will be delivered. If a threat can be cleaned, the message will be delivered. If a threat can not be cleaned, the message will be deleted. If the file is compressed with an unknown algorithm, it is always treated as corrupted compressed, regardless of the setting of this option. This option is enabled by default (that is, ZIP archives containing highly-compressed files are treated as corrupted compressed). |
| Treat Multipart RAR Archives as Corrupted Compressed | A file within a RAR archive can be compressed across multiple files or parts (hence “multipart”), thereby enabling very large files to be broken into smaller-sized files for ease of file transfer. This option specifies whether RAR archives containing such parts are reported as corrupted compressed. Disabling this option enables you to receive such files. However, in this case a virus may escape detection if it is split across multiple volumes. Therefore, this setting is enabled by default. If the archive is reported as corrupted compressed, and if the option to Block/Delete corrupted compressed files is enabled, the archive is deleted. If Block/Delete corrupted compressed files is not enabled, only the RAR archive as a whole is passed to the virus engines to be scanned. If no threat is found when the archive is scanned, the message will be delivered. If a threat is found and can be cleaned, the message will be delivered. If a threat is found and cannot be cleaned, the message will be deleted. Enabled by default. Note If you are using multipart RAR to compress files that exceed 100MB when uncompressed, you should be aware of the registry value MaxUncompressedFileSize. For more information, see SharePoint registry keys. |
| Treat concatenated gzips as corrupted compressed | Multiple Gnu zip (gzip) files can be concatenated into a single file. Although FSE recognizes concatenated gzips, it may not recognize individual files split across concatenated gzips. Therefore, FSE treats concatenated gzips as corrupted compressed by default. In combination with the Block/Delete Corrupted Compressed Files option, this default behavior prevents all concatenated gzips from passing through, thereby preventing potential infections. Disabling the Treat concatenated gzips as corrupted compressed option enables you to receive concatenated gzips. However, in this case a virus may escape detection. |
| Scan Doc Files As Containers - Manual | Specifies that the Manual Scan Job should scan .doc files and any other files that use structured storage and the OLE embedded data format (for example, .xls, .ppt, or .shs) as container files. This ensures that any embedded files are scanned as potential virus carriers. |
| Scan Doc Files As Containers - Realtime | Specifies that the Realtime Scan Job should scan .doc files and any other files that use structured storage and the OLE embedded data format (for example, .xls, .ppt, or .shs) as container files. This ensures that any embedded files are scanned as potential virus carriers. |
.gif) Note: |
|---|
|
When a Microsoft Office file (PowerPoint®, Access, Excel®, or Word document) is embedded in another Office file, its data is included as part of the original Office file. These are not scanned as individual files. If, however, another file type (such as .exe) is embedded in one of these files that is then embedded in an Office file, it will be detected and scanned as a separate file. (The .exe extension, however, is still visible because the icon is a GIF file that cannot be deleted. If you click the file, the icon is replaced with the correct TXT icon.)
|
| Case Sensitive Keyword Filtering | Specifies that keyword filtering should be case-sensitive. Filtering is not case-sensitive by default. |
| Scan on Scanner Update | Indicates that previously scanned files should be re-scanned when accessed following a scanner update. |
| Forefront Manual Priority | Specifies the priority of manual scans: Normal (the default), Below Normal, or Low. This lets more important jobs take precedence over manual scans when demands on server resources are high. |
| Note: |
|---|
|
When the Manual Scan Priority is set to Low, the Manual Scan Job may not stop immediately when you click STOP in the Run Job work pane.
|
| Max Container File Infections | Specifies the maximum number of infections allowed in a compressed file. If this is exceeded, the entire file is deleted and FSSP sends a notification stating that an ExceedinglyInfected virus was found. A value of zero means that there is no limit on the number of infections that can be detected. The default value is 5 infections. |
| Max Container File Size | Specifies the maximum container file size (in bytes) that FSSP will attempt to clean or repair in the event that it discovers an infected file. The default is 26 MB (26,214,400 bytes). Files larger than the maximum size are deleted if they are infected or meet File Filter rules. Forefront Security for SharePoint will report these deleted files as LargeInfectedContainerFile virus. |
| Max Nested Attachments | Specifies the limit for the maximum nested documents that can appear in MSG, TNEF, MIME, and UUENCODE documents. The limit will include the sum of the nestings of all of these types. If the maximum number is exceeded, FSSP will block or delete the document and report that an ExceedinglyInfected virus was found. The default is 30. |
| Max Nested Compressed Files | Specifies the maximum nested depth for a compressed file. If this is exceeded, the entire file is deleted and FSSP sends a notification stating that an ExceedinglyNested virus was found. A value of zero represents that an infinite amount of nestings is allowed. The default is 5. |
| Max Container Scan Time - Realtime | Specifies the number of milliseconds (msec) that FSSP will scan a compressed attachment before reporting it as a ScanTimeExceeded virus in real-time scans. Intended to prevent denial of service risk from zip of death attacks. The default value is 600,000 msec (ten minutes). |
| Max Container Scan Time – Manual | Specifies the number of milliseconds that FSSP will scan a compressed attachment before reporting it as a ScanTimeExceeded virus in manual scans. Intended to prevent denial of service risk from zip of death attacks. The default value is 600,000 msec (ten minutes). |