Chapter 3 - Antigen services overview

  • Article

 

Applies to: Microsoft Antigen

The Antigen services are the components that run on the Microsoft® Exchange Server and control all back-end functionality of Antigen. The services process requests from the Antigen Administrator, control the scanning processes, generate e-mail notifications, and store virus incidents data-to-disk (which can be viewed by using the Antigen Administrator). When an Administrator-Only installation of Antigen is performed, the Antigen Services are not installed.

About services

The following sections describe the services used by Antigen for Exchange.

AntigenService service

The AntigenService service acts as the server component that the Antigen Administrator connects to for configuration and monitoring. AntigenService coordinates all Realtime, Manual, and SMTP scanning activities. The AntigenService startup type defaults to Manual and should not be changed. After being installed, the AntigenService becomes a dependency on the AntigenStore and AntigenIMC services. Due to other dependencies, whenever the Exchange Information Store service is started or stopped, the same action will occur with AntigenService. The Task Scheduler service becomes a dependency of AntigenService and must be operating properly in order for AntigenService to initialize.

There is no benefit from starting or stopping AntigenService independently of the Exchange services.

On Exchange 2000/2003, AntigenService runs under the Local System account.

Important

If the AntigenService or AntigenMonitor is disabled, e-mail will continue to be processed without being scanned for viruses or spam.

AntigenMonitor service

The AntigenMonitor service monitors the Exchange Information Store, the SMTP stack, and Antigen processes to ensure that Antigen provides continuous protection for your messaging environment.

Note

The AntigenMonitor must run under the Local System account on Exchange 2000/2003. If it is changed to run under a different account, Antigen might not start.

AntigenStore service

The AntigenStore service ensures that Antigen initializes properly with the Information Store. AntigenStore becomes a dependency on the Microsoft Information Store. AntigenStore starts and stops with the Information Store.

AntigenIMC service

The AntigenIMC service connects to the SMTP stack to ensure that messages are scanned by the AntigenInternet process. AntigenIMC becomes a dependency on the Exchange SMTP service on Exchange 2000/2003.

AntigenRealtime service

The AntigenRealtime service provides immediate scanning of e-mail that is sent or received by the Mailboxes and Public Folders resident on the Exchange server.

AntigenInternet service

The AntigenInternet service ensures that all messages that pass through the Exchange SMTP stack are scanned prior to delivery.

AntigenStatisticsService service

The AntigenStatisticsService service logs scanning statistics for all Antigen scan jobs. This information is then available for retrieval by the Microsoft Antigen Enterprise Manager.

AntigenStoreEvent service

The AntigenStoreEvent service handles Junk Mail when the ASM Junk Mail folders are enabled.

Disabling the Antigen scan jobs

The Antigen scan jobs can be disabled by using the Enable Antigen for Exchange Scan option in the General Options pane. This selection box provides the following options:

  • Disable All
  • Enable Store Scanning
  • Enable Internet Scanning
  • Enable All

To disable scanning, select Disable All and then click Save. The Antigen services must be recycled for the change to take effect.

Recycling the Antigen services

The Services Control Manager is used to recycle the Antigen services.

To recycle the services

  1. Stop all Antigen services. (For details, see Disabling the Antigen services.)

  2. Wait for all services to finish shutting down.

  3. Use the Task manager to make sure that no Antigen processes are still running.

  4. Start all Antigen services.

Warning

While the Antigen services are unavailable, e-mail will continue to be processed, but will not be scanned for viruses or spam.

Securing the service from unauthorized use

The AntigenService utilizes Distributed COM (DCOM) to launch and authenticate Antigen Administrator connections. You can build an access list of authorized users who can connect to the AntigenService by using the Antigen Administrator.

To build an access list of authorized users

  1. Open a Command Prompt window.

  2. Type DCOMCNFG, and then press ENTER. The Component Services dialog box appears.

  3. In the Console Root section, expand Component Services.

  4. Expand Computers.

  5. Expand My Computer.

  6. Expand DCOM Config.

  7. Right-click AntigenService, and then select Properties. The AntigenServices Properties dialog box opens.

  8. Click the Identity tab, and then configure your user accounts.

  9. Click the Security tab, and then use the permissions lists to control which user accounts have rights to launch the AntigenService, access the AntigenService, or change the DCOM configuration.

  10. Click OK to exit the AntigenServices Properties dialog box.

Chapter 2 - Installing Microsoft Antigen for Exchange

Chapter 4 - Using the Antigen Administrator