Chapter 3: Configuring Scan Engine Updates

  • Article

 

Applies to: Forefront Security for SharePoint

Keeping your scan engines up-to-date is critical in the fight against viruses. The antivirus engines provided within Forefront Security for SharePoint work 24 hours a day to provide virus detection signatures in a timely fashion. If you do not update your engines frequently, you lose the benefit of their efforts.

When you install Forefront Security for SharePoint, it automatically downloads engine updates for each scan engine. But because the engine scheduler is disabled by default, you need to set the update schedules for each engine. After Forefront Security for SharePoint downloads a scan engine update, it is immediately available for use. We recommend that you schedule updates and do a manual update before scanning with an engine that you have not used before.

Note

For more information about configuring scan engine updates, refer to “SharePoint File Scanner Updating” in the Forefront Security for SharePoint User Guide.

In this chapter

Scheduling and configuring scan engine updates

To schedule and configure scan engine updates

Guidelines for scheduling updates

To update scan engines manually

To perform updates at startup

To disable scan engine updates

Notes for configuring scan engine updates

Scheduling and configuring scan engine updates

It is important to note that you must individually enable and set the update schedule and frequency for each engine. During file scanner updates, only the engine being updated is taken offline; the other engines continue to scan for viruses.

To schedule and configure scan engine updates

  1. Under SETTINGS, click Scanner Updates.
    34204040-b5a4-4576-8944-76e3cf28f1c3

  2. Select the name of the engine whose update you are configuring.
    Make sure it is Enabled. If it is not, click Enable at screen right.

  3. To set the primary path to downloading updates, click Primary and type a path name in the Network Update Path box.
    You can change the default path to point to another HTTP update site, or if you prefer to use Universal Naming Convention (UNC) updating, type the UNC path to another SharePoint server.

    Note

    To restore the default server path, right-click in the Network Update Path box, and select Default HTTP Path from the list.

  4. To set the secondary update path, click Secondary and type a path name into the Network Update Path box.
    If the primary path fails for any reason, Forefront Security for SharePoint uses the secondary path you specify. (It is blank by default.) You can set the secondary update path as you did for the primary update path.

  5. Specify the first Date and Time that you want Forefront Security for SharePoint to check for updates following the Guidelines for scheduling updates below.

  6. To specify the frequency of updates, choose a Frequency and check the Repeat every box following the Guidelines for scheduling updates below.

  7. Click Save.
    To configure and schedule the update of another scan engine, return to Step 2.

Guidelines for scheduling updates

Even if you are not using a particular engine, set it for regular updates so that if you ever need to enable it, the signature files will be current.

Set the update schedule for each engine based on how often it releases signatures. Some virus labs release regular signatures more often than others (although all labs respond to major outbreaks with more frequent updates). For example, the Kaspersky lab releases a new update nearly every hour, so set the update for that engine accordingly. To find information on average update times for individual engines, go to www.avtest.org. As a general rule, we recommend that you schedule checking for updates at least once an hour to lower the risk of a new threat to your network.

Setting time. Avoid bandwidth contention when scheduling updates for multiple engines:

  • Stagger the updates in five-minute intervals. (This is also the default.)
  • Use a time that does not end in 0 or 5 (for example, at 1:05 or 11:30), because this is a popularly used convention. Instead pick a time such as 4:03 or 19:42.

Scheduling frequency. Your options are:

  • Once: Updates only once, on the date and time you specify.
  • Daily: Updates every day at the time intervals you specify.
  • Weekly: Updates every week on the same day at the time interval you specify.
  • Monthly: Updates every month on the same day at the time interval you specify.

For example, if you choose a Repeat of 1 hour on a weekly schedule (a Tuesday, say), the system will check for updates every hour every Tuesday. If you do not check Repeat, Forefront Security for SharePoint will only check for updates once on the day you choose.

To update scan engines manually

Follow this step when you enable a new scan engine or for quick checks between regularly scheduled updates. If an update exists, Forefront Security for SharePoint will download it and start using it immediately.

  • Under SETTINGS, click Scanner Updates, and then click Update Now.

To perform updates at startup

Performing updates at startup ensures that if any server running Forefront Security for SharePoint is inoperative for a period of time, the program will immediately begin to download new scan engines when it starts up.

  1. Under SETTINGS, click General Options.
  2. In the Scanner Updates section, check Perform Updates at Startup.
  3. Click Save.

To disable scan engine updates

If you disable a scanning engine, you are actually disabling the updating of that engine, not its use. This means that the engine will continue to scan, but its signature files will not be kept current.

  1. Under SETTINGS, click General Options.
  2. Select the name of the engine whose update you want to disable, and click Disable.

Notes for configuring scan engine updates

Using a proxy server

When Forefront Security for SharePoint will access the Internet through a proxy server, you must specify the proxy server settings. To do this:

  1. Under SETTINGS, click General Options.
  2. In the Scanner Updates section, check Use Proxy Settings and fill in the proxy server information in the boxes below.
  3. Click Save.

Scheduling updates on multiple servers

If you have more than one server running Forefront Security for SharePoint, consider using a distributed update mechanism. The most common method of distributing updates is to have one server (the hub) receive updates from the Microsoft HTTP server and then share those updates among the rest of the servers (the spokes) in your environment. This saves on Internet bandwidth and can make the process of updating quicker and more efficient.

You can do this in several ways that include using Microsoft Forefront Server Security Management Console. For information, see “Distributing Updates” in the “SharePoint File Scanner Updating” chapter of the Forefront Security for SharePoint User Guide.