Windows Server
United States (English) Sign in
Home Windows Server 2012 Windows Server 2008 R2 Windows Server 2003 Library Forums
This topic has not yet been rated - Rate this topic

E-mail Anti-malware Configuration

Updated: March 10, 2009

Forefront Security for Exchange Server is configured with default settings to scan e-mail messages and mailboxes for suspicious attachments and content, with the exception of the settings that are listed in the following table. The table lists the e-mail anti-malware settings that are configured specifically for Windows EBS.

For more information about default settings for Forefront Security for Exchange Server, see the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=128029).

 

Anti-malware Feature Windows EBS Default Setting Description

Scanning
  • Scan Doc Files as Containers–Manual is enabled.

  • Scan Doc Files as Containers–Transport is enabled.

  • Scan Doc Files as Containers–Realtime is enabled.

  • Realtime Process Count is set to 2.

  • Transport Process Count is set to 2.
  • Scanning jobs are configured to scan .doc files (and other files that use structured storage and the OLE embedded data format, such as .xls, .ppt, or .shs) as container files. This ensures that embedded files are scanned as potential virus carriers.

  • The real-time and transport scanning process counts are configured to reduce the demand for system resources by Forefront Security for Exchange Server.

Background scanning

VSAPI Background Scan Job is enabled daily at 4:00 AM

The daily background scan job uses the Microsoft Virus Scanning API (VSAPI) to scan all files in the information store.

Registry keys

The registry keys in the following table are set in the entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server

 

Key Value (dword)

UpdateDllonScannerUpdate

00000000

RealtimeProcessCount

00000002

InternetProcessCount

00000002

EnableBackgroundScanOnScannerUpdate

00000000

ManualScanDoc

00000001

InternetScanDoc

00000001

RealtimeScanDoc

00000001

QuarantineSecurity

00000002

ProxySettingsEnabled

00000001

ProxyPort

00001F90

Virus-scanning engines

The following virus-scanning engines are enabled by default in Forefront Security for Exchange Server in Windows EBS:

  • CA Vet

  • Microsoft Antimalware Engine

  • Norman Virus Control

  • Sophos Virus Detection Engine

To modify the virus-scanning engines that are used by Forefront Security for Exchange Server, see Modify the Virus-Scanning Engines Used by Forefront Security for Exchange Server.

Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft
|
Site Feedback
© 2013 Microsoft. All rights reserved.