Administrator Console overview
Applies to: Forefront Protection for Exchange
Topic Last Modified: 2011-01-06
The Forefront Protection 2010 for Exchange Server Administrator Console enables you to easily manage Forefront Protection 2010 for Exchange Server (FPE).
The Forefront Protection 2010 for Exchange Server Administrator Console is designed around three major administrative functions: live monitoring of server protection events, configuring server policy settings, and tools for performing specific tasks as needed. These correspond with the typical administrative workflow: after the initial FPE configuration, you most frequently monitor incidents reported and possibly quarantined by FPE. Less frequently, you adjust policy settings or perform a specific task.
To move between the three main views in the user interface (Monitoring, Policy Management, and Tasks), click the desired button in the lower left corner. The subdivisions within each view appear in an Explorer-like tree above the buttons. A central pane contains the primary screen information, such as configuration settings. This pane is flanked by navigation tools in the left pane and action tools in the right pane.
In the Forefront Protection 2010 for Exchange Server Administrator Console, the Monitoring view provides details about detected threats or filter matches (called incidents), quarantined items, system health, and statistical data. This view is also where you can configure e-mail notifications to keep administrators and other types of users informed about FPE activity.
As an administrator, you can use the Forefront Protection 2010 for Exchange Server Administrator Console user interface to view the current protection events, or incidents. When malware, such as viruses or spyware, is detected, or if a filter is matched, an incident is logged and details about it can be viewed. Incidents can be filtered so that the user interface shows, for example, only those of a particular type or that occurred at a particular time.
The Monitoring view also enables you to see a list of items that have been quarantined. Similar to incidents, the list of quarantined items can be filtered to show only items that match certain criteria. You can also use the user interface to deliver and delete items in quarantine.
You can monitor your FPE environment by viewing statistics reports and health monitors. There are health monitors for scan jobs, services, engines, and licensing. You can also view summary and detail reports about malware and spam detections, and filter matches.
In the Forefront Protection 2010 for Exchange Server Administrator Console, the Policy Management view is primarily used for configuration. You can change the “out-of-the-box” settings to better suit your FPE environment and create customized filters.
The Policy Management settings are grouped by protection technology: Antimalware, Antispam, Filters, and Online Protection. A Global Settings view provides configuration settings that apply across protection technologies.
Antimalware protection consists of antivirus and antispyware protection and both are configured within the Antimalware group. Filtering enables you to restrict or allow content based on file type, file name, file extension, subject line, and other criteria.
Depending on the Exchange server role (Edge, Hub, Mailbox, or combined Hub/Mailbox), FPE contains subgroups within Antimalware and Filters. This enables administrators, for example, to create different antimalware and filtering settings for an Exchange Edge or Hub and the Exchange Mailbox. Note that some protection technologies are available only on a specific role. For example, antispam protection is available when FPE is installed on an Exchange Edge, Hub, or combined Hub/Mailbox role, but not when installed on a Mailbox role.
After installation, antimalware protection begins automatically using predefined settings. Using the Forefront Protection 2010 for Exchange Server Administrator Console, you can adjust the default values, as well as create and enable custom filters. If antispam protection is available and enabled, you can also customize allow and block lists or adjust the Spam Confidence Level (SCL) thresholds for content filtering. You can also use Forefront Online Protection for Exchange (FOPE), an e-mail filtering service, in conjunction with FPE. FOPE protects your messaging environment by filtering incoming e-mail traffic before it enters your mail system. When used, FOPE receives all incoming e-mail traffic, filters it for spam and viruses, applies custom spam filters, and then forwards the e-mail to FPE for additional scanning and delivery.
In addition to continuous protection via the realtime scan, FPE allows for scheduled scanning of stored data. The scheduled scan runs only at a specific time and can be set to run on a recurring basis. The scheduled scan can also be configured differently than the realtime scan. For example, within the Filters view, each filter can be independently enabled for different scan types. In the Global Settings - Scan Options pane, you can specify scanning of different mailboxes and public folders for the scheduled scan than for the realtime scan.
In the Forefront Protection 2010 for Exchange Server Administrator Console, the Tasks view is used for manually launching a one-time job, such as an on-demand scan. This scan is best used during an outbreak to immediately scan just a few specific mailboxes or public folders that you suspect may be compromised by a malware threat or may contain restricted or disallowed content or files.