Configuring content delivery for malware inspection
Applies To: Forefront Threat Management Gateway (TMG)
This topic describes how to configure malware inspection content delivery. Because malware inspection may cause some delay in the delivery of content from the server to the client, Forefront TMG enables you to control the user experience while Web content is scanned for malware.
You can select one of the following delivery methods for scanned content:
Trickling—Forefront TMG sends portions of the content to the user as the files are inspected. This process helps prevent the client application from reaching a time-out limit before the entire content is downloaded and inspected. You can select to use standard trickling, fast trickling, or a combination of both.
Progress notification—Forefront TMG sends an HTML page to the client computer, informing the user that the requested content is being inspected, and displaying an indication of the download and inspection progress. After download and inspection of the content are completed, the page informs the user that the content is ready, and displays a button for downloading the content.
Note
When you apply the progress notification delivery method, after a user downloads a file, clicking Back in the browser window may cause the file to display as a page in binary format.
Configuring malware inspection content delivery
In the Forefront TMG Management console, in the tree, click the Web Access Policy node.
On the Tasks tab, click Configure Malware Inspection, and then click the Content Delivery tab.
Under Default Content Delivery Method for Scanned Content, select one of the following:
Standard trickling—Forefront TMG keeps most of the file on the server, but sends small amounts of data to the client application in order to preserve the connection. The entire file is scanned before it is sent to the user.
Note
If you select standard trickling as your default content delivery method, you can configure specific content types to be processed for progress notification, and others for fast trickling.
Fast trickling—Forefront TMG sends the data as fast as possible to the user, but holds back the last part in order to complete the scan before completing the transfer. This method requires more resources from the Forefront TMG server, but also provides a better experience for the user.
Note
If you select fast trickling as your default content delivery method, you can configure certain content types to be processed for progress notification.
To specify content types for which a progress notification is used instead of the selected trickling option, do the following:
Select the Use progress notification instead of the default content delivery method for the selected content types check box.
Click Content Types for Progress Notification, and then, in the Content Types Displaying Progress Notifications Properties window, click the Content Types tab.
In Available types, either type a content type in the box, or select content types to add to the default list, and then click Add. To remove a content type, select it in the Selected types list, and then click Remove.
When you have finished specifying the content types, click OK.
To specify content types that use the fast trickling delivery method, do the following:
Select the Use fast trickling for the selected content types check box.
Click Content Types for Fast Trickling, and then, in the Content Types for Fast Trickling Properties window, click the Content Types tab.
In Available types, either type a content type in the box, or select content types to add to the default list, and then click Add. To remove a content type, select it in the Selected types list, and then click Remove.
When you have finished specifying the content types, click OK.
Click OK, and then on the Apply Changes bar, click Apply.
Related Topics
Concepts
Configuring malware inspection in Forefront TMG secure Web gateway