FSOCS registry keys
Applies to: Forefront Security for Office Communications Server
Warning
Serious problems might occur if you modify the registry incorrectly. These problems could require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. Always make sure that you back up the registry before you modify it and that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see the Microsoft Knowledge Base article Windows registry information for advanced users.
FSOCS stores many settings in the Windows registry. You seldom have to edit the registry yourself, because most of those settings are derived from entries you make in General Options. However, there are some additional settings that you may occasionally need to make. Microsoft Forefront Security for Office Communications Server (FSOCS) stores registry values in the following location on 32-bit systems:
HKLM\SOFTWARE\Microsoft\Forefront Server Security\Office Communications Server
| Variable | Description and values |
|---|---|
AdditionalTypeChecking |
FSOCS performs signature-type checking on files in order to avoid scanning files that can never contain a virus. If it becomes necessary to scan an additional file type, you will need to contact Help and Support in order to obtain the proper setting for the file type you would like to add. This key is set to 0 (off) by default. |
AllowInvalidContent |
Indicates whether FSOCS should allow invalid content. When set to 1, invalid content is allowed. The default value is 0 (invalid content is not allowed). |
DatabasePath |
Specifies the path under which the FSOCS configuration files and Quarantine folder reside. It defaults to the FSOCS installation path (InstalledPath). If this value is changed, the configuration files and the Quarantine folder (along with its contents) must be moved to this new location. If this value is changed and the files are not moved, FSOCS recreates them, and the previous settings are lost. Move the files first and then change this value. |
DisableInboundContentFiltering |
When set to 1, this value disables inbound content filtering for the IM Scan Job. The default value is 0. |
DisableInkAndImageMessages |
Indicates whether ink and image content types are allowed. When set to 1, this value disables ink and image content types. The default value is 0 (that is, the types are enabled). |
DisableOutboundContentFiltering |
When set to 1, this value disables outbound content filtering for the IM Scan Job. The default value is 0. |
DisableUnsupportedContentTypes |
Indicates whether FSOCS should allow unsupported content types. When set to 1, unsupported content types are not allowed. The default value is 0 (that is, unsupported content types are allowed). FSOCS inspects the content-type header of the SIP request to determine if it is a supported type. These are the content types that FSOCS is aware of and knows how to handle:
All other content types are considered unsupported. |
EngineDownloadTimeout |
Specifies the time-out value (in seconds) that FSOCS will allow for scan engine downloads. The default value is 300 (five minutes). |
IMPurge |
Enables or disables purging by the IM scanner. If set to 0, purging is disabled. If set to 1, purging is enabled. The key is set to 1 by default. |
MaxCompressedSize |
This registry key works in conjunction with the Delete Corrupted Compressed Files setting in General Options. In order to delete a file that exceeds the value set in MaxCompressedSize, the Delete Corrupted Compressed Files setting in General Options must be enabled. This key sets the maximum compressed file size that FSOCS attempts to clean or repair in the event that it discovers an infected file. The default is 26 MB. Infected files or filtered files larger than the allowed maximum size are deleted. FSOCS reports a deleted file as having a LargeCompressedInfectedFile virus. |
MaxUncompressedFileSize |
This registry key works in conjunction with the Delete Corrupted Compressed Files setting in General Options. In order to delete a file that exceeds the value set in MaxUncompressedFileSize, the Delete Corrupted Compressed Files setting in General Options must be enabled. This key sets the maximum uncompressed file size for a file within a .zip or a RAR archive file. Files larger than the maximum permitted size are deleted and reported as Large Uncompressed File Size. The default setting is 100 MB. The RAR archive format enables one or more compressed files to be stored in multiple RAR volumes, thereby permitting large files to be broken into smaller-sized files for ease of file transfer. The files stored in the multipart RAR volumes are subject to the size limit specified by this registry value (its default is 100 MB). If a file exceeds the limit, any multipart RAR volume that contains the file or a part of the file is deleted. However, the outcome can vary, depending on the size of the original files and how they are distributed across the multiple RAR volumes. Example 1: A single file (F1) is split across three RAR volumes (V1, V2, V3). Outcome: If the uncompressed size of F1 exceeds the default 100 MB limit, all three RAR volumes (V1, V2, V3) are deleted. Example 2: Four files (F1, F2, F3, F4) are split across three RAR volumes (V1, V2, V3) as follows: V1 contains F1 and the first half of F2. V2 contains the second half of F2 and F3. V3 contains only F4. Outcome: If only F1 exceeds the default 100 MB limit, only V1 is deleted. If only F2 exceeds the default 100 MB limit, V1 and V2 are deleted, but V3 is not. If only F4 exceeds the limit, only V3 is deleted. Note that deleting a volume causes all files stored in the same volume to be deleted, even if only one file or part of a file exceeded the size limit. In both examples, deletion text specifies that a file (the RAR volume) was deleted because it exceeded the maximum uncompressed file size limit. To prevent the volumes from being deleted, you must set the registry value MaxUncompressedFileSize to a value large enough to exceed the uncompressed size of the largest file in the multipart RAR volumes. |
MaxUncompressedSize |
Sets the maximum compressed file size that FSOCS attempts to clean or repair in the event that it discovers an infected file. The default value is 26 MB. Infected files or filtered files larger than the allowed maximum size are deleted. FSOCS reports a deleted file as having a LargeCompressedInfectedFile virus. |
QuarantineTimeout |
Specifies whether items that cause a scan job time-out should be quarantined. If this DWORD registry value is not present, or if it is present and its value is not 0, a message that causes a scan job time-out is quarantined. If the registry value is present and its value is 0, that message is be quarantined. |
ScanAllAttachments |
When this DWORD value is set to 1 (the default), FSOCS scans all file attachments. ScanAllAttachments is a "hidden" key; that is, if it is not present, its value defaults to 1. |
UseDomainsDat |
Specifies whether a text file (called Domains.dat) is used to indicate your internal domains. If the value is 0 (the default), the Internal Address field in General Options is used. If you change the value to 1, you can enter all your internal addresses in a text file called Domains.dat in the DatabasePath directory. You would do this if you have a large number of domains to be used as internal addresses. |
Scanner Update Settings registry keys
These are the keys containing the scanner information that is reported on the Scanner Update Settings pane in the Forefront Server Security Administrator. Although these values should not be modified, you may find them useful for reporting purposes. For 32-bit systems, FSOCS stores these registry values in the following location:
HKLM\SOFTWARE\Microsoft\Forefront Server Security\Office Communications Server\Scan Engines\<enginename>
| Variable | Description |
|---|---|
Engine Version |
Indicates the current version of enginename. |
Last Checked |
Indicates the date and time enginename was last checked. |
Last Updated |
Indicates the date and time enginename was last updated. |
Signature Version |
Indicates the current version of the enginename signature file. |
Update Version |
Indicates the current update version of enginename. |