Forefront Security for SharePoint Best Practices - Important settings
Applies to: Forefront Security for SharePoint
You should pay particular attention to these settings:
Send Update Notification |
Any time a server attempts to download and update a scan engine, it is a good idea to send a notification. Although this will generate multiple e-mails each hour from each server, it is a good way of tracking what is going on. If a scan engine fails to update, it is very simple to identify and take the appropriate action. A simple rule can be set up in Outlook to manage the volume of notifications. |
Block/Delete Corrupted Compressed Files |
You should select this option. The document is already corrupted, therefore if it were to be passed to the user, it would be unreadable anyway. |
Block/Delete Corrupted Uuencode Files |
You should select this option. The document is already corrupted, therefore if it were to be passed to the user, it would be unreadable anyway. |
Block/Delete Encrypted Compressed Files |
You should select this option, since encrypted files cannot be scanned by antivirus scan engines. |
Scan Doc Files As Containers - Manual |
You should select this option, since viruses can be embedded into container files (such as .doc, .xls, .ppt, and .shs). You should also enable the equivalent setting for the Realtime scan job. |
Scan on Scanner Update |
During an “outbreak” scenario, it is recommended that you turn this option on, causing files to be scanned each time an engine gets updated. You will achieve the best protection because you are always scanning with the latest signatures. When the outbreak passes, turn it off again, since it can negatively impact system performance. |
Max Container File Size |
It is recommended that you change this value to match your policy concerning the largest allowable container file size (in bytes). If a filter match or a virus is detected, documents larger than this value will automatically be deleted. By default, this setting is 26,214,400 bytes. |