Forefront Security for SharePoint services

 

Applies to: Forefront Security for SharePoint

The Forefront Security for SharePoint services are the components that run on the SharePoint server and control all back-end functionality of FSSP. The services process requests from the Microsoft Forefront Server Security Administrator, control the scanning processes, generate e-mail notifications, and store virus incident data (which can be viewed using the Forefront Server Security Administrator). An Administrator-only installation does not install the Forefront Security for SharePoint services.

About services

The following sections describe the services used by Forefront Security for SharePoint.

FSCController

FSCController acts as the server component that Forefront Server Security Administrator connects to for configuration and monitoring. FSCController coordinates all real-time and manual scanning activities. The FSCController startup type defaults to Automatic.

Note

Changing the startup type to anything other than Automatic may cause FSSP to not scan properly.

The Schedule service becomes a dependency of FSCController and must be operating properly for FSCController to initialize.

There is no benefit from starting or stopping FSCController independently of the Microsoft SharePoint services.

FSSPController

FSSPController is the agent responsible for communicating with the SharePoint SQL Serverâ„¢ databases. This service runs under the account used by the SharePoint Administration service. You will be requested to enter the account information during the install process.

Note

The account used must be a member of the local Administrators group on the server on which SharePoint Portal Server is installed.

Disabling Forefront Security for SharePoint services

The FSSP services can be disabled using the Windows Services Control Manager.

To disable the Forefront Security for SharePoint services

  1. Open the Windows Services Control Manager.

  2. Click Start.

  3. Click Control Panel.

  4. Click Administrative Tools.

  5. Click Services.

  6. Right-click FSSPController.

  7. Select Stop to disable the service.

  8. Click Save.

Note

If the Forefront Security for SharePoint Service is disabled, traffic will continue to flow but will no longer be scanned.

Securing the service from unauthorized use

Forefront Security for SharePoint utilizes Distributed COM (DCOM) to launch and authenticate Forefront Server Security Administrator connections. You can build an access list of authorized users who can connect to the FSCController utilizing the Forefront Server Security Administrator.

To build an access list of authorized users

  1. Open a command prompt window.

  2. Type DCOMCNFG and press ENTER. The Component Services dialog box appears.

  3. In the Console Root section, expand Component Services.

  4. Expand Computers.

  5. Expand My Computer.

  6. Expand DCOM Config.

  7. Right-click FSCController from the Applications list, and then select Properties. The FSCController property dialog appears.

  8. Click the Identity tab and configure your user accounts.

  9. Click the Security tab and use the permissions lists to control which user accounts have rights to launch and activate the FSCController, access the FSCController, or change the DCOM configuration.

  10. Click OK to close the Properties dialog.