Forefront Security for SharePoint services


Applies to: Forefront Security for SharePoint

Topic Last Modified: 2007-12-07

The Forefront Security for SharePoint services are the components that run on the SharePoint server and control all back-end functionality of FSSP. The services process requests from the Microsoft Forefront Server Security Administrator, control the scanning processes, generate e-mail notifications, and store virus incident data (which can be viewed using the Forefront Server Security Administrator). An Administrator-only installation does not install the Forefront Security for SharePoint services.

The following sections describe the services used by Forefront Security for SharePoint.

FSCController acts as the server component that Forefront Server Security Administrator connects to for configuration and monitoring. FSCController coordinates all real-time and manual scanning activities. The FSCController startup type defaults to Automatic.

Changing the startup type to anything other than Automatic may cause FSSP to not scan properly.

The Schedule service becomes a dependency of FSCController and must be operating properly for FSCController to initialize.

There is no benefit from starting or stopping FSCController independently of the Microsoft SharePoint services.

FSSPController is the agent responsible for communicating with the SharePoint SQL Server™ databases. This service runs under the account used by the SharePoint Administration service. You will be requested to enter the account information during the install process.

The account used must be a member of the local Administrators group on the server on which SharePoint Portal Server is installed.

The FSSP services can be disabled using the Windows Services Control Manager.

To disable the Forefront Security for SharePoint services
  1. Open the Windows Services Control Manager.

  2. Click Start.

  3. Click Control Panel.

  4. Click Administrative Tools.

  5. Click Services.

  6. Right-click FSSPController.

  7. Select Stop to disable the service.

  8. Click Save.

If the Forefront Security for SharePoint Service is disabled, traffic will continue to flow but will no longer be scanned.

Forefront Security for SharePoint utilizes Distributed COM (DCOM) to launch and authenticate Forefront Server Security Administrator connections. You can build an access list of authorized users who can connect to the FSCController utilizing the Forefront Server Security Administrator.

To build an access list of authorized users
  1. Open a command prompt window.

  2. Type DCOMCNFG and press ENTER. The Component Services dialog box appears.

  3. In the Console Root section, expand Component Services.

  4. Expand Computers.

  5. Expand My Computer.

  6. Expand DCOM Config.

  7. Right-click FSCController from the Applications list, and then select Properties. The FSCController property dialog appears.

  8. Click the Identity tab and configure your user accounts.

  9. Click the Security tab and use the permissions lists to control which user accounts have rights to launch and activate the FSCController, access the FSCController, or change the DCOM configuration.

  10. Click OK to close the Properties dialog.