Forefront Security for SharePoint Evaluation Guide Overview


Applies to: Forefront Security for SharePoint

Topic Last Modified: 2008-02-20

Microsoft Forefront Security for SharePoint provides comprehensive protection against viruses and inappropriate content for Microsoft Office SharePoint Server and Windows SharePoint Services environments. Forefront Security for SharePoint does this by integrating multiple antivirus scan engines from industry-leading vendors to help ensure that the latest threats can’t find their way into document libraries, whether they are internal collaboration sites or extranet deployments. Forefront Security for SharePoint also provides critical controls to help prevent the sharing of inappropriate language, out-of-policy content, or confidential company information.

Protecting collaboration servers is a unique, yet increasingly critical, security challenge. Malicious code, inappropriate content, and confidential information can find their way onto SharePoint servers through uploaded documents, HTML pages, and mapped network drives. Most standard file server antivirus products, however, can’t adequately scan the SQL databases of SharePoint document libraries without risking damage to the software, the database, or the SharePoint environment.

Forefront Security for SharePoint gives you the simple, easy-to-manage solution for protecting SharePoint document libraries. It also offers keyword and file filtering features lacking in standard file server antivirus products. This enables you to scan the content of documents and ensure that the files support company policies before they are shared on SharePoint servers.

Forefront Security for SharePoint contributes the following key benefits:

  • Integrates multiple anti-virus engines for comprehensive protection. Forefront Security for SharePoint maximizes threat protection by enabling you to run up to five scan engines at once from industry-leading antivirus labs around the world. It also automatically downloads the latest signatures and optimizes the use of engines based on administrator settings, thereby shrinking the window of exposure to any given threat.
  • Blocks inappropriate content. Forefront Security for SharePoint scans for administrator-defined keywords within most Microsoft Office documents (including Open XML and Information Rights Management (IRM)-protected documents), that help enforce compliance with corporate policy for language usage and confidentiality.
  • Filters documents. Forefront for SharePoint has configurable file filtering rules that help you eliminate file types that can often carry viruses (for example, .exe files) or open organizations to legal exposure (for example, MP3 files).

  • Optimizes performance and control with features like in-memory and multithreaded scanning, performance bias settings, and the ability to avoid redundant scanning. This means you get the benefits of multiple engine scanning while making smart use of available processing time and server capability. With performance settings, you can balance your desired level of security and server performance.
  • Supports 32- and 64-bit servers.
  • SharePoint VSAPI Integration: Real-time scanning is performed using Microsoft Virus Scanning API 1.4 to help ensure that documents are safe before they are saved to, or retrieved from, the SQL document library.

  • Centralizes control. The Microsoft Forefront Server Security Management Console provides central configuration, deployment, and updating for all Forefront server security products in environments that have multiple SharePoint servers. This console enables you to easily manage servers remotely, generate comprehensive reports, and get outbreak alerts from across the infrastructure.
  • Offers one-stop, automated updates. Through its Rapid Update Process, Microsoft monitors all scan-engine vendor Web sites for updates. It then downloads and validates new engine versions and signatures as they become available, and posts them for Forefront Security for SharePoint to automatically download and install. You will need no IT involvement to keep all the engines and signatures up to date.
  • Integrates with System Center Operations Manager. A management pack for Microsoft System Center Operations Manager enables you to monitor the health of Forefront Security for SharePoint severs as part of your corporate operational management practices.

This guide lays out the steps you will take to enlist the antivirus protection of Forefront Security for SharePoint for your SharePoint environment.

First, this guide assumes that you:

  • Have successfully installed the product. For detailed installation instructions, consult “Installing Forefront Security for SharePoint” in the Forefront Security for SharePoint User Guide.
  • Know how to log on to the Forefront Server Security Administrator Console and to the SharePoint Central Administration Console.

Then, to investigate how Forefront Security for SharePoint can protect your environment, complete the steps in each chapter, starting with Chapter 1 and ending with Chapter 7. (Please note that this is not an exhaustive review of product features, but a focus on key areas of functionality.) Use the checklist of steps below to mark your progress as you configure the system.


Check Steps Description

Install Forefront Security for SharePoint

For detailed installation instructions, see “Installing Forefront Security for SharePoint” in the Forefront Security for SharePoint User Guide.


Chapter 1: Configuring the SharePoint Scan Job

Configure both real-time and manual scan jobs.


Chapter 2: Selecting and Configuring Antivirus Scan Engines

Specify how Forefront Security for SharePoint will control engines by specifying engine bias and the action you want a scan engine to take when it detects a virus.


Chapter 3: Configuring Scan Engine Updates

Setting the update schedule and frequency for each engine to enable each scan engine to update automatically.


Chapter 4: Configuring File and Keyword Filters

Set parameters to detect, block, or delete specific files, file types, and files with keywords you specify.


Chapter 5: Configuring Event Notifications

Configure notifications for administrators and users that report the details of a virus infection or the results of filtering.


Chapter 6: Using the Incidents Log

Learn how to view, sort, filter, and export data from the Incidents Log.


Chapter 7: Using the Quarantine Database

Learn how to view, sort, and filter quarantined data.