Chapter 2: Configuring Scan Engine Updates
Applies to: Forefront Security for Office Communications Server
Keeping your scan engines up to date is critical in the fight against viruses. The antivirus engine providers work 24 hours a day to provide the most up-to-date virus detection signatures for their engines. If you do not update them frequently, you risk vulnerability to the most recent threats.
When you install Forefront Security for Office Communications Server, it automatically downloads engine updates for each scan engine. While engine updates are enabled by default, you will most likely want to adjust the update schedule to accommodate your network. Forefront Security for Office Communications Server will then automatically download scan engines directly through the update site or from another instance of Forefront Security for Office Communications Server running in your environment. After downloading, the engines are immediately available for protection.
Note
For more options and information about configuring scan engine updates, refer to the File scanner updating section in the Forefront Security for Office Communications Server User Guide.
In this chapter
- Configuring an update
- To configure and schedule updates for scan engines
- Guidelines for scheduling updates
- To perform an immediate update of a selected scan engine
- To perform updates at startup
- To update file scanners through a proxy server
- Scheduling updates on multiple servers
Configuring an update
You can individually configure and set the update schedule and frequency for each engine. We recommend that you schedule updates for all engines, even those you do not plan to use. That way, if you find you need to use that engine in the future, it will already have the most current update.
To configure and schedule updates for scan engines
To configure and schedule updates for scan engines:
Under SETTINGS, click Scanner Updates.
Select the name of the scan engine whose update you’re scheduling.
Make sure it is Enabled. If it is not, click Enable at screen right.
.gif "b5337b83-d490-4614-8b7c-59751698c0d5")
To set the primary path for downloading updates, click Primary, and type the path name of the update site in the Network Update Path box.
You can change the default path (shown below) to point to any other HTTP update site. If you prefer to use Universal Naming Convention (UNC) updating, type the UNC path to another Forefront Security for Office Communications Server. That server will download the updates and distribute them to all the other servers.
.gif "638e034b-4611-4219-b5fa-80436b950502")
Note
To restore the default server path, right-click the Network Update Path field, and then click Default HTTP Path.
To set the secondary update path, click Secondary, and type the path name in the Network Update Path box.
If the primary path fails for any reason, Forefront Security for Office Communications Server will use the secondary path you specify. You can set the secondary update path as you did for the primary path.
Specify the first Date and Time that you want Forefront Security for Office Communications Server to check for updates following the Guidelines for scheduling updates below.
The current date is circled in red; a selected date turns blue.
Note
Do not use the Windows® scheduler to set or change scan engine updating times—they will not be reflected in Forefront Security for Office Communications Server update scheduling.
To specify the frequency of updates, choose a Frequency and check the Repeat every box following the Guidelines for scheduling updates below.
Click Save.
To configure and schedule the update of another scan engine, return to Step 2.
You can control when the scan engines update, how often, and the update source.
Guidelines for scheduling updates
Even if you are not using a particular engine, it’s a good idea to set it for regular updates so that if you ever need to enable it, the signature files will be current.
Set the update schedule for each engine based on how often it releases signatures. Some virus labs release regular signatures more often than others (although all labs respond to major outbreaks with more frequent updates). For example, the Kaspersky lab releases a new update nearly every hour, so set the update for that engine accordingly. As a general rule, we recommend that you schedule checking for updates at least once an hour to lower the risk of new threats.
Note
For information on average update times for individual engines, go to www.avtest.org.
Setting time. Avoid bandwidth contention when scheduling updates for multiple engines:
- Stagger the updates in five-minute intervals (the default).
- Use a time that does not end in 0 or 5 (for example, at 1:05 or 15:30), because this is a popularly used convention. Instead pick a time such as 4:03 or 19:42.
Scheduling frequency. Your options are:
- Once: Updates only once, on the date and time you specify.
- Daily: Updates every day at the time intervals you specify.
- Weekly: Updates every week on the same day at the time interval you specify.
- Monthly: Updates every month on the same day at the time interval you specify.
For example, if you choose a Repeat of one hour on a weekly schedule (on Tuesday, say), the system will check for updates every hour every Tuesday. If you do not check Repeat, Forefront Security for Office Communications Server will check for updates only once on the day you choose.
To perform an immediate update of a selected scan engine
Use this feature when you enable a new scan engine or for quick checks between regularly scheduled updates.
- Under SETTINGS, click Update Now.
If an update exists, Forefront Security for Office Communications Server downloads the scanner engine and signature updates and starts using them for any selected engine as soon as the download is complete.
To perform updates at startup
Performing updates at startup ensures that if any server running Forefront Security for Office Communications Server is inoperative for a period of time, the program will immediately begin to download new scan engines when it starts up again.
To perform updates at startup:
Under SETTINGS, click General Options.
In the Scanner Updates section, check Perform Updates at Startup.
Click Save.
To update file scanners through a proxy server
When Forefront Security for Office Communications Server will access the Internet through a proxy server, you must specify the proxy server settings. To do this:
To update file scanners through a proxy server:
Under SETTINGS at screen left, click General Options.
In the Scanner Updates section, check Use Proxy Settings, and fill in the proxy server information in the boxes below.
Click Save.
Note
After you have configured the proxy server settings, it’s a good idea to perform an immediate update for each scan engine.
Scheduling updates on multiple servers
When scheduling engine updates on multiple servers in your organization, we recommend that you stagger the updates by at least five minutes in order to prevent servers from timing out during the update process. When scheduling updates for multiple engines, it is also helpful to stagger the updates at five-minute intervals.
If you have more than one server running Forefront Security for Office Communications Server, consider having one server (the hub) receive updates from the Microsoft HTTP server and then share those updates among the rest of the servers (the spokes) in your environment. This saves on Internet bandwidth and can make the process of updating quicker and more efficient.
Note
For the details of distributing updates, including how to configure the servers, refer to the File scanner updating section in the Forefront Security for Office Communications Server User Guide.