Services
Applies to: Forefront Protection for Exchange
The Microsoft Forefront Protection 2010 for Exchange Server (FPE) services are the components that run on the Exchange server and control all back-end functionality of FPE.
The following sections describe the services used by FPE.
The Microsoft Forefront Server Protection Controller service acts as the server component that FPE connects to for monitoring. This service coordinates all realtime, scheduled, transport, and on-demand scanning activities.
Note
The startup type defaults to manual. If you change the startup type to anything other than manual, FPE may not scan properly.
After being installed, the Microsoft Forefront Server Protection Controller service becomes a dependency of the Microsoft Forefront Server Protection Registration service. Due to other dependencies, whenever the Microsoft Exchange Information Store service is started or stopped, the same occurs with the Microsoft Forefront Server Protection Controller service. The Task Scheduler service must be operating properly in order for the Microsoft Forefront Server Protection Controller service to initialize.
Important
For a mailbox-only server role, if the Microsoft Forefront Server Protection Controller service or the Microsoft Forefront Server Protection Monitor service is stopped, mail continues to flow but is not scanned for malware. For all other server roles, you must also stop the Exchange services (by selecting Yes when the Stop Other Services prompt appears).
The Microsoft Forefront Server Protection Monitor service monitors the Exchange Information Store and Transport stack in order to ensure that FPE provides continuous protection of your messaging environment.
Note
The Microsoft Forefront Server Protection Monitor service must run under the Local System account. If it is changed to run under a different account, FPE may not start.
The Microsoft Forefront Server Protection ADO/EWS Navigator service connects with Exchange Web Services (EWS) or ActiveX Data Objects (ADO) in order to retrieve content to scan. It is always in a stopped state unless you are using the Forefront Protection 2010 for Exchange Server Administrator Console in order to browse mailboxes in Active Directory Domain Services or if there is an on-demand scan in progress.
The Microsoft Forefront Server Protection Registration service registers the Forefront Transport agent in order to ensure that messages are scanned by the FSCTransportScanner process. The Microsoft Forefront Server Protection Registration service becomes a dependency on the Microsoft Exchange Transport service. This service normally only runs for a brief time (less than a minute) when FPE initializes. It then shuts down and does not need to be running for transport scanning to occur.
The Microsoft Forefront Server Protection Mail Pickup service delivers messages generated by FPE, such as notifications, for mail delivery. It also handles the delivery of messages from quarantine. If this service is disabled, no notifications are generated, and items cannot be delivered from quarantine.
The Microsoft Forefront Server Protection Eventing service processes FPE events, including incidents logging, quarantine logging, and notifications.
The Microsoft Forefront Server Protection VSS Writer Service provides added functionality for backing up and restoring FPE through the Volume Shadow Copy Service (VSS) framework.
The Microsoft Forefront Server Protection VSS Writer Service is installed automatically. It must be running when the VSS application requests a backup or restore. To configure the service, use the Microsoft Windows Services applet. The service installs on all operating systems but is only required on server systems.
When running, FPE locks and has exclusive access to the data files. When the Microsoft Forefront Server Protection VSS Writer Service is not running, backup programs running on Windows do not have access to the data files, and backups must be performed using regular FPE backup and restore procedures. For more information, see Backing up and restoring.
Use the Microsoft Forefront Server Protection VSS Writer Service to permit Windows backup programs to copy FPE data files while FPE is running.
Important
Before using the VSS Writer Service restore functionality, stop all Microsoft Forefront Server Protection services, and then restart the Microsoft Forefront Server Protection VSS Writer Service.
The VSS is a set of COM APIs that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. The VSS provides a consistent interface that allows coordination between user applications that update data on disk (writers) and those that back up applications (requestors).
The VSS captures and copies stable images for backups on running systems, particularly servers, without unduly degrading the performance and stability of the services they provide. For more information on the VSS, see your Windows documentation.
The Microsoft Forefront Server Protection VSS Writer Service must run under the Local System account.
The Microsoft Forefront Server Protection VSS Writer Service supports:
Full backup and restore of configuration settings, all quarantined items, and malware, spam, and filtering incidents
Online backups
The Microsoft Forefront Server Protection VSS Writer Service does not support:
Restoring to another location
Online restores
Differential backup and restores