Default mailbox database scanning mode
Applies to: Forefront Protection for Exchange
By default, when FPE is installed on a Mailbox server:
It will not scan messages when they are submitted to the mailbox database.
It will scan previously unscanned messages upon first access.
This level of protection ensures that messages submitted to the mailbox database are scanned if they are accessed before they are scanned at the Hub Transport or Edge Transport servers.
You can also configure scheduled scans to scan messages based on certain criteria, such as message age. For example, you can configure FPE to run a scheduled scan at off-peak hours and to scan only messages received in the past two days. We recommend that if you run a scheduled scan, you scan at least the last two days of received e-mail messages. The number of days to scan is configurable through the Scan only messages received within the last setting in the Scheduled Scan Settings section of the Antimalware - Mailbox Scheduled pane. For information about configuring this setting, see Configuring the scheduled scan.
Benefit: Scheduled scanning enables you to scan messages in your mailbox database with the latest malware definitions in a timely manner. Scanning with the latest definitions is important during a malware outbreak so that you can re-scan messages that may have been received before definition updates for the malware were available.