Upgrading FPSP and migrating FSSP data

Article
07/23/2014

Applies to: Forefront Protection 2010 for SharePoint

If you have the release candidate (RC) version of Forefront Protection 2010 for SharePoint (FPSP) installed and you want to maintain your RC data when you upgrade to the general availability release of FPSP, you can run the FPSP installation program without uninstalling the RC version of the product. By doing this, the original program files and data directories are preserved during the installation. When performing an upgrade in this manner, follow the steps described in Installing on a standalone server by using the Setup Wizard; however, the Installation Folders, Proxy Information, Microsoft Update, and Customer Experience Improvement Program pages will not appear, so you can skip these steps.

If you are not concerned about data retention, it is recommended that you uninstall the RC version of the product, delete the old FPSP data folder, and then perform a fresh installation of FPSP.

Tip

For managing FPSP on multiple SharePoint servers, such as in an enterprise, Microsoft recommends the Microsoft Forefront Protection Server Management Console (FPSMC). You can download FPSMC from the Microsoft Download Center at the following location: Microsoft Forefront Protection Server Management Console (FPSMC) 2010. Documentation for FPSMC can be found in the TechNet library at Forefront Protection Server Management Console. Otherwise, you can install and configure FPSP on a single SharePoint server, and then export and import these configuration settings to additional SharePoint servers (keeping in mind that each FPSP installation must be performed individually on that server first). For more information, see Exporting and importing configuration settings.

Automatic upgrades from Forefront Security for SharePoint Version 10 (FSSP) to FPSP are not supported. The following topic provides guidance for manually migrating your FSSP installations to FPSP.

Migrating from Forefront Security for SharePoint Version 10

This topic will help guide you through the process of manually migrating data from Forefront Security for SharePoint Version 10, as well as mapping configuration settings from the prior version of the product to their current location in the Forefront Protection 2010 for SharePoint Administrator Console (FPSP Administrator Console) user interface. This topic outlines the following items with the goal of making the migration process easier:

Data values that can be preserved and transferred. For more information, see Saving your data files, registry keys, and filter lists.
Data values that you should record before uninstalling Version 10 and then installing FPSP. For more information, see Recording important settings.
Mapping configuration settings from the earlier version of the product to their current location in the FPSP Administrator Console. For more information, see General Options settings and Monitoring and configuration settings after migration.

Saving your data files, registry keys, and filter lists

Before you upgrade to FPSP it is a good idea to save the data files, registry keys, and filter lists from your FSSP installation in case you want to roll-back to that version for any reason. Filter lists can also be imported into FPSP so that you do not have to re-create them after you install FPSP.

The FSSP data files include the following:

Incidents.mdb—The incidents database information.
Quarantine.mdb—The quarantine database information.

Note

The FSSP incidents and quarantine data files cannot be used in FPSP. Therefore the data in these files will not be available through the FPSP Administrator Console.

To back up the various FSSP data files, back up the following folder. Be sure to include all files and subfolders in the folders:

drive:\Program Files\Microsoft Forefront Security\SharePoint\Data

The FSSP registry keys can be found in the following location:

HkeyLocalMachine\Software\Wow6432Node\Microsoft\Forefront Server Security

You should copy all of the keys in this location in case you want to roll back to FSSP for any reason.

Preserving filter lists created in FSSP

If you created filter lists in FSSP, you can export the lists to a text file and then import them into FPSP. You cannot export filter sets from FSSP because they are contained in an .fdb file that will not work in FPSP. If you have filters that are not contained in filter lists, you may want to create lists for the filters so that they can be exported for use in FPSP.

Exporting your filter lists

You can export data from a filter list into an external text file. You cannot select individual items to be exported; you must export the filter list in its entirety.

To export items from a filter list

In the Forefront Server Security Administrator console, select Filter Lists in the Filtering section of the menu.
Select the filter list type from which you are exporting data.
Select a list in the List Names area.
Click Edit, and then in the Edit Filter List pane, click Export.
In the file Explorer window, browse the location where you want to export the text file, specify the file name, and then click Save.

The items in the filter list are exported into the file. The items appear on a single line, separated by commas.

Importing items into filter lists

For information about how to import items into FPSP filter lists, see Importing items into a filter list.

Recording important settings

Before uninstalling FSSP, it is a good idea to record the settings for any configuration that you have changed from the default settings. This enables you to configure those settings in FPSP in the same way. There are also some configuration defaults that have changed from FSSP to FPSP.

You should record the following settings:

Deletion text
Tag text
Notification text (including subject line and message body)
Critical Notification List—Now named Critical error and located on the Configuration - Notifications pane in the Monitoring view of the administrator console.
Realtime Process Count—Now named Process count and located on the Antimalware - Realtime pane in the Policy Management view of the administrator console.

General Options settings

The following sections show the Forefront Security for SharePoint Version 10 General Options settings and their current location in Forefront Protection 2010 for SharePoint (FPSP).

Diagnostics section

This table lists the settings in the Diagnostics section of General Options and its accompanying setting in FPSP.

FSSP Setting FPSP Setting

FSSP Setting	FPSP Setting
Additional Manual Additional Realtime	These settings are no longer available in the user interface. Use the `Set-FsspTracing -level` Windows PowerShell command from the Forefront Management Shell instead. For information on using PowerShell in FPSP, see the topic Using Windows PowerShell.

Additional Manual

Additional Realtime

These settings are no longer available in the user interface. Use the Set-FsspTracing -level Windows PowerShell command from the Forefront Management Shell instead. For information on using PowerShell in FPSP, see the topic Using Windows PowerShell.

Logging section

For the settings in the Logging section of General Options, in FPSP you can use the Logging Options settings on the Global Settings - Advanced Options pane (located under the Policy Management view). In FPSP, event logging options are more granular than they were in previous product versions. For the Max Program Log Size setting, use the Set-FsspTracing -MaxLogSize Windows PowerShell command; this setting is no longer available in the user interface.

Scanner Updates section

This table lists the settings in the Scanner Updates section of General Options and its accompanying setting in FPSP. Aside from Send Update Notification, these settings are now available on the Global Settings - Engine Options pane (located under the Policy Management view).

FSSP Setting	FPSP Setting
Redistribution Server	Use the Enable as an update redistribution server setting.
Perform Updates at Startup	Use the Update engines on server startup setting.
Send Update Notification	Use the Engine updated, Engine update failed, and Engine update not available event notifications on the Configuration – Notifications pane (located under the Monitoring view).
Use Proxy Settings	Use the Enable proxy server setting.
Use UNC Credentials	Use the Enable UNC setting.
Proxy Server Name/IP Address	Use the Proxy server setting.
Proxy Port	Use the Port setting.
Proxy Username	Click the Edit Proxy Server Credentials button and specify the User name in the Edit Proxy Server dialog box.
Proxy Password	Click the Edit Proxy Server Credentials button and specify the Password in the Edit Proxy Server dialog box.
UNC Username	Click the Edit UNC Credentials button and specify the User name in the Edit UNC Credentials dialog box.
UNC Password	Click the Edit UNC Credentials button and specify the Password in the Edit UNC Credentials dialog box.

Scanning section

This table lists the settings in the Scanning section of General Options and its accompanying setting in FPSP.

FSSP Setting	FPSP Setting
Block/Delete Corrupted Compressed Files	Use the Delete corrupted compressed files setting in the Deletion criteria section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Block/Delete Corrupted Uuencode Files	Use the Delete corrupted UUEncoded files setting in the Deletion criteria section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Block/Delete Encrypted Compressed Files	Use the Delete encrypted compressed files setting in the Deletion criteria section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Treat ZIP archives containing highly-compressed Files as corrupted compressed	Use the Treat high compression .zip file as a corrupted compressed file setting in the Specialty file type settings section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Treat multipart RAR archives as corrupted compressed	Use the Treat multi-part .rar archive as a corrupted compressed file setting in the Specialty file type settings section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Treat concatenated gzips as corrupted compressed	This setting is no longer applicable.
Scan Doc Files As Containers - Manual	Use the Scan doc files as containers setting in the Scheduled scan section on the –Global Settings – Scan Options pane (located under the Policy Management view).
Scan Doc Files As Containers - Realtime	Use the Scan doc files as containers setting in the Realtime scan section on the Global Settings – Scan Options pane (located under the Policy Management view).
Case Sensitive Keyword Filtering	Use the Enable case-sensitive keyword filtering setting on the Filters – Filter Options pane (located under the Policy Management view).
Scan on Scanner Update	Use the Scan after engine update setting in the Realtime scan section on the Global Settings – Scan Options pane (located under the Policy Management view).
Forefront Manual Priority	Use the Set Priority setting in the Scheduled scan section on the Global Settings – Scan Options pane (located under the Policy Management view). Note To set the priority for the on-demand scan, use the `Set-FsspOnDemandScan -Priority` Windows PowerShell command.
Max Container File Infections	Use the Maximum container file infections setting in the Threshold levels section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Max Container File Size	Use the Maximum container file size (megabytes) setting in the Threshold levels section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Max Nested Attachments	Use the Maximum nested attachments setting in the Threshold levels section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Max Nested Compressed Files	Use the Maximum nested depth compressed files setting in the Threshold levels section on the Global Settings - Advanced Options pane (located under the Policy Management view).
Max Container Scan Time (msec) - Realtime	Use the Maximum container scan time (seconds) setting in the –Realtime scan section of the Global Settings – Scan Options pane (located under the Policy Management view).
Max Container Scan Time (msec) - Manual	Use the Maximum container scan time (seconds) setting in the Scheduled scan section on the Global Settings – Scan Options pane (located under the Policy Management view). Note To set the maximum container scan time (in seconds) for the on-demand scan, use the `Set-FsspOnDemandScan -MaxContainerScanTime` Windows PowerShell command.

Monitoring and Configuration settings after migration

Because there is no direct upgrade path from FSSP to FPSP, some data will be lost and many settings will have to be manually configured after the FPSP installation is complete. This section provides information about the main monitoring and configuration areas in the FPSP Administrator Console to help you understand and complete your migration as quickly and easily as possible.

Incidents and quarantine—All incident and quarantine data and all statistical data will be lost when you upgrade, because FPSP uses a new storage method for this information. For more information about incidents and quarantine in FPSP, see Viewing and managing incidents and Viewing and managing quarantine.
Notifications—There is no way to preserve your notification settings, so notifications will have to be configured after the FPSP installation is complete. You should, however, record any custom notification text you had configured in FSSP for use in FPSP. Manually saving the text to a Word or text file before migration will be helpful. For more information about notifications FPSP, see Configuring e-mail notifications.
Antimalware settings:
- Realtime Scan Job
  
  This scan job is now called the Antimalware - Realtime scan.
  
  Antispyware is enabled by default and the action is set to Delete.
  
  The engine bias setting has the same default as FSSP, but the names for the various settings have changed. These settings are now located in the Engines and Performance section of the FPSP Administrator Console.
  
  Deletion text is now named Malware Deletion Text. It includes spyware deletion text.
- Manual Scan Job
  
  This scan job is now combined into the Antimalware - Scheduled and Task Library - On-Demand scans.
  
  The scheduled scan is typically used to periodically scan the entire document library of your SharePoint environment, whereas the on-demand scan is typically used to scan specific sites that are suspected of being compromised by malware.
Note

By default, all 5 engines are chosen for each scan job. We recommend that you leave the default settings in place. For more information about antimalware scanning in FPSP, see Configuring malware scanning.
Individual filter entries—There are no individual filter entries in FPSP. All filters are created as entries in filter lists. Filter lists can be exported from FSSP and imported into FPSP. For details, see Preserving filter lists created in FSSP. The filter lists must be configured for each scan job manually. For more information about creating and managing filter lists in FPSP, see Configuring filtering.
File filter lists—FPSP has a wizard for creating file filter lists that provides three options for name and/or type selection. The Filter files of specific types by inspecting the file header option is the equivalent of a * file filter, with types selected. For more information about creating file filter lists in FPSP, see Creating a file filter list.
Filter Options—File filter deletion text is now located in the Filter Options section of the FPSP Administrator Console.
Global Settings—Many settings that were configured in the General Options section of the administrator console in FSSP are configured in the Global Settings section of the FPSP Administrator Console. A mapping of most settings in FSSP to their counterparts (where relevant) in FPSP is provided in General Options settings.
Engine options—By default, the Intelligent Engine Management in FPSP is set to Automatic. The default engine update schedule is same as in FSSP, which is once per hour.

In order to change the schedules, FPSP requires the user to change the Intelligent Engine Management selection to Manual. This setting is configured in the Advanced Options pane of the Global Settings area of the administrator console. Once you are in Manual mode, you can configure the various engine options, including selecting the engines for specific scan jobs and changing the default settings for engine and definition updates.

UNC authentication and proxy server settings are configured in the Global Settings - Engine Options section of the administrator console. These settings apply to all scan engines.

For more information about configuring engine update options in FPSP, see Configuring engine and definition updates.