Maximizing scan engine performance
Topic Last Modified: 2011-03-30
Microsoft Forefront Protection 2010 for SharePoint provides you with the ability to employ multiple scan engines (up to five) to detect and perform actions upon malware in your Microsoft SharePoint environment. To maximize engine performance, you can customize the number of scan engines used for each scan. You have the option of selecting one or more scan engines for a scan as well as configuring the performance settings for the engines. Using a redistribution server to distribute scheduled updates also enhances server performance.
Multiple engines provide extra protection so you can draw upon the expertise of various malware labs to keep your environments malware-free. Malware may slip past one engine, but it is unlikely to get past three or more.
Using multiple engines also permits a variety of scanning methods to be used to protect your environment. FPSP integrates scan engines that use heuristic scanning methods with engines that use definitions to provide comprehensive malware protection. For more information about individual scan engines, visit each engine vendor's Web site. Links are provided at Microsoft Help and Support.
It is easy to configure multiple scan engines. For the best balance of protection and performance, it is recommended to retain the default setting of using all available engines. FPSP automatically updates and uses all configured engines based on the default Engines and performance setting of scanning with all available engines.
However, if you so choose, you can manually disable one or more scan engines for each scan job (realtime, scheduled, and on-demand). For more information about how to do this, see Selecting the scan engines used for each scan.
After selecting the number of engines you want to use for a scan job, you can then use the Engines and performance setting for each scan job to further fine tune your antimalware scanning configuration to best fit the needs of your organization. For more information about this setting and how it can affect how multiple scan engines are used, see Configuring the number of scan engines used for each scan.
These configuration settings enable the FPSP Multiple Engine Manager (MEM) to properly control the selected engines during a scan. MEM uses the engine results to decide the likelihood that a particular message or file contains malware. If any of the engines used in a scan detect malware, FPSP considers the item infected and implements the configured antimalware action (for details, see Configuring the action when malware is detected).
There are two approaches to engine updates and each affects overall server performance.
Engine updates can be made by downloading the engine updates directly from the Microsoft HTTP server to a receiving server. However, your server’s bandwidth may be compromised, which affects performance.
Universal Naming Convention (UNC) updating using a redistribution server running FPSP to distribute engine and definition updates can maximize server bandwidth because it reduces the number of servers accessing the Internet for updates. By leveraging UNC updating, servers can be easily updated without access to the Internet. This means that you do not have to open a port to the Internet for all the Web front end servers that otherwise do not need access.
Using UNC updating increases overall server performance because only the redistribution server connects to the HTTP server. Other FPSP servers can then download the engine and definition updates from the redistribution server. This approach is preferred as it allows the other servers in the network to perform at full potential.
By default, on a redistribution server, FPSP will save the two most recent engine update packages instead of the usual single engine package. FPSP also downloads the full update package rather than performing an incremental update. The multiple engine packages enable the receiving servers to continue pulling updates from the redistribution server while a new update is being downloaded.
|You can manage engine and definition updates on multiple Forefront Protection 2010 for SharePoint servers by using the Microsoft Forefront Protection Server Management Console (FPSMC). You can download FPSMC from the Microsoft Download Center at the following location: Microsoft Forefront Protection Server Management Console (FPSMC) 2010. Documentation that covers engine and definition updates with FPSMC can be found in the TechNet library at Signature Redistribution Jobs.|