Forefront Security for Exchange Server Services

Applies to: Forefront Security for Exchange Server

The Forefront Security for Exchange Server services are the components that run on the Exchange server and control all back-end functionality of FSE. The services process requests from the Microsoft Forefront Server Security Administrator, control the scanning processes, generate e-mail notifications, and store virus incident data (which can be viewed using the Forefront Server Security Administrator). An Administrator-only installation does not install the Forefront Security for Exchange Server services.

About services

The following sections describe the services used by Forefront Security for Exchange server.

FSCController

FSCController acts as the server component that Forefront Server Security Administrator connects to for configuration and monitoring. FSCController coordinates all Realtime, Manual, and Transport scanning activities. The FSCController startup type defaults to manual.

After being installed, the FSCController becomes a dependency on the FSEIMC service. Due to other dependencies, whenever the Microsoft Exchange Information Store service is started or stopped, the same occurs with the FSCController. The Task Scheduler service must be operating properly for the FSCController to initialize.

FSCMonitor

FSCMonitor monitors the Exchange Information Store, Transport stack, and Forefront Security processes to ensure that Forefront Security for Exchange Server provides continuous protection of your messaging environment.

AdoNavSvc

AdoNavSvc is used for browsing the active directory for mailbox names. It will always be in a stopped state unless you are using the Forefront Server Security Administrator to browse mailboxes or public folders in Active Directory or if there is a manual scan or quick scan in progress.

FSEIMC

FSEIMC registers the FSE Agent to ensure that messages are scanned by the FSCTransportScanner process. FSEIMC becomes a dependency on the Microsoft Exchange Transport service on Exchange Server 2007. This service normally only runs for a brief time (less than a minute) when Forefront Security for Exchange Server initializes. It then shuts down and does not need to be running for Transport scanning to take place.

FSEMailPickup

FSEMailPickup delivers messages generated by Forefront Server Security, such as notifications, to Exchange for mail pickup. It also handles the delivery of messages from quarantine. If this service is disabled, no notifications are generated and items cannot be delivered from quarantine.

FSCRealtimeScanner

FSCRealtimeScanner provides immediate scanning of e-mail messages that are sent or received by the mailboxes and public folders resident on the Exchange server.

FSCTransportScanner

FSCTransportScanner ensures that all messages that pass through the Transport stack are scanned prior to delivery.

FSCStatisticsService

The FSCStatisticsService logs scanning statistics for all Forefront Security scan jobs. This information is then available for retrieval by the Microsoft Forefront Security Enterprise Manager.

Disabling the Forefront Security for Exchange Server services

The Forefront Security for Exchange Services can be disabled using the Enable Forefront Security for Exchange Scan option in the General Options work pane.

To disable the Forefront Security for Exchange Server services

1. Open the Forefront Server Security Administrator.

2. In the SETTINGS section of the Shuttle Navigator, click General Options. The General Options work pane opens.

3. In the Enable Forefront Security for Exchange Scan field in the Scanning section, select Disable all.

4. Click Save.

5. Recycle Forefront Security services for the change to take effect. (For more information, see Recycling the Forefront Security for Exchange Server services.)

   The Forefront Security for Exchange Server services can be enabled by following the same procedure and selecting one of the enabling choices. You can enable all the services, or choose between enabling Store scanning and Transport scanning. The choices in the Enable Forefront Security for Exchange Scan field are:

   • Enable Store Scanning (Realtime, Manual)

   • Enable Transport Scanning

   • Enable all

   Note   Forefront Security services must be recycled for the change to take effect.

Recycling the Forefront Security for Exchange Server services

The Service Control Manager is used to recycle the Forefront Security for Exchange Server services.

To recycle the services

1. Stop all Forefront Security for Exchange Server services. (For details, see Disabling the Forefront Security for Exchange Server services.)

2. Wait for all services to complete shutting down.

3. Use Task Manager to make sure that no Forefront Security for Exchange Server processes are still running.

4. Start all Forefront Security for Exchange Server services.

Securing the service from unauthorized use

The Forefront Security for Exchange Service utilizes Distributed COM (DCOM) to launch and authenticate Forefront Server Security Administrator connections. You can build an access list of authorized users who can connect to the FSCController utilizing the Forefront Server Security Administrator.

To build an access list of authorized users

1. Open a Command Prompt window.

2. Type DCOMCNFG and press ENTER. The Component Services dialog box appears.

3. In the Console Root section, expand Component Services.

4. Expand Computers.

5. Expand My Computer.

6. Expand DCOM Config.

7. Right-click FSCController from the Applications list. The FSCController property dialog appears.

8. Click the Identity tab and configure your user accounts.

9. Click the Security tab and use the permissions lists to control which user accounts have rights to launch and activate the FSCController, access the FSCController, or change the DCOM configuration.

10. Click OK to close the Properties dialog.