Background scanning and on-access scanning
Â
Applies to: Forefront Security for Exchange Server
The Microsoft® Exchange Virus Scanning API (VSAPI) provides the ability to perform background scanning of all files in the information store and on-access scanning of files as they are accessed. These features enhance the functionality of Forefront Security for Exchange Server by ensuring that files are scanned using the latest engine updates and scanning configuration.
Scheduled background scanning
Scheduled background scanning is recommended as a way to periodically scan a selected set of messages with the latest engine updates and scanning configurations. The scope of the Background Scan Job is determined by the options selected in the "Background Scanning" section of General Options (see Forefront Server Security Administrator). By default, background scanning is set to scan all messages received within the last two days. To activate background scanning, a Background Scan Job must be scheduled.
Here is how to schedule background scanning.
To schedule background scanning
Click OPERATE in the Shuttle Navigator, and then click Schedule Job.
At the top of the Schedule Job work pane, select the Background Scan Job.
Use the calendar in the Date section to set the date when the Background Scan Job will activate. The red circle indicates today's date. The date you set is highlighted in blue.
Set the run time using the Time edit field to the right of the calendar.
Indicate the Frequency of the scheduled job: run it Daily, Weekly, Monthly, or only Once (the default).
If the job is disabled, click Enable to enable it.
Click Save.
Here is how to enable background scanning.
To enable background scanning
Open the General Options work pane and select Enable Background Scan if "Scan on scanner update" Enabled. This causes FSE to initiate a background scan every time a scan engine is updated.
Enable the Realtime Scan Job for the storage groups that you want to have scanned by the Background Scanner. For more information see Realtime Scan Job.
Here is how to stop or disable background scanning.
To stop or disable background scanning
In the Shuttle Navigator, click REPORT, and then click Schedule Job.
At the top of the Schedule Job work pane, select the Background Scan Job.
On the Schedule Job work pane, click the Stop button.
Note
After a Background scan has been stopped, it will restart after the next signature update if the General Options settings Scan on Scanner Update and Enable Background scan if 'Scan on scanner update' enabled are selected. If you do not want the Background scan to start after the next signature update, you can disable the scheduled scan in two ways:
Clear the General Options settings Scan on Scanner Update and Enable Background scan if 'Scan on scanner update' enabled, or
Click the Disable button on the Schedule Job work pane.
On-access scanning
By default, Exchange 2007 On-access scanning ensures that all files being accessed have been scanned at least once by Forefront Security for Exchange Server.
Heightened security on-access scanning
Heightened security on-access scanning may be activated to ensure that all files being accessed are scanned if the antivirus engines have been updated since the file was originally stored.
On-access scanning is controlled by the Scan on Scanner Update General Option setting, which causes previously scanned files to be re-scanned when accessed following a scanner update. Enable the Realtime Scan Job for the storage groups you would like scanned by the background scanner.
Important
For more information about the Scan on Scanner Update General Option setting, including recommendations for when it should not be set and its impact on proactive scanning, see its description in the "Scanning Section" of Forefront Server Security Administrator.
Reporting incidents
Incidents detected by background scanning and on-access scanning are reported in the Realtime columns in the Incidents pane of the REPORT section of the Shuttle Navigator.