Forefront Security for Exchange Server Best Practices - Store scanning
Applies to: Forefront Security for Exchange Server
The following sections show, in table format, the effects that the various options have on Store Scanning.
Store scanning When Using Default Settings
The following table describes the default Store Scanning used by Forefront Security for Exchange Server. This is the behavior you will see if no default settings are changed.
| Normal Mode (defaults) | ||
|---|---|---|
| On submission to store (Proactive scan) | Do not scan | |
| On first access, if mail is newer than the On Access Cutoff value* | Scan only if never scanned before | |
| On first access, if mail is older than the On Access Cutoff value* | Do not scan | |
| On subsequent access | Do not scan | |
| During Background Scan | Always scan | |
| During manual scan | Always scan | |
Note
The items marked with an asterisk (*) have to do with the On Access Cutoff value. For more information about this value, see Exchange 2007 mailbox server on-access scanning.
The following tables show deviations from the normal mode as you enable the various options.
Store scanning with a single option enabled
The following tables show the effect of enabling one additional store scanning option when running a Realtime or Manual Scan Job.
| Scan on Scanner Update enabled | ||
|---|---|---|
| On first access | Always scan | |
| On subsequent access | Scan if an engine has updated since previous on-access scan | |
| Proactive Scanning enabled (using registry key) | ||
|---|---|---|
| On submission to store (Proactive scan) | Always scan | |
| On first access | Do not scan if scanned proactively | |
| DisableAVStamping registry key enabled | ||
|---|---|---|
| On first access | Always scan | |
Store scanning with two options enabled
The following tables describe the effect of enabling combinations of two store scanning options.
|
Scan on Scanner Update enabled
Enable Background Scan if “Scan on Scanner Update” enabled | ||
|---|---|---|
| On first access | Always scan | |
| On subsequent access | Scan if an engine has updated since previous on-access scan | |
| Background Scan Frequency | Start background scan every time an engine updates | |
|
Scan on Scanner Update enabled
Proactive Scanning enabled (using registry key) | ||
|---|---|---|
| On submission to store (Proactive scan) | Always scan | |
| On first access | Scan if engine has updated since Proactive Scan | |
| On subsequent access | Scan if engine has updated since last on-access scan | |
|
Scan on Scanner Update enabled
DisableAVStamping registry key enabled | ||
|---|---|---|
| On first access | Always scan | |
| On subsequent access | Scan if engine has updated since last on-access scan | |
|
Proactive Scanning enabled
DisableAVStamping registry key enabled | ||
|---|---|---|
| On submission to store (Proactive scan) | Always scan | |
| On first access | Scan if engine has updated since Proactive Scan | |
| On subsequent access | Scan if engine has updated since last on-access scan | |
Store scanning with three options enabled
The following tables describe the effect of enabling combinations of three store scanning options.
|
Scan on Scanner Update enabled
Enable Background Scan if “Scan on Scanner Update” enabled Proactive Scan enabled using registry key | ||
|---|---|---|
| On submission to store (Proactive scan) | Always scan | |
| On first access | Scan if an engine has updated since Proactive Scan | |
| On subsequent access | Scan if an engine has updated since previous on-access scan | |
| Background Scan Frequency | Start background scan every time an engine updates | |
|
Scan on Scanner Update enabled
Proactive Scan enabled using registry key Disable AV Stamp enabled | ||
|---|---|---|
| On submission to store (Proactive scan) | Always scan | |
| On first access | Scan if an engine has updated since Proactive Scan | |
| On subsequent access | Scan if an engine has updated since previous on-access scan | |
|
Scan on Scanner Update enabled
Enable Background Scan if “Scan on Scanner Update” enabled Disable AV Stamp enabled | ||
|---|---|---|
| On first access | Always scan | |
| On subsequent access | Scan if an engine has updated since previous on-access scan | |
Store scanning with four options enabled
The following table describes the effect of enabling all four store scanning options.
|
Scan on Scanner Update enabled
Enable Background Scan if “Scan on Scanner Update” enabled Proactive scanning enabled Disable AV Stamp enabled | ||
|---|---|---|
| On submission to store (Proactive scan) | Always scan | |
| On first access | Scan if an engine has updated since Proactive Scan | |
| On subsequent access | Scan if an engine has updated since previous on-access scan | |