Forefront Security for SharePoint Best Practices - Updating engines

Applies to: Forefront Security for SharePoint

The Scan on Scanner Update General Option causes previously-scanned files to be re-scanned when accessed following a scanner update. This provides heightened security protection by re-scanning messages with the latest signatures. However, increased scanning potentially impacts performance.

We suggest that you use the UNC method of updating your engines. That is, have one server receive updates from the Microsoft HTTP server and then share those updates among the rest of the servers in your environment. After one server receives an engine update, it can share that update with any other server whose network update path points to it. This can save greatly on Internet bandwidth and make your updates quicker and more efficient.

To use the UNC updating method, see the “File Scanner Updating” chapter of the “Forefront Security for SharePoint User Guide”.

Be aware of the specifics of the engines you are using. Some virus labs routinely release signatures more frequently than others, although all labs respond to a major outbreak with more frequent updates. The update schedule for any engine that updates more frequently than others should be set accordingly.

Even if you are not using a particular engine, you should update it once a day so that if you need to activate it the signatures will be up to date.