Forefront Protection 2010 for Exchange Server and 32-bit vs. 64-bit

Microsoft Forefront Protection 2010 for Exchange Server (FPE) 1 is a leading solution for securing your messaging environment. Its antimalware solution is a proven security product that has helped many customers to secure their e-mail system.


A multi-engine solution provides the maximum protection for our customers, but it also requires we take dependencies on multiple engine partners. The engines Forefront leverages remain in service for many years, most were created when only 32-bit machines were available, and some partners are still developing their native 64-bit engine. To release a 64-bit engine is not an easy task, for instance, this often involves porting and testing a large volume of assembly code.


Forefront made a cautious decision to preserve 32-bit scanning processes until the next release. One reason to do this is the 32-bit engines are field proven to be stable. Another reason is that we provide a shield so that the 32-bit scanning processes remain transparent for our customers. Forefront customers receive the same level of malware protection regardless if the scanning processes are 32-bit or 64-bit.


Now that the world is moving toward 64-bit architecture – Windows 2008 R2, Exchange 2007, Exchange 2010, and Office 2010 only support 64-bit releases and some of our engine partners have had 64-bit engines running in the field for some time now, we believe we are ready to move to a native 64-bit solution. Besides aligning with Server and Office applications, a 64-bit application has the advantage of being able to leverage more virtual memory (up to 8 TB) than a 32-bit application (up to 2 GB). This will allow Forefront to scan increasingly large files in memory and allow customers to scale out in a high volume traffic environment.


The upcoming releases – Microsoft Forefront Protection for SharePoint 2010 (FPSP) and Microsoft Forefront Protection for Exchange Server 2010 with Service Pack 1 – will be entirely native 64-bit solutions. For those engines that are not yet available in 64-bit, or that have not been thoroughly tested in the field, we continue to provide the same level of malware protection by hosting the 32-bit version of those engines in a separate process. These upcoming releases will also have the ability to seamlessly switch to the native 64-bit version of these engines without affecting the Forefront deployment or involving additional administrative tasks when the engines become available.


1. Former releases include Microsoft Forefront Security for Exchange 2007, Microsoft Forefront Security for SharePoint 2007, Microsoft Antigen for Exchange, Microsoft Antigen for SharePoint.


Carolyn Liu
Senior Program Manager