McAfee Transport Scanning Enabled on Backend Server

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at]  

Topic Last Modified: 2008-11-12

The Microsoft Exchange Server Analyzer Tool reads the following registry entries to determine the location of the McAfee Groupshield version 6.0.2 configuration file:

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\McAfee GroupShield\Configuration

The Exchange Server Analyzer then uses a custom object processor to scan the Groupshield configuration file for an indication that McAfee Groupshield Transport Scanning is installed and enabled on the server.

The Exchange Server Analyzer then queries the Active Directory directory service to determine the value of the serialNumber attribute for the object class of msExchExchangeServer. The msExchExchangeServer object class represents an Exchange server object. The table below contains a key to the attribute values.

Value contains The computer is running

Version 5.5

Microsoft Exchange Server 5.5

Version 6.0

Microsoft Exchange 2000 Server

Version 6.5

Microsoft Exchange Server 2003

Version 8.0

Microsoft Exchange Server 2007

Finally, the Exchange Server Analyzer queries the Active Directory directory service to determine the value of the serverRole attribute of the msExchExchangeServer object. A value of 1 for the serverRole attribute indicates that the Exchange server has been configured as a front-end server. A value of 0 indicates that the Exchange server is not configured as a front-end server.

If the Exchange Server Analyzer finds all of the following conditions to be true, the Exchange Server Analyzer displays a best practices message:

  • McAfee Groupshield version 6.0.2 is installed and enabled on the target server.

  • The target server is running Exchange 2000 Server or Exchange Server 2003.

  • The target server is not configured as an Exchange server front-end server.

It is not a recommended best practice to enable McAfee Groupshield Transport scanning on an Exchange Server that is not configured as front-end server.

Enabling McAfee Groupshield Transport Scanning on an Exchange Server back-end server can lead to performance degradation by scanning files at the mailbox level.

To address this issue, see the following McAfee Document:

Note   The third-party Web site information is provided to help you find the technical information you need. The URLs are subject to change without notice.

For more information about how to use antivirus software with Exchange Server, see the following Knowledge Base articles:

For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Server Partners: Antivirus Web site (