Selecting the scan engines used for each scan

  • Article

 

Applies to: Forefront Protection for Exchange

By default, Forefront Protection 2010 for Exchange Server (FPE) uses the same set of scan engines for each antivirus scan job type (realtime, transport, scheduled, and on-demand). For maximum performance, it is recommended that you retain the default settings, so that all available engines are used. However, if you so choose, you can manually disable one or more antivirus scan engines for each scan job. You can configure each scan job type separately; the engine settings are not global.

For more information about individual scan engines, visit each engine vendor's Web site. Links are provided at Microsoft Help and Support.

Note

For antispyware scanning, you must use the Microsoft Antimalware Engine. It is enabled by default and cannot be disabled.

To manually select the engines used for each scan job

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.

  2. In the Global Settings - Advanced Options pane, under the Intelligent Engine Management section, using the Engine management drop-down list, select Manual.

  3. In the Engine selection section, you can enable or disable specific engines for each scan job type. Select the engine and type of scan you want to change, and then select Enabled (the default) or Disabled. Repeat this step to change additional engines, and then click Save.

Note

For information about changing the schedule of engine updates, see Configuring engine and definition updates.

Configuring the engine error action

You can set the action that FPE takes when an engine error is returned for all engines used to scan a message or attachment.

To configure the engine error actions

  1. In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.

  2. In the Global Settings - Advanced Options pane, in the Scan options section, configure the Engine error action by selecting one of the following possible values:

    1. Ignore—Logs the error to the program log.

    2. Skip detect—Logs the error to the program log and displays an entry with a State of Detected in the Server Security Views – Incidents pane.

    3. Delete—Logs the error to the program log, deletes the file that caused the error, and displays an entry with a State of Removed in the Server Security Views – Incidents pane. The file that caused the engine error is always quarantined. Delete is the default value.

  3. Click Save.

See Also

Concepts

Configuring the transport scan
Configuring the realtime scan
Configuring the scheduled scan
Configuring the on-demand scan