Release Notes


Applies to: Forefront Protection 2010 for SharePoint

Microsoft® Forefront Protection 2010 for SharePoint

Build 0394.0

Thank you for using Microsoft Forefront Protection 2010 for SharePoint (FPSP). This Release Notes file contains important information regarding the current version of this product. It is highly recommended that you read the entire document.

What's in this file

This topic contains the following information:

  • Important Notes

  • New Features

  • Known Issues

  • Documentation

  • Accessing the Solution Center

Important Notes

  1. The account used to install Forefront Protection 2010 for SharePoint (FPSP) should be entered using the Domain\Account format when the server is part of a domain. This account must be a member of the Local Administrators group on the SharePoint server and have SharePoint Farm Administrators privileges. If SharePoint is configured to connect to the database using Windows authentication, this account must also be a member of the SQL Sysadmin role on the database server.

  2. Due to a difference in system resources, FPSP performs significantly better on a 64-bit operating system (OS) than on a 32-bit OS. If your organization expects to have large capacity requirements on SharePoint server, it is recommended that you install the 64-bit OS and a 64-bit SharePoint front-end server before installing FPSP.

  3. For information about upgrading FPSP, see Upgrading FPSP and migrating FSSP data.

  4. If the password is changed for the account that was entered for SharePoint integration, the password must be changed on the Microsoft Forefront Server Protection Controller for SharePoint service using the Service Control Manager.

  5. After a fresh installation, new definition files must be downloaded in order to ensure the most up-to-date protection. An hourly check for updates for each licensed engine is scheduled. These updates start five minutes after FPSP services are started. If your environment uses an HTTP proxy server, and you did not enter this information during installation, updates will fail. Use the Forefront Protection 2010 for SharePoint Administrator Console to enter it in the Global Settings - Engine Options pane. Then, immediately update each scan engine by clicking Update All Engines Now in the Actions section.


    • You should successfully update at least one engine before the installation is considered complete.

    • Until all the licensed engines have been successfully downloaded, errors may appear in the event log. These errors include "Could not create mapper object".

  6. Extreme care should be taken when implementing actions for filter lists because they affect files submitted for scanning by SharePoint. This can potentially include ASPX and other operational pages. It is recommended that you tune your filter lists by using an action of Skip detect prior to implementing a Delete or Suspend action.

  7. The user interface does not display user names and passwords for Universal Naming Convention (UNC) paths and proxy settings. Therefore, be aware that these fields may have been set and may have values, even though nothing appears in them.

  8. The Forefront Protection 2010 for SharePoint Administrator Console cannot be used to manage servers running earlier versions of the product.

  9. If the SharePoint Portal Alert service is on the server and running, uninstalling FPSP might require a restart of this service.

  10. Files compressed into multipart RAR volumes are subject to the uncompressed file size limit. This limit is specified in Policy Management, on the Global Settings - Advanced Options pane, in the Maximum uncompressed file size setting. The default value of this limit is 750 megabytes (MB) for 64-bit systems, and 100 MB for 32-bit systems. If any file exceeds the limit, any multipart RAR volume that contains the file or a part of the file is suspended or deleted. You can also set its value by running the Set-FsspAdvancedOptions ‒MaxUncompressedFileSize Windows PowerShell command from the Forefront Management Shell. (For example: Set-FsspAdvancedOptions ‒MaxUncompressedFileSize 800).

  11. To prevent FPSP from requiring a restart during an uninstall process, shut down the Microsoft System Center Operations Manager 2007 (Operations Manager 2007) agent (or any other monitoring software, if deployed) and make sure that any command prompts or Windows Explorer windows do not have the FPSP program folder or any of the subfolders open. After the uninstall process is complete, start the Operations Manager 2007 agent again.

  12. FPSP does not support customers using their own procedure in order to download engine updates from the Microsoft Web sites. FPSP provides the ability for a server to be used as a redistribution server, but this server must use FPSP to get the updates from Microsoft.

  13. When configuring notifications, various macros are available that can fill in useful information about the file being processed and the server doing the processing. Since notifications can be sent outside your organization, when enabling or customizing notifications, it is recommended that you do not use any macros that could expose any information you do not want disclosed.

  14. To ensure that notifications are always delivered and are not mistakenly detected as spam by Microsoft Outlook, the FromAddress of the notifications must be added to the safe senders list of all mailboxes that expect to receive these notifications. (To access the safe senders list in Outlook 2007, click Tools and then Options, click the Junk E-mail button, and then click the Safe Senders tab.) For more information about the FromAddress registry key, see "Changing the From address for notifications" in Configuring e-mail notifications.

  15. Author and Last Modified User roles will not function for any notifications that work in conjunction with the realtime scan; for example, a Virus found notification that would be sent after a virus detection by the realtime scan. In addition, Author and Last Modified User roles will not function for any notifications on a non-domain joined SharePoint server.

  16. FPSP data folder path names (DatabasePath registry key) have a maximum size of 216 characters.

  17. If you change the program folder, its name must be less than 170 characters.

  18. UNC paths specified for engine updates must not end with a backslash (\).

  19. FPSP is not supported on a server that has both Microsoft Exchange Server and SharePoint installed.

  20. There are a number of settings and situations that require you to restart services. In the event that FPSP does not recognize the current settings, stop and then restart the relevant FPSP services. For more information, see Restarting services.

  21. The Microsoft Forefront Server Protection Controller Service is dependent on the Windows NT® Schedule service. The Schedule service must have the ability to start successfully in order for FPSP to initialize.

  22. The profanity example lists are provided in a different format than in former versions of the product. For the revised method of importing profanity example lists, see Using example keyword lists.

  23. If you have Microsoft Office Manager 2005 or Microsoft System Center Operations Manager 2007 agents installed, you might see services start unexpectedly after the product has been installed or uninstalled. These agents are stopped (disabled) during an installation or uninstall and automatically re-enabled when the process has completed. This is normal behavior.

  24. You cannot connect to another Forefront server using the Forefront Protection 2010 for SharePoint Administrator Console.

  25. A nested file part within a container file cannot be restored from quarantine to the original SharePoint library. Only the original container file can be restored.

  26. The error actions for the scheduled and on-demand scans are automatically set to Skip detect and are not configurable in the user interface. This is to prevent unintended data loss that may occur when scan errors are encountered.

  27. You should be aware of the following when viewing FPSP health points:

    • On SharePoint Server 2007, all health points are initialized with a status of “Unknown” (denoted by a question mark) until a file is scanned.

    • On SharePoint Server 2010, the Realtime scan SP processes health point is initialized with a status of “Unknown” for 15 minutes after the Forefront services are started. Also, the Selected SP Realtime engine initialization health point is initialized with a status of "Unknown" until a file is scanned.

    • On all SharePoint servers, the Selected SP scheduled engine initialization health point is initialized with a status of “Unknown” and only switches to green when a scheduled scan has been run.

New Features

Build 0394.0:

  1. Added support for Windows PowerShell, the Windows command line shell that can be used to enter commands directly or to create scripts.

  2. Product installation is now done with the Windows Installer (MSI). Unattended (silent or passive) installations are also supported.

  3. The user interface has been revised and includes statistics and health monitoring reports.

  4. Spyware can now be detected with the Microsoft Antimalware Engine in the realtime scan.

  5. Administrators can now customize e-mail notifications to be sent for events such as a license expiration or an engine update failure.

  6. There is a new scan job called the scheduled scan job, which is typically used to scan the entire database.

  7. An on-demand scan job has been added in order to scan selected sites on an on-demand basis.

    You can choose the SharePoint sites to scan with the scheduled and on-demand scans using either the FPSP Administrator Console or Windows PowerShell commands.

  8. FPSP can be run on the Hyper-V virtual platform.

  9. FPSP can be deployed by using the System Center Configuration Manager (SCCM).

  10. FPSP has improved its performance scanning Microsoft Office OpenXML files.

  11. FPSP supports scanning files over 500 megabytes (MB).

  12. FPSP offers increased stability over heavy loads.

  13. FPSP is supported on 64-bit operating systems.

Known Issues

  1. A valid ZIP archive is detected as corrupted compressed.

    Reason: FPSP currently does not support the PKWARE's DCL-Implode or Deflate64 algorithms.

    Workaround: None.

  2. Forefront services may still exist if the Service Control Manager is open during uninstall.

    Reason: FPSP services may only get marked for deletion instead of actually being deleted if the Service Control Manager application is open.

    Workaround: Closing the Service Control Manager application or restarting the server allows the FPSP services to be deleted.

  3. During the installation, choosing a directory from the list of existing folders when you are prompted by the Select Program Folder dialog box for a program folder, only replaces the current shortcuts in the selected folder with the shortcuts for FPSP. (The original programs themselves will remain untouched; only the links to them in that program folder are overwritten.)

    Workaround: Either accept the default or enter the name of a totally new folder.

  4. FPSP will not properly scan for viruses if installed to a folder with non-ASCII characters.

    Workaround: Choose a path that contains only characters from the following groups: letters (A-Z, a-z), numbers (0-9), or the symbols :\/!#$%'()+,-.;=@[]^_`{}~.

  5. In Windows PowerShell, in the incident and quarantine records, time is displayed as Universal Time Coordinate (UTC), which might differ from local time.

  6. In the Forefront Protection 2010 for SharePoint Administrator Console and in the data returned by the Get-FsspIncident and Get-FsspQuarantine cmdlets, the author name and the last modified name items may be blank or contain --- characters instead of the name. This may happen on SharePoint Server 2007 under any of the following conditions:

    • An incident is detected during the realtime scan on a download.

    • An incident is detected during the realtime scan on an upload, and the realtime scan action is set to Skip detect.

    • An incident is detected during the realtime scan due to a filter match, and the matching filter list has an abnormally long name.

      Workaround: Try shortening very long filter list names.

  7. The Dashboard stops displaying information after you change the Regional and Language Options to show the system time and date in Arabic on Microsoft Windows Server 2008 or Windows Server 2008 R2 systems.

    Workaround: Configure the Regional and Language Options to show the system time and date in any other format.

  8. When running FPSP with SharePoint Server 2010, a crash may occur when the Get-FsspReport cmdlet is issued, either directly by Windows PowerShell or by the Forefront Protection 2010 for SharePoint Administrator Console.

    Reason: SharePoint Server 2010 is not supported on Windows Server 2008 SP1 or lower.

    Workaround: Download and install a patch (KB953290) for Windows Server 2008 x64 Edition. The patch is available at Microsoft's Download Center (

  9. When a document contains both English and Chinese words, a keyword filter cannot filter the English word.

    Reason: There is a problem with the offfilt.dll file.

    Workaround: See Knowledge Base article KB915800 (

  10. Some sites cannot be selected to be scanned by the scheduled scan.

    Reason: The URL of the site is made up of Unicode characters and contains spaces. The Forefront Protection 2010 for SharePoint Administrator Console does not support these URLs.

    Workaround: Rename the site so that it does not contain Unicode characters and spaces.

  11. When the Forefront Protection 2010 for SharePoint Administrator Console attempts to write to the Windows PowerShell event log, if the event log is full, a pop-up message appears every time telling you that the event log is full.

    Reason: Every time that the Forefront Protection 2010 for SharePoint Administrator Console is opened or you navigate within the UI, records are written to the PowerShell event log. The pop-up appears because the maximum log size is too small and you have the When maximum event log size is reached option set to Do not overwrite events (Clear log manually)

    Workaround: Increase the maximum size of the Windows PowerShell event log by following these steps:

    1. In Control Panel/Administrative Tools, open the Event Viewer.

    2. Right-click the Windows PowerShell event viewer and select Properties.

    3. Increase the Maximum log size by entering a new log size, in kilobytes. Click OK and close the Event Viewer.

    4. Consider changing the value of the When maximum event log size is reached option to one of the other choices:

      • Overwrite events as needed (oldest events first) - this is the default

      • Archive the log when full, do not overwrite events

  12. Microsoft Office Excel 2007 files with an .xlsb extension (Excel binary workbook files) cannot be filtered by keyword filtering. These files are correctly scanned by antivirus scans.

  13. When running an unattended (silent or passive) installation, add the domain to the account name (domain\account); otherwise you will receive an installation error.

  14. If FPSP is installed on SharePoint Server 2010 and you enable a keyword filter list, a small memory leak in the Office iFilter component may be exhibited in FPSP scanning processes. As a mitigation, FPSP by default recycles the scanning processes every 24 hours (86400 seconds). You can shorten the period for recycling the scanning processes by running the following Windows PowerShell command from the Forefront Management Shell:

    New-FsspExtendedOption -Name OverrideRecycleSharePointScanJobs -value 28800

  15. If you receive this message: "The digital signature associated with the engine manifest file is either missing or invalid, or the file is corrupt." and you are using a proxy server when updating engines, the proxy server may have sent back a response code that is not recognized as a failure code and includes a response that contains html with a detailed description of the error instead of the requested manifest file. Before troubleshooting further, check your proxy server settings.

  16. If you receive a SharePoint error message during an upload or download, this may indicate that the scanned file contained malware or matched a filter. To verify whether this is the case, you can view incidents in the FPSP Administrator Console.

  17. When configuring notifications, the Edit Credentials dialog box under SMTP server settings is not storing the password to configuration (the user name is stored, however). As a workaround, you can run the following Windows PowerShell command from the Forefront Management Shell: Set-FsspNotificationOptions -smtppassword  password

  18. When the FPSP realtime scan is called by SharePoint to scan a file, SharePoint passes the URL of the file to FPSP. In Microsoft Office SharePoint Server 2010 and Windows SharePoint Foundation 2010 there are multiple ways in which a user can access a file, including HTTP and WebDAV. When files are downloaded via WebDav and then provided to FPSP for realtime scanning, the URL provided by SharePoint may be incomplete. This does not affect the scanning of files. However, it may impact your ability to restore quarantined files.

    For Microsoft Office 2010 clients, including Microsoft Word and Excel, when the default SharePoint configuration is changed from CSI to DAV, this will be an issue. It is always an issue on previous versions of Microsoft Office clients, such as the Microsoft Office 2007 client. This is also an issue when files are downloaded via the SharePoint Explorer view or the SharePoint Designer tool.


The documentation for this product is distributed in .chm format and is provided with this package. After installation, access help either from the Forefront Protection 2010 for SharePoint Administrator Console interface or use the F1 key when running the Forefront Protection 2010 for SharePoint Administrator Console. To view the latest updated documentation, see:

Accessing the Solution Center

Additional information about FPSP is available on Microsoft's Web site:

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2010 Microsoft Corporation. All rights reserved.

Microsoft, Forefront, SharePoint, Windows, Windows NT, Windows Vista, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.