Selecting the scan engines used for each scan
Applies to: Forefront Protection 2010 for SharePoint
By default, Microsoft Forefront Protection 2010 for SharePoint (FPSP) uses the same set of scan engines for each antivirus scan job type (realtime, scheduled, and on-demand). For maximum performance, it is recommended that you retain the default settings, so that all available engines are used. However, if you so choose, you can manually disable one or more antivirus scan engines for each scan job. You can configure each scan job type separately; the engine settings are not global.
For more information about individual scan engines, visit each engine vendor's Web site. Links are provided at Microsoft Help and Support.
Note
For antispyware scanning, you must use the Microsoft Antimalware Engine. It is enabled by default and cannot be disabled.
To manually select the engines used for each scan job
In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.
In the Global Settings - Advanced Options pane, under the Intelligent Engine Management section, using the Engine management drop-down list, select Manual.
In the Engine selection section, you can enable or disable specific engines for each scan job type. Select the engine and type of scan you want to change, and then select Enabled (the default) or Disabled. Repeat this step to change additional engines, and then click Save.
Note
-
You cannot disable all engines for a scan job. Evaluate whether you want to disable antivirus scanning or bypass scanning (realtime scan only) for that scan job instead. For more information, see the configuration topics for each scan job.
-
For information about changing the schedule of engine updates, see Configuring engine and definition updates.
Configuring the engine error actions
You can set the actions that FPSP takes when an engine error is returned for all engines used to scan a file with the realtime scan (scheduled and on-demand scan engine errors are automatically set to Skip detect).
To configure the engine error actions
In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.
In the Global Settings - Advanced Options pane, in the Scan options section, configure the Engine error action by selecting one of the following possible values:
Ignore—Logs the error to the program log.
Skip detect—Logs the error to the program log and displays an entry with a State of Detected in the Server Security Views – Incidents pane.
Delete—Logs the error to the program log, deletes the file that caused the error, and displays an entry with a State of Removed in the Server Security Views – Incidents pane. Delete is the default value.
If you want to quarantine the file that caused the engine error, select the Quarantine on engine error check box.
Click Save.
See Also
Concepts
Configuring the realtime scan
Configuring the scheduled scan
Configuring the on-demand scan