Configuring antispyware
Applies to: Forefront Protection for Exchange
Spyware is software that threatens the security and privacy of computer users. Spyware is usually installed on a computer without a person’s knowledge. It ranges from unwanted pop-up ads to programs that can record keystrokes or even take over your computer. Spyware can slow computer performance, change a computer’s configuration, and reveal personal data such as account information or passwords. Forefront Protection 2010 for Exchange Server (FPE) can help you to combat spyware coming through your Exchange servers.
Although most of the antispyware configuration settings are bundled together with the antivirus settings under the antimalware settings, the following spyware-specific settings are available in order to help you best configure FPE to scan for spyware:
Engine updates for the Microsoft Antimalware engine should be enabled if you have enabled antispyware scanning. The Microsoft Antimalware engine is the only scan engine that checks for spyware, so you want its engine and definition updates to be up to date. For more information, see Configuring engine and definition updates.
Depending on which scans you want to run, you must enable antispyware scanning for the transport, realtime, and scheduled scans. (Spyware scanning is not available for the on-demand scan.) For more information, see Configuring the transport scan, Configuring the realtime scan, and Configuring the scheduled scan.
Similarly, for each scan job, you must set the action that you want FPE to perform when spyware is detected. You can also set an action for antivirus scanning, and in cases where a file is detected as containing both a virus and spyware, the antivirus action setting takes precedence. For more information about the action setting, see Configuring the transport scan, Configuring the realtime scan, and Configuring the scheduled scan.