If you aren’t already aware, or haven’t been notified for that matter through Forefront’s diagnostic notification system, Microsoft’s Forefront Server Security for Exchange and SharePoint is retiring 3 of its 9 engines on 1 December 2009. Forefront server security products has been renowned for its multiple scanning engine technology that allows you to scan items using up to 5 of its 9 engines at any one time, but that is about to change. So which engines are being deprecated and why?
If you are running any of the Forefront Server security products such as Forefront Security for Exchange Serer or Forefront Security for SharePoint and you have diagnostics email alerts setup you should have received 3 emails in your mailbox recently notifying you of the deprecation similar to the below;
Sophos Virus Detection Engine has been deprecated as of 1/07/2009 and will be available only until 1/12/2009. Updates for this engine will stop after 1/12/2009. For more information, see http://go.microsoft.com/fwlink/?LinkId=152864
The other engines that are also retiring are CA and AhnLab. Microsoft makes the following statement in their Forefront Server Security Engines Revisions FAQ document.
“The set of five engines available in Forefront server security products as of Dec. 1, 2009 includes Microsoft AV, Kaspersky, Norman, VirusBuster and Authentium. However, these engines may change over time as we seek to improve overall protection metrics and to maintain our detection advantage relative to our competition and in support of our customer needs”
It is noted that Forefront Server Security customers should update to the latest service packs before the 1 December 2009 in order to take advantage of the five engines that Microsoft are retaining.
More details and the full “Engine Revision Overview and FAQ” document can be found on the Microsoft TechNet Site.
Let’s first begin to ensure that Forefront Diagnostics has been setup. The Forefront Server Security Administrator console is similar for both Exchange 2007 and SharePoint so let’s begin by launching the console and navigating to Settings and General Options. Under the Diagnostics heading, ensure that the following options are ticked as follows.
Let’s now de-select the engines that are being retired and select alternatives as replacements. This is achieved by navigating to Settings / Antivirus and deselecting the File Scanners for each of your listed Jobs.
After ensuring that none of the retiring scanners are selected, we can proceed to disable the automatic signature downloads for those scanners. We do this by navigating to Settings / Scanner Updates and clicking on Disable against each respective retiring engine.
That’s it for now! So what’s next? We will just have to wait and see but hopefully Microsoft’s next generation of Forefront products codename “Stirling” which is now in beta 2 is just around the corner. You can read more about Stirling on the Microsoft TechNet Site.