You can configure update settings that are specific for each scan engine, as well as global settings that apply to all engines. In addition, setting a schedule to check for new engine and definition updates automatically helps to protect you against new malware without having to check versions or manually update the files. It is recommended that you use the default schedule to update scan engines hourly. However, if you so choose, you can create your own schedules for performing updates.
Note: |
---|
Cloudmark downloads antispam updates directly from the cloud. This differs from the other scan engines, which receive updates directly from Microsoft. Cloudmark definition update checks are not configurable in the Forefront Protection 2010 for Exchange Server Administrator Console. |
-
In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and then under Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Intelligent Engine Management section, using the Engine management drop-down list, select Manual.
-
In the Update scheduling section, select the engine whose update settings you want to change.
The engines are grouped together by protection technology, for example under Antimalware and Antispam. If you select multiple engines, be sure that you want these engines to have the same update configuration.
-
Click the Edit Selected Engines button.
-
In the Edit Selected Engines dialog box, configure the following settings:
- Enabled—If you selected only one engine, the
Enabled check box appears. If checked (the default), updates
are enabled for the selected engine. If cleared, updates are not
downloaded. If you selected multiple engines, the Enable or
disable engine updates drop-down list appears. If
Enabled is selected (the default) from the drop-down list,
updates are enabled for the selected engines. If Disabled is
selected, updates are not downloaded.
Note: If you disable updates for an engine, it is recommended that you do not use that engine for scanning. When updates for an engine are disabled, the engine still continues to be used for scanning but as time passes and its definitions become out of date, its effectiveness diminishes. It is strongly recommended that you leave the default of having all engines enabled to update automatically. - Primary update path—Specify the primary update path that
is used to download updates. The following is the default primary
update path: http://forefrontdl.microsoft.com/server/scanengineupdate
If you would prefer to use Universal Naming Convention (UNC) updating by means of a redistribution server, see Distributing updates by using UNC updating.
Note: Unicode update paths are not supported. Also, if the primary update path uses the default Internet path (http://forefrontdl.microsoft.com/server/scanengineupdate) in order to update its antimalware and antispam engines, that URL must be allowed in your firewall settings, even if the mail server generally does not have Internet access. In order to have full protection, your engines need to be updated on a regular basis. If antispam protection is enabled, because the antispam engine definition updates are downloaded directly from the cloud, the following URLs (and any subdomains under them) and the use of http and https must also be allowed through the firewall: - cdn-microupdates.cloudmark.com
- lvc.cloudmark.com
- tracks.cloudmark.com
- pki.cloudmark.com
- cdn-microupdates.cloudmark.com
- Secondary update path—Optionally, specify the secondary
update path. If the primary path fails for any reason, FPE uses the
secondary path to download updates. There is no default secondary
update path.
If you are using a redistribution server for the primary update path, you can enter the Microsoft download location in the secondary update path. Then, if updating by means of the redistribution server fails, the latest updates can still be retrieved from Microsoft by using the secondary update path.
Note: Unicode update paths are not supported. Also, if the secondary update path uses the default Internet path (http://forefrontdl.microsoft.com/server/scanengineupdate) in order to update its antimalware and antispam engines, that URL must be allowed in your firewall settings, even if the mail server generally does not have Internet access. In order to have full protection, your engines need to be updated on a regular basis. If antispam protection is enabled, because the antispam engine definition updates are downloaded directly from the cloud, the following URLs (and any subdomains under them) and the use of http and https must also be allowed through the firewall: - cdn-microupdates.cloudmark.com
- lvc.cloudmark.com
- tracks.cloudmark.com
- pki.cloudmark.com
- cdn-microupdates.cloudmark.com
- Update start date and time—Specify the start date and
start time at which to check for updates. If you subsequently
select an Update Frequency of Once, this is the only
date and time that update-checking occurs; otherwise, this date and
time represents the first time that update-checking occurs.
- Update frequency—Specify how often the update occurs.
You can select Once (update only once, on the specified date
and time), Daily (update every day, at the same time), or
Weekly (update each week, on the same day and time). It is
recommended that you leave the default value of updating
antimalware and antispam engines daily on an hourly basis. However,
if you choose to change the default setting, it is recommended that
you select Daily and then set a repeat interval in order to
update the engine at multiple times during the day. To set a repeat
interval, select the Check for updates every (hours:
minutes) check box and then specify the hours and minutes using
the input box. By default, antimalware and antispam updates are
scheduled to occur on an hourly basis.
- Click Apply and Close to return to the Global
Settings - Advanced Options pane, where you can select another
engine to be updated.
- Enabled—If you selected only one engine, the
Enabled check box appears. If checked (the default), updates
are enabled for the selected engine. If cleared, updates are not
downloaded. If you selected multiple engines, the Enable or
disable engine updates drop-down list appears. If
Enabled is selected (the default) from the drop-down list,
updates are enabled for the selected engines. If Disabled is
selected, updates are not downloaded.
-
After you are done making changes, click Save.
Note: |
---|
If you are using Windows PowerShell commands to schedule updates, it is recommended that you do not schedule antispam updates with the antimalware updates. |
-
In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and then under Global Settings, click Engine Options.
-
In environments where the Exchange server must access the Internet through a proxy server you must configure FPE to retrieve engine and definition updates through that server by performing the following steps:
- In the Global Settings - Engine Options pane, in the
Proxy Server section, select the Enable proxy server
check box.
- Type the Proxy server (name or IP address) and
Port.
- Optionally, if you need to specify a user name and password,
click Edit Proxy Server Credentials in order to open a
dialog box where you can specify your credentials for the proxy
server. It is recommended that you use credentials with the minimum
privileges. These should not be domain credentials, and the user
should only be granted access to the proxy server.
- In the Global Settings - Engine Options pane, in the
Proxy Server section, select the Enable proxy server
check box.
-
To configure FPE to perform updates for enabled engines when the Microsoft Forefront Server Protection Controller Service starts, select Update engines on sever startup. This setting is disabled by default.
-
To configure the maximum number of seconds that an engine will attempt to download an update before timing out, specify a value, in seconds, in the Engine download timeout (seconds) field. If a timeout occurs, the download is retried at the next scheduled interval. The default value is 300 seconds. The minimum is 60 seconds and the maximum is 86400 seconds (24 hours).
-
Click Save.
Important: |
---|
For more information about the UNC Authentication settings and the Enable as an update redistribution server check box, see Distributing updates by using UNC updating. |