There are various configuration settings that you can adjust for the Microsoft Forefront Protection 2010 for SharePoint (FPSP) scheduled scan in order to meet the needs of your environment. These include selecting the number of scan engines to use for each scan, setting the action to take when malware is found, and specifying whether or not to quarantine detected files.To configure the scheduled scan
In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management and in Antimalware, click Scheduled.
In the Antimalware - Scheduled pane, in the General settings section, configure the following setting:
- Enable scheduled antivirus scan—Select
or clear this check box to enable or disable the scheduled
antivirus scan. This setting is enabled by default.
- Enable scheduled antivirus scan—Select or clear this check box to enable or disable the scheduled antivirus scan. This setting is enabled by default.
In the Antimalware - Scheduled pane, in the Engines and performance section, select the number of scan engines that should be used for this scan. For more information, see Configuring the number of scan engines used for each scan
In the Antimalware - Scheduled pane, in the Scan actions section, configure the following settings:
- Action—Select the action that you want performed when
malware is detected. For more information, see Configuring the action
when malware is detected.
- Quarantine files—Using the drop-down list, enable (by
selecting Yes) or disable (by selecting No) saving
infected files detected by the file-scanning engines. Quarantining
is enabled by default. Enabling quarantine causes deleted files to
be storedin a secure location, from which you can recover them. For
more information about quarantine, see Viewing and managing
- Edit Malware Deletion Text—You can specify Deletion
text, which is used to replace the contents of an infected file
during a delete operation. The default deletion text informs you
that an infected file was removed, along with the name of the file
and the name of the malware found. To change the default text,
click Edit Deletion Text, make the modifications to the
deletion text in the Edit Malware Deletion Text dialog box,
and then click OK to return to the Antimalware -
Note: FPSP provides keywords that can be used in the deletion text field to obtain information from the message in which the infection was found. To use them, in the Malware Deletion Text dialog box, right click, select Insert Field, and then select the desired macro. For more information about this feature, see Keyword substitution macros.
- Action—Select the action that you want performed when malware is detected. For more information, see Configuring the action when malware is detected.
Optionally, configure the settings to tell FPSP what to do if a scan encounters a corrupted compressed file. For more information, see Deleting corrupted compressed files.
Optionally, configure the settings to tell FPSP what to do if certain threshold levels are exceeded. For more information, see Configuring maximum file sizes and other threshold levels.
Configuring additional scheduled scan options
You can configure additional settings for the scheduled scan. In the FPSP Administrator Console, click Policy Management, and then, in Global Settings, click Scan Options.
|The Schedule options are described in Scheduling the scheduled scan. The Scan Target Folders option is described in Selecting the sites to scan with the scheduled scan.|
In the Scheduled scan section, you can configure the following settings:
- Schedule the scan—For more information, see
- Scan .doc files as
containers—Configures the scheduled scan to scan .doc files and
any other files that use structured storage and the OLE embedded
data format (for example, .xls, .ppt, or .shs) as container files.
This ensures that any embedded files are scanned as potential
malware carriers. This setting is disabled by default.
- Set priority—Sets the CPU priority in
order to permit more important jobs to take precedence over
scheduled scans when demands on server resources are high. In the
Set priority drop-down list, click one of the following:
Normal (the default), Below normal, or
- Maximum container scan time
(seconds)—Configures the number of seconds that the scheduled
scan scans a compressed file before reporting it as a
"ScanTimeExceeded" incident. This option is intended to prevent the
risk of denial of service due to zip-of-death attacks. The default
value is 120 seconds (2 minutes).
Click Save after making any changes to your settings.
Once the scheduled scan has been configured, it will run according to the schedule.
Indicating whether notifications should be sent
You can indicate whether virus or spyware notifications should be sent when malware is detected by using the Forefront Management Shell.
To access the Forefront Management Shell, click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.After accessing the Forefront Management Shell, you can issue the following command:
The possible values are $false and $true. The default of $false indicates that if virus or spyware notifications are enabled, they are sent. If they are disabled, this parameter has no effect.