There are several configuration settings that you can adjust for the Microsoft Forefront Protection 2010 for SharePoint (FPSP) on-demand scan in order to meet the needs of your environment. All changes to on-demand scan settings take effect as soon as you begin the scan.

To configure the on-demand scan
  1. In the Forefront Protection 2010 for SharePoint Administrator Console, click Tasks, and then, in the Task Library, click On-Demand Scan.

  2. In the Task Library - On-Demand Scan pane, in the Scan targets and options section, configure the sites to scan. For information about selecting sites to scan, see Selecting the sites to scan with the on-demand scan.

  3. In the Task Library - On-Demand Scan pane, in the Scan engines and performance section, select the number of scan engines that should be used for each scan. For more information, see Configuring the number of scan engines used for each scan.

  4. In the Task Library - On-Demand Scan pane, in the Scan actions section, configure the following settings:

    1. Action—Select the action that you want performed when a virus is detected. For more information about actions, see Configuring the action when malware is detected.

    2. Quarantine Files—Using the drop-down list, enable (by selecting Yes) or disable (by selecting No) saving infected files detected by the file scanning engines. Quarantining is enabled by default. Enabling quarantine causes deleted files to be storedin a secure location, from which you can recover them. For more information about quarantine, see Viewing and managing quarantine.

    3. Edit Malware Deletion Text—You can specify deletion text, which is used to replace the contents of an infected file during a delete operation. The default deletion text informs you that an infected file was removed, along with the name of the file and the name of the malware found. To change the default deletion text, make the modifications to the deletion text in the Edit Malware Deletion Text dialog box, and then click OK to return to the Task Library - On-Demand Scan pane.

      Note:
      FPSP provides keywords that can be used in the deletion text field to obtain information from the message in which the infection was found. To use them, in the Malware Deletion Text dialog box, right click, select Insert Field, and then select the desired macro. For more information about keyword macros, see Keyword substitution macros.
  5. Optionally, configure the settings to tell FPSP what to do if a scan encounters a corrupted compressed file. For more information about corrupted compressed files, see Deleting corrupted compressed files.

  6. Optionally, configure the settings to tell FPSP what to do if certain threshold levels are exceeded. For more information about threshold levels, see Configuring maximum file sizes and other threshold levels.

Configuring additional on demand scan options

You can configure additional settings for the on-demand scan. In the FPSP Administrator Console, click Tasks, and in Task Library, click On-Demand Scan. In the Scan targets and options section, configure the following settings:

  • Scan .doc files as containers—Configures the on-demand scan to scan .doc files and any other files that use structured storage and the OLE embedded data format (for example, .xls, .ppt, or .shs) as container files. This ensures that any embedded files are scanned as potential malware carriers.

  • Priority—Sets the CPU priority in order to permit more important jobs to take precedence over on-demand scans when demands on server resources are high. In the Set priority drop-down list, click one of the following: Normal (the default), Below normal, or Low.

  • Maximum container scan time (seconds)—Configures the number of seconds that the on-demand scan scans a compressed attachment before reporting it as a ScanTimeExceeded virus. This option is intended to prevent the risk of denial of service due to zip-of-death attacks. The default value is 120 seconds (2 minutes).

All changes to on-demand scan settings take effect as soon as you begin the scan.

Indicating whether notifications should be sent

You can indicate whether virus or spyware notifications should be sent when malware is detected by using the Forefront Management Shell.

To access the Forefront Management Shell, click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.After accessing the Forefront Management Shell, you can issue the following command:

Set-FsspOnDemandScan -SuppressMalwareNotifications

The possible values are $false and $true. The default of $false indicates that if virus or spyware notifications are enabled, they are sent. If they are disabled, this parameter has no effect.

Related Topics