You can configure update settings that are specific for each scan engine, as well as global settings that apply to all engines. In addition, setting a schedule to check for new engine and definition updates automatically helps to protect you against new malware without having to check versions or manually update the files. It is recommended that you use the default schedule to update scan engines hourly. However, if you so choose, you can create your own schedules for performing updates with Microsoft Forefront Protection 2010 for SharePoint (FPSP).
To configure and schedule updates for specific engines-
In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and then in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Intelligent Engine Management section, using the Engine management drop-down list, select Manual.
-
In the Update Scheduling section, select the engine whose update settings you want to change
The engines are grouped together by protection technology. If you select multiple engines, be sure that you want these engines to have the same update configuration.
-
Click the Edit Selected Engines button.
-
In the Edit Selected Engines dialog box, configure the following settings:
- Enabled—If you selected only one engine, the
Enabled check box appears. If checked (the default), updates
are enabled for the selected engine. If cleared, updates are not
downloaded. If you selected multiple engines, the Enable/Disable
Engine Updates drop-down list appears. If Enabled is
selected (the default) from the drop-down list, updates are enabled
for the selected engines. If Disabled is selected, updates
are not downloaded.
Note: If you disable updates for an engine, it is recommended that you do not use that engine for scanning. When updates for an engine are disabled, the engine still continues to be used for scanning, but as time passes and its definitions become out of date, its effectiveness diminishes. It is strongly recommended that you leave the default of having all engines enabled to update automatically. - Primary update path—Specify the primary update path that
is used to download updates. The following is the default primary
update path: http://forefrontdl.microsoft.com/server/scanengineupdate
If you would prefer to use Universal Naming Convention (UNC) updating by means of a redistribution server, see Distributing updates by using UNC updating.
Note: Unicode update paths are not supported. Also, if the primary update path uses the default Internet path (http://forefrontdl.microsoft.com/server/scanengineupdate) in order to update its antimalware engines, that URL must be allowed in your firewall settings, even if the server generally does not have Internet access. In order to have full protection, your engines need to be updated on a regular basis. - Secondary update path—Optionally, specify the secondary
update path. If the primary path fails for any reason, FPSP uses
the secondary path to download updates. There is no default
secondary path.
If you are using a redistribution server for the primary update path, you can enter the Microsoft download location in the secondary update path. Then, if updating by means of the redistribution server fails, the latest updates can still be retrieved from Microsoft by using the secondary update path.
Note: Unicode update paths are not supported. Also, if the secondary update path uses the default Internet path (http://forefrontdl.microsoft.com/server/scanengineupdate) in order to update its antimalware engines, that URL must be allowed in your firewall settings, even if the server generally does not have Internet access. In order to have full protection, your engines need to be updated on a regular basis. - Update start date and time—Specify the Start date
and Start time at which to check for updates. If you
subsequently select an Update frequency of Once, this
is the only date and time that update-checking occurs; otherwise,
this date and time represents the first time that update-checking
occurs.
- Update frequency—Specify how often the update occurs.
You can select Once (update only once, on the specified date
and time), Daily (update every day, at the same time), or
Weekly (update each week, on the same day and time). It is
recommended that you select Daily and then set a repeat
interval in order to update the engine at multiple times during the
day. To set a repeat interval, select the Check for updates
every check box and then specify the hours and minutes using
the input box. By default, antimalware updates are scheduled to
occur Daily on an hourly basis.
- Click Apply and Close to return to the Gloval
Settings - Advanced Options pane, where you can select another
engine to be updated. pane.
- Enabled—If you selected only one engine, the
Enabled check box appears. If checked (the default), updates
are enabled for the selected engine. If cleared, updates are not
downloaded. If you selected multiple engines, the Enable/Disable
Engine Updates drop-down list appears. If Enabled is
selected (the default) from the drop-down list, updates are enabled
for the selected engines. If Disabled is selected, updates
are not downloaded.
-
After you are done making changes, click Save.
-
In the FPSP Administrator Console, click Policy Management, and then in Global Settings, click Engine Options.
-
In environments where the SharePoint server must access the Internet through a proxy server you must configure FPSP to retrieve engine and definition updates through that server by performing the following steps:
- In the Global Settings - Engine Options pane, in the
Proxy Server section, select the Enable proxy server
check box.
- Type the Proxy server (name or IP address) and
Port.
- Optionally, if you need to specify a user name and password,
click Edit Proxy Server Credentials in order to open a
dialog box where you can specify your credentials for the proxy
server. It is recommended that you use credentials with the minimum
privileges. These should not be domain credentials, and the user
should only be granted access to the proxy server.
- In the Global Settings - Engine Options pane, in the
Proxy Server section, select the Enable proxy server
check box.
-
To configure FPSP to perform updates for enabled engines when the SharePoint service starts, in the Additional Options section, select Update engines on sever startup. This setting is disabled by default.
-
To configure the maximum number of seconds that an engine will attempt to download an update before timing out, specify a value, in seconds, in the Engine download timeout (seconds) field. If a timeout occurs, the download is retried at the next scheduled interval. The default value is 300 seconds. The minimum is 60 seconds and the maximum is 86400 seconds (24 hours).
-
Click Save.
Important: |
---|
For more information about the UNC Authentication settings and the Enable as an update redistribution server check box, see Distributing updates by using UNC updating. |