Using Forefront TMG, you can inspect outbound HTTP traffic for malware (such as, worms, viruses, and spyware). By enabling malware inspection on Web access rules, the Malware Inspection Filter scans Web pages and files that were requested by client computers, and either cleans harmful HTTP content or blocks it from entering the corpnet.
 Note: |
|---|
| Outbound inspection refers to HTTP requests that originate from clients on networks protected by Forefront TMG. |
Malware inspection can be configured on both a global level for all the members of an array, and a per-access rule level. For general information about malware inspection, see Planning to protect against malicious Web content.
Configuring global malware settings
The following topics describe how to configure global malware inspection settings:
- Enabling malware
inspection—Describes how to enable malware protection on
Forefront TMG.
- Configuring malware
inspection options—Describes how to configure threshold levels
and other scanning options.
- Defining exemptions to
malware inspection—Describes how to specify sources or
destinations that you want to exempt from malware inspection.
- Configuring malware
inspection content delivery—Describes how to set the method by
which clients should be informed of the progress of file downloads
and other content, as they are being inspected.
- Configuring malware
definition updates—Describes how to configure the automatic
updating of malware definitions and the malware engine.
- Configuring the malware
inspection storage location—Describes how to specify a location
for storing files during the inspection process.
Configuring malware settings per rule
For instructions on how to configure malware for individual access rules, see the topic Configuring Web access rule options. Specifically, see:
- Modify
malware inspection settings for a rule—Describes how to enable
malware inspection and configure custom malware settings for a
specific rule.
- Modify
denial notification—Describes how to create a custom message
for users when Forefront TMG denies access to malware-infected Web
content.