Security

Implementing Microsoft ForeFront Security for Exchange

You've seen the Microsoft ads saying how it's easier to defeat viruses using ForeFront than it is to kill zombies. Maybe. But just how hard is it to get ForeFront up and running? And what does it do? Brien Posey explains.
Keeping viruses out of an Exchange Server organization is of critical importance to an organization's wellbeing. After all, the vast majority of the viruses in the world are designed to be delivered through e-mail.

Antivirus applications that are specifically designed to protect Exchange Server are nothing new. Such applications have existed in one form or another for well over a decade. Even so, there is always been one major problem associated with protecting an Exchange Server from viruses, and that is keeping the virus definition files up to date. Fortunately, Microsoft now offers a product called Microsoft ForeFront Security for Exchange that is designed to help alleviate this problem. In this article, I will explain what makes ForeFront Security for Exchange so special. I will then show you where you can get a copy, and will walk you through the installation process.

Why Use ForeFront

There are countless antivirus products on the market, so you are probably wondering what makes ForeFront so special. As I mentioned in the previous section, the biggest problem with antivirus software is the timeliness of the updates. Unfortunately, there really isn't one company that's better than the others when it comes to creating definitions for newly discovered viruses as quickly as possible. In fact, when a new viruses discovered all of the antivirus companies will eventually develop signatures for the virus, but there is no way of knowing who will be the first to produce a signature.

Antivirus applications offer little protection against viruses for which they do not have a signature. Since it is impossible to tell which antivirus company will be the first to develop a signature for a newly discovered virus, one common technique for protecting Exchange Server organizations involves using two different antivirus products. For example, I have seen companies use Norton Antivirus on their servers, and run McAfee at the workstation level.

The rationale behind this type of deployment is that as infected e-mail messages arrive, hopefully the server's antivirus software will clean the infected message. If the messages infected with the virus for which the server's antivirus software does not yet have a signature though, there is always a chance that the software that is running on the workstations will have a signature, and a virus can be eradicated when the user opens Outlook.

While this technique does work better than using a single antivirus product, it does have its drawbacks. For starters, maintaining two separate antivirus applications can be expensive. The other problem is that you're still only using two scanning engines, and there is no guarantee that either of them will have the signature is that you need.

Sadly, there isn't an antivirus product in the world they can guarantee that they will always have every signature for every virus. However, ForeFront Security for Exchange does the next best thing. It integrates up to five different scanning engines, from five different companies, into a single product.

Installing ForeFront Security for Exchange

The best part of the installation process is that you already have everything that you need. Microsoft ForeFront Security for Exchange Server is actually included on the Exchange 2007 installation CD. To launch the installation process, simply navigate to the CD's Forefront folder, and double click on Setup.exe. If you don't happen to have your Exchange 2007 installation media handy, you can download a trial version of ForeFront Security for Exchange at Microsoft's Web site.

When the Setup wizard begins, the first thing that you will see is the Welcome screen. Click Next to bypass the Welcome screen. Setup will now display the ForeFront license agreement. Click Yes to accept the license agreement and you will be taken to a screen that asks you to enter your name and the name of your company.

After clicking Next, the next screen that you will encounter asks you if you want to perform a local or a remote installation. This is just Setup's way of asking you if you want to install ForeFront on the server that you are using, or a different server. For the sake of this article, I am going to assume that you are performing a local installation.

Click Next, and Setup will ask you if you want to perform a full installation or a client installation. Performing a client installation only installs the management console, not the actual ForeFront software. This is a good option if you want to be able to manage ForeFront from your workstation. For right now though, go ahead and choose the Full Installation option, and click Next.

At this point, the Setup wizard will display the screen that's shown in Figure A. As you can see in the figure, the wizard asks you if you want to use Secure Mode or Compatibility Mode.

Figure A

Choose between Secure or Compatibility modes.

The basic idea behind this screen is that messages containing infected attachments are quarantined. Most of the time you will probably be able to just delete the quarantined messages. Once in a while though, you may find that a message that has been quarantined contains information that you need. In those particular cases, you will have to clean the message and move it out of quarantine. This screen asks you how you want Exchange to handle messages as they are removed from quarantine.

If you choose the Secure Mode option, then any messages that you remove from quarantine will be treated in the same way that they would if they had just arrived in your Exchange organization. This means that any content filters that you have set up will still apply. If you choose the Compatibility Mode option, then Exchange will assume that the message does not need to be filtered since you are taking the time to manually move it out of quarantine. You should choose which ever option best meets your organization's needs.

After clicking Next, you will be taken to the screen that's shown in Figure B. As you can see in the figure, this screen asks you which scanning engines you want to use. ForeFront supports using up to five scanning engines simultaneously. The Microsoft Antimalware Engine is selected automatically, and cannot be deselected. This counts as one of your choices. The other four scanning engines are chosen randomly, but if you have preferences as to the scanning engines that you would like to use, you can make your own selections on this screen.

Figure B

You must decide which scanning engines you would like to use.

Click Next and Setup will display a warning message. Don't worry. This message just says that ForeFront will download new definitions for the scanning engines five minutes after the ForeFront services are started, and hourly after that. It also says that if you are using a Proxy server, then updates will fail until you configure ForeFront to make it aware of your proxy server.

Click Next and Setup will ask you if you want to automatically download anti spam updates. It is important to understand that ForeFront is an antivirus product, not an anti spam product. If you choose to allow anti spam updates, the updates will apply to Exchange Server, not to ForeFront. Furthermore, if you later decide to disable anti spam updates for whatever reason, the antivirus definitions will continue to be updated.

The reason why ForeFront offers you the option to perform automatic anti spam updates, even though ForeFront doesn't have any anti spam capabilities of its own is because spam and e-mail viruses usually go hand in hand. If you reduce the flow of spam, you also reduce the flow of inbound e-mail viruses, and visa versa.

Click Next, and Setup will ask you to specify the destination folder to which you want ForeFront installed. You can just click Next to accept the default installation path, unless you have a compelling reason to change it.

At this point, you will see the screen that asks you which folder the program icons should be placed in. Again, you can just click Next to accept the defaults.

At this point, you will see a summary screen. Scroll through the information presented on this screen to make sure that all of the Setup options are correct. Assuming that everything looks good, click Next.

When you click Next, Setup will begin copying some of the installation files. Eventually though, the file copy process will stop and Setup will display a warning message similar to the one that's shown in Figure C. In this case, Setup is telling you that Exchange must recycle the Transport Service in order for the installation to be completed. If recycling the service isn't an option right now, you can click the Skip button to complete the installation, but ForeFront won't work until after the service has been restarted.

Figure C

Setup may ask you for permission to restart an Exchange service.

It is worth mentioning that Setup may not always ask to restart this service, or may ask you to restart other services. The actual services that need to be recycled will depend on the roles that the server is performing. In case you are wondering, the screen shots that I am using in this article were taken from an edge transport server.

If you click Next, Exchange will recycle the requested service. When the process completes, Setup will tell you that the installation has been completed. Click Finish to close the Setup wizard.

Installation Complete!

Now that you have installed ForeFront, it's time to finish configuring and fine tuning it. For right now though, I know that you might be curious to take a look around the administrative console. You can access the administrative console by selecting the ForeFront Server Security Administrator command from the Start | All Programs | Microsoft ForeFront Server Security | Exchange Server menu. Upon doing so, you will see a prompt asking you which server you want to connect to. The current server is selected by default, so just click OK.

At this point, you will see a warning message that tells you how many days you have remaining before you have to license ForeFront. As you can see in Figure D, you have the option of either activating the software right now, or clicking OK to continue the trial.

Figure D

You can either use ForeFront in evaluation mode, or you can activate the software if you have purchased licenses for it.

Even if you have already purchased ForeFront licenses, I recommend running ForeFront in evaluation mode until you get any kinks worked out. That way you won't end up in a situation in which you have to uninstall and then reinstall software that has already been activated.

Editor's Picks