Protecting SharePoint 2010 from Viruses Using Forefront Protection 2010 for SharePoint

Built in to SharePoint 2010 is a programming application programming interface (API) known as the Antivirus API. This API can be used by any third-party or Microsoft solution to scan all documents that are injected into SharePoint for viruses. Numerous capable third-party solutions on the market today take advantage of this API to protect SharePoint from viruses and threats. In addition to these third-party products, Microsoft has their own offering that provides for antivirus capabilities in SharePoint. This products is known as Forefront Protection for SharePoint (FPSP).

FPSP’s main distinguishing point from its competitors is that it runs as a multiengine antivirus application, allowing for all documents to be scanned by multiple independent antivirus engines from such companies as Kaspersky, VirusBuster, Athentium, and Norman. By scanning with multiple engines all from different competing companies, you have a much better chance of catching individual viruses, especially those “day 0” attack viruses that spread quickly upon initial release.

Although it is not a requirement to install FPSP, it is highly recommended to at least install a third-party antivirus tool. SharePoint 2010 does not have native antivirus capabilities, and client antivirus might not always be up-to-date or can be missing, especially in extranet scenarios.

Installing Forefront Protection for SharePoint

To install Forefront Protection 2010 for SharePoint, copy the installation binaries to a web role server in the farm. The binaries should be installed on all servers with the web role in that particular farm. Installation is quite straightforward, and consists of the following steps:

1.	Start the Setup Wizard, and agree to the licensing terms when prompted. Click Next to continue.
2.	Click Next when prompted to restart services.
3.	Select the appropriate installation folders for program files and data, and then click Next to continue.
4.	If using a proxy server, enter the proxy settings; otherwise, click Next to continue.
5.	Enter the credentials of the SharePoint installation account, as shown in Figure 1. Note the required rights this account will need to have. Click Next to continue. Figure 1. Installing Forefront Protection for SharePoint.
6.	Select whether to use Microsoft Update (recommended), click Next to continue.
7.	Select whether to join the Customer Experience Improvement Program, and then click Next to continue.
8.	Review and confirm settings, and then click Next to begin the installation.
9.	Wait for the Installation Wizard to finish, and then click the Finish button.
10.	Repeat the installation process on all web role servers within the farm.

Using Forefront Protection 2010 for SharePoint 2010

Once installed, the FPSP console can be opened directly from the Start menu. When opening for the first time, you will be prompted to Activate, which is highly recommended as soon as possible. Note that you do have 120 days to activate, but after that time period, the software will no longer update the antivirus engines, and it will not clean additional viruses.

The Forefront Protection 2010 console, shown in Figure 2, is comprehensive and enables administrators to review quarantine, handle incidents, set up configuration notifications, and monitor the environment.

Figure 2. Viewing the Forefront Protection for SharePoint console.

Two key administrative tasks using Forefront Protection 2010 for SharePoint are key to understanding the product. The first is that the actual antivirus API settings are controlled from within SharePoint Central Admin itself, and those settings are grayed out in the FPSP console, as shown in Figure 3. If you think of FPSP as a bolt-on to the SharePoint Antivirus API, this makes more sense.

Figure 3. Viewing SharePoint Antivirus API settings from within the FPSP console.

The second concept to understand is how to modify the “Intelligent Engine Management” engine, or to be able to manually control which antivirus engines run on the individual server. By default, these settings are automatically controlled from the Advanced Options node under Policy Management – Global Settings, as shown in Figure 4. Modifying these settings enables administrators to be able to change which antivirus engines are running at any one time.

Figure 4. Modifying engine settings from within the FPSP console.

After installing FPSP, it is a good idea to familiarize yourself with the options and functionality that is immediately available in the console. Navigating the console and finding settings is straightforward, and Microsoft has a good help file included in the product. For more information about FPSP and the other Forefront products from Microsoft, refer to http://microsoft.com/forefront.