SharePoint Notes

Bleeding on the cutting edge …

Installing Microsoft Forefront Security for SharePoint with SP1

Posted by Christian Dam on January 20, 2008


A quick start guide to Microsoft Forefront Security for SharePoint.
Step 1: Installation

  1. Click setup.exe
  2. Click Next on the Welcome page
  3. Click Next to accept the licence agreement
  4. Enter User Name and Company Name and click Next
  5. Select Local Installation anc click Next
  6. Select Full Installation
  7. Select the engines to install and click Next
    • Forefront comes with eight different scan engines where the Microsoft Antimalware engine and four additional random chosen engines are selected.
    • The possible scan engines are:
      • Microsoft Antimalware Engine (cannot be de-selected)
      • AhnLab Antivirus Scan Engine
      • CA Vet
      • Authentium Command Antivirus
      • Kapersky Antivirus Technology
      • Norman Virus Control
      • Sophos Vires Detection
      • VirusBuster Antivirus
    • Only four additional engines can be selected during installation.
    • You can add or remove selected engines at this point or through the administrative client later
    • More scan engines add to the memory requirements
  8. Click Next
  9. Select Destination Folder and click Next
  10. Select Program Folder and click Next
  11. Enter User Name and Password of an account that have local administrative permissions on the SharePoint Farm Servers including the database server if it is a seperate server. Click Next
  12. Click Next
  13. The installation starts …
  14. That’s it. Click Finish

Step 2: Configure and Update Scan Engine Definitions

After the installation make sure you update the scan engine definitions:

  1. Start Forefront Server Security Administrator (Start -> All Programs -> Microsoft Forefront Server Security -> SharePoint Security -> Forefront Server Security Administrator)
  2. Select server to connect to and click OK
  3. Navigate to Settings -> Scanner Updates
  4. Select every scan engine in turn and click Update Now
  5. Jump to the Antivirus settings and select the scan engines you want to enable for both scan jobs

Step 3: Test

  1. Verify that antivirus has been configured in MOSS:
    • In Central Administration navigate to Operations
    • In the Security Configuration section select Antivirus
    • Make sure that Scan documents on upload and Scan documents on download are checked
  2. Create a test “virus” file
    • Copy the following string to a file and save the file as eicar.com:
      • X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
    • This is naturally not a real virus, but a definition defined by European Institute for Computer Anvirus Research for situations like this, where we need to test an installation without messing about with real vira
  3. You may need to unblock .com files first:
    • Go to Central Administration -> Operations -> Blocked Files Types
    • Select the Web Application that host your portal
    • Remove the com file type from the list (remember to add it again later)

  4. Upload eicar.com to your portal
  5. If you get the following message, you should be OK

    “eicar.com” contains the following virus: “VIRUS= EICAR_test_file (VBuster,Sophos,CA(Vet),Microsoft); Tagged ID: 0C542A02_C741_4366_A6DD_8A5546B38D70″

    This file cannot be saved to the document library. If you want to save this file to the document library, clean the file using alternative virus scanning software and try saving it again.

    Advertisements

    Sorry, the comment form is closed at this time.

     
    %d bloggers like this: