Many of you may have noticed warning notifications about the upcoming end-of-life date for several antivirus engines and the Spamcure antispam engine being generated by Antigen and Forefront Server Security. These notifications are intended to ensure that you take the appropriate steps to keep your antivirus and antispam protection up to date when these engines are retired. (For more information, read the most recent blog article about the upcoming engine changes.)
We have received several requests, however, for information about disabling these notifications that are generated by Antigen for Exchange and SMTP Gateways and Forefront for Exchange, SharePoint, and Office Communications Server related to deselecting the antivirus engines about to be retired. This article provides instructions for deselecting engines from scan jobs, which will disable the notifications for affected Forefront and Antigen products.
To stop these notifications, you must stop using the engines that are being discontinued in the Forefront/Antigen products. The steps to disable the engines in the products are listed below. If you are aware of the engine retirement and wish to suppress the errors temporarily without disabling the engines, you need to contact Microsoft support for help.
Follow these steps to completely disable the specific antimalware engines within the Forefront and Antigen products.
Note: The steps below need to be followed for the AhnLab, CA, and Sophos, and the Spamcure engines, which are being retired on December 1, 2009. Customers using SpamCure need to ensure that they are using Antigen 9 with service pack 2 that was released on July 1, 2009. For additional information, refer to Antimalware Engine Notifications and Developments.
To properly disable an engine and definition updates, you will need to:
1. Remove the engine from all antivirus scan jobs.
2. Disable definition updates for the engine.
3. Remove the engine from the Quick Scan job. (This step is not necessary for Antigen SMTP only installations as the Quick Scan functionality is disabled in this configuration.).
1. To remove the engine from all antivirus scan jobs
a. Open the Forefront/Antigen Administrator.
b. Under Settings, select Antivirus.
c. Deselect the engine you want to remove under “File Scanners” for each scan job that is listed there.
d. Click the Save button.
2. To disable engine updates
b. Under Settings, select Scanner Updates.
c. Select the engine you want to disable updates for and click the Disable button on the right-hand side to disable scheduled updates for this engine.
3. To remove an engine from the Quick Scan job
b. Under Operate, click on Quick Scan.
c. Deselect the engine under File Scanners.
IMPORTANT: Customers using Antigen version 9 with Service pack 2 (released as of July 1st) need to apply Rollup 1 that was released in October 2009. The rollup contains a needed fix for an issue regarding notifications when Antigen is installed on a SMTP only configuration. For more information on the fix as well as the download location, please see the following Kb (http://support.microsoft.com/kb/975355#4).
Program Manager - Forefront Server Protection