Enhanced Malware Protection (EMP) is the mechanism that Forefront TMG uses to block malware coming through Web access. EMP provides a single point of Malware scanning that ensures all downloaded files are scanned with latest malware definitions. In summary the scanning process occurs in the following manner:
Note: for more information on EMP process review the article “Monitoring Malware through the Edge with Microsoft Forefront Threat Management Gateway” at Microsoft Technet.
This post is about a scenario where when the user is trying to download a file and you receive the error message below:
On the event viewer you will also notice the event 23461, which says: “The client ClientAddress exceeded the per-client accumulation limit for malware inspection. Requests that generate this event are blocked.”
2. Customizing the Storage Settings
The EMP Resource Allocation manager is responsible for calculate user’s quota while accumulating and scanning requests. The user’s quotas are:
Disk storage threshold
Specifies the amount of memory used, in kilobytes, at which temporary storage will switch to disk. Its default value is 64 kilobytes, and its range of permissible values is from 4 through 256.
Maximum total storage size
Specifies the maximum total disk space, in gigabytes, that may be used for temporary storage. Its default value is 40 gigabytes, and its smallest permissible value is 4.
Client storage limit
Specifies the maximum disk space, in megabytes, that may be allocated for temporary storage for a single client. Its default value is 50 megabytes, and its smallest permissible value is 0.
Extended client storage limit
Specifies the maximum disk space, in megabytes, that may be allocated for temporary storage for a single client that has been granted the extended disk space storage limit. Its default value is 1024 megabytes, and its smallest permissible value is 0.
Extended limit pool size
Specifies the maximum number of clients that may be granted the extended disk space storage limit concurrently. Its default value is 20 clients, and its smallest permissible value is 0.
For scenarios where such error message is appearing and users are unable to download content, you can use the counters below to find out if the limits are reached:
Note: for more information on Malware Inspection counters review the Forefront TMG perfmon counters here.
To change the default user’s quota, refer to Managing temporary storage settings article, there you will find the scripts to view and change the default configuration.
Bala Natarajan Sr Security Support Escalation Engineer Microsoft CSS Forefront Security Edge Team
Yuri Diogenes Sr Security Support Escalation Engineer Microsoft CSS Forefront Security Edge Team
Good job Bala and Mr. Yuri!!!! I´ve spent some hours (sniffs) trying to find the client´s quota on technet and etc....but was unable to find it.
Thanks for putting all togetter.
i don't understand, how does this help me download iTunes to my windows 7 64-bit hp laptop