This is another very quick common question that seems to not have any documentation.

Scenario: You go to get the latest hot fix rollup for forefront for Exchange. And you notice there are two versions of the patch. A 32 bit version and a 64 bit version. Well Exchange is 64 bit but wait Forefront is installed in the Program files(x86) directory.

So what version do you need?

Depending on your setup...

There are two patches. One of them (the x86 version) is for client machines only.

The x64 version is for the server.

The forefront product has x64 components but for the most part is 32 bit.

If you are installing on a windows vista machine and it has the client installed you would grab the x86 version.

If you are installing on the server with the actual Exchange services on it, then you install the x64 version.

The Latest “common” issue we have been experiencing with Microsoft Antigen 9.x is higher than normal memory utilization on servers that for the most part have been running without issues for years.

This issue did not occur overnight but this is a gradual change. Some customers believe that this is a new issue but hopefully this post can shed some light on the subject.

In the beginning Antigen 5.5 was a single engine scanning product. Its stand out feature at the time was that it could choose a separate engine for Real time and another engine for SMTP scanning.

6.0 introduced our multiple engine manager that allowed each file to be scanned by all 5 engines at the same time.

At the time 6.0 was released we were able to package all 5 engines with the installer and have the package size under 50Mb and our scan processes utilized no more than 75Mb. In comparison, the same engines (5 in 6.0 an 4 in 9.1 due to CA consolidation) today our scan processes will normally average 190-225Mb per scan job.

So why the increase?

In the last few years we have seen an increase of malicious software (up over 400% from year 2007 to 2008) and this in turn has increased the size of virus definitions. A good example is the Norman engine. In 2005 the engine definition was 1.7MB. 4 years later the engine definition has increased to 49MB (almost as large as the original 8.0 install package with 9 engines) . This has translated into an increase in memory utilization.

What’s the Solution?

The first step toward a solution is to take a look at your setup and determine if you are set up optimally. Antigen scan starts up two scan processes per storage group by default and two SMTP scan jobs by default.

You should avoid using the spam cure engine on backend servers. The spam cure engine can take up to 500MB alone due to its spam detection. A recommended environment would be a front end SMTP server with Antigen for SMTP providing edge protection from viruses and Spam and a back end Mailbox server without Spamcure.

Stagger your engines for maximum performance/Protection. On a 4 storage group server, moving Norman only to the SMTP scan will return 800MB of memory to the system.

Reducing the amount of engines at any one location. You can improve performance and still have the unmatched protection that multiple scan engines provide by setting each scan location to 3-5 engines. If you have a front end SMTP server you can set all the engines on that server and then stagger the 5-9 engines across your back end SMTP and Mailbox scanners. This way you would have overlapping/layered protection and an increase in available memory.