Just as a heads up. We are seeing cases where the Microsoft scan engine is failing to update in Forefront Protection for Exchange with the following errors. 6019 GetEngineFiles An error occurred while testing the scan engine. 6012 GetEngineFiles An error...

  We are in the process of adding this information to our setup documents. -When implementing FOPE or O365/Live@EDU and you have mail coming to your on premise servers, you need to turn off any SPF checking at your mail server/firewall. The connecting...

My first FOPE centered blog. One common issue with FOPE (this also happens in FSS/Antigen) is the 0 day Virus’s that pretend to be a legitimate mail from other senders. These tend to be small emails asking you to open the file in a zip attached to the...

If you have issues logging into any of the Forefront Management Consoles with an Error 500 you most likely changed the service account password. To verify this is due to a password issue you can check the event logs for Event ID 10004, Distributed COM...

The most common reason we do not filter spam in FPE is that we honor the ms-exch-bypass-anti-spam permission on connectors. The most common scenario is that the bypass is enabled for anonymous connections. This is simple to fix with some PowerShell commands...

Updates to this issue will be posted to http://blogs.technet.com/b/fss/   Last night we pushed out an update that resolves this issue. Updating your engines should resolve this issue and you can go back to your previous configuration.

During our testing we have discovered that there is a potential to download the Cloudmark engine update even when there is not an update. This is being looked at but for now it is recommended that you set Cloudmark to update only every 24 hours to avoid...

*Updated to include default folder path for Cloudmark* If you are having issues with timeouts after updating your Cloudmark engine between Friday and Saturday afternoon this post should help you out.   On Friday night we released a Cloudmark engine...

We have been seeing some Antigen 9.x servers up past rollup-3 that are still not updating to Kaspersky 8. As of last week, customers still running Kaspersky5 started getting errors during attempted updates. This is normally due to one or more files being...

We have had a few strange detection issues last week due to some non-standard configurations. 1. Spam filtering not working for User X This one was due to a setting in content filtering. There is a setting called AntispamBypassEnabled  for each user...

This issue is starting to pop up in a few environments with connectivity issues to https:\\crl.microsoft.com It looks like we implemented code access security into our Mail Pickup service. The issue is some firewalls or proxies might not allow this site...

I get these issues every few months. SharePoint or Exchange Admin getting files deleted due to Large uncompressed size or large compressed size virus. We have a few KB’s on this but there is some detail that is missing.  I also realized today that...

Just wanted to give everyone a heads up. Some customers are reporting a failure (less than 5% of the time) downloading engines. The next time a download occurs it will download just fine. We are looking into the cause and the fix will be automatic as...

  There has been some major confusion on the setting under advanced options in Forefront Protection for exchange called “Rescan messages already scanned by Forefront Online protection for Exchange” By default it looks like this Now this looks like...

We are tracking an issue where Norman updates on Forefront Protection for Exchange are failing with a version downloaded is older than the local version message. Event ID 6014, Source GetEngineFiles. The workaround for this issue is to delete the numbered...

Information and links on this wiki page. http://social.technet.microsoft.com/wiki/contents/articles/worm-win32-vb-wf-forefront-and-antigen-mitigation.aspx This is spreading quickly. I expect that most Antigen users are already filtering but if you have...

I had a question on how we can change the default action for spam to allow end users to manage what is spam and is not spam. In AntiSpam configuration under policy management By default our settings are quarantine at SCL 5-8 and reject at SCL 9. To allow...

I decided to write up a filter guide as there seems to be some confusion with the new interface in FPE. The screens are from FPE but the guidance is good for filtering in all of our products. With Forefront Protection for Exchange we have drastically...

I would recommend FPE customers do this. By default when our Anti-spam agent finds something as clean we mark it SCL -1 This can cause a lot of issues with Exchange Blocked senders and it also blocks out any chance of IMF catching something. This is covered...

Mytob and mydoom variants seem to be on the rise in the last week. These files are named in a way to fool users into thinking the file is something other than an executable. in this example a quick look at the file in postcard.zip might make you think...

  Forefront Management console (FSSMC) has various jobs for configuring your server. The main job is the general options settings. This configures items in general options for Antigen/forefront servers. Other settings such as filter lists, scan engine...

We are seeing a few calls from people that have upgraded to Antigen for Exchange SP2. These calls have AntigenService.exe hanging. This can create issues updating, connecting with the client and mail flow issues. This issue is caused when we initialize...

make sure your engines have updated after October. SP2 has a mapper (packaged with the engines) requirement that was released two months before SP2 came out. we have seen a case that had a customer not updating for a year and this caused the engines to...

If you have written into support lately you should have seen something like this in the signature of the engineer you were working with   Did you know Antigen and Forefront will be removing support for the CA, Sophos, AhnLab and SpamCure engines...

Issue: Constant StatisticsManagerServer event id 100 on the passive node of a 2003 cluster (maybe on a SCC cluster in 2008 as well) Cause: Antigen Statistics Service needs to access the statistics.xml located in the %data% folder of the Antigen...