• Forefront Obsolete Notifications

    Posted over 5 years ago
    by DaDougInc}

    After upgrading your Antigen or Forefront for Exchange to the SP2, you might start seeing notifications relating to obsolete engines, even though you've disable the engines in the management tool.

    The Ahnlab Virus Detection Engine scan engine is now obsolete and no longer supported. Updates are no longer available for this engine, and therefore the update check for this engine has been disabled.  Please review the scan engines chosen for your scan jobs and make another selection to ensure up-to-date protection. For more information, see http://go.microsoft.com/fwlink/?LinkId=152864

    My suggestion would be to start by reading http://blogs.technet.com/fss/archive/2009/11/16/how-do-i-disable-these-engine-end-of-life-notifications-i-am-receiving-from-antigen-and-forefront.aspx

    If that does fix your issue, know that a solution from Microsoft should be out in the coming weeks.  However if you need a solution today, then take a look at the EngineList registry key on your server located at HKLM/Software/Wow6432Node/Microsoft/Forefront Server Security/Exchange server.

    Then use the information below to determine if that key has an old engine enabled.  If you find that an old engine is enabled, here are the steps that you can use to reset them.

       NOTE: There is a risk that other settings will be impacted (like file filter lists).  Document and/or backup the configuration so that you can restore values if needed prior to proceeding.
        1.  Stop the FSCcontroller services
        2.  Modify the EngineList key to a proper value (ex: 0x00008243)
        3.  Rename the Scanjobs.fdb and templates.fdb 
        4.  Start the services. 

    New Scanjobs and templates should be recreated.  This change enables the COMMAND engine so be sure that you’ve configured the engine to pull updates.

    MORE INFORMATION

    These are the bit values for the obsolete engines:
      SOPHOS          (0x00000008)
      CA_VET           (0x00000020)
      AHNLAB           (0x00000080)
      SPAMCURE      (0x00001000)

    These are the bit values for the current active engines:
      NORMAN          (0x00000001)
      MICROSOFT     (0x00000002)
      COMMAND       (0x00000040)
      SYBARILIST     (0x00000100)
      VBUSTER         (0x00000200)
      KASPERSKY5   (0x00008000) 

    If you take the value from the EngineList key, you can determine which engines are currently enabled.
    Example 1: Current value is 0x0000820b.  Engines enabled = SOPHOS, NORMAN, MICROSOFT, VBUSTER, & KASPERSKY5
    Example 2: Current value is 0x00008223.  Engines enabled = CA_VET, NORMAN, MICROSOFT, VBUSTER, & KASPERSKY5
    Example 3: Current value is 0x000080e2.  Engines enabled = KASPERSKY5, MICROSOFT, COMMAND, AHNLAB, & CA_VET

    Example Proper Value 1: 0x00008342   Engines enabled = KASPERSKY5, VBUSTER, SYBARILIST, COMMAND, MICROSOFT
    Example Proper Value 2: 0x00008243   Engines enabled = NORMAN, MICROSOFT, COMMAND, VBUSTER, & KASPERSKY5

    Doug

  • Understanding the right terminology…

    Posted over 5 years ago
    by DaDougInc}

    Over the past 3 months, I've had several discussions around planning of messaging environments.  These dicussions always lead to discussions around availability and the similar.  But what I've discovered is that many people confuse some of the terminology which makes the planning phase more difficult. So I wanted to clarify some of these terms...


    AVAILABILITY
    Availability is the degree to which an application, service, or system is perceived by users to be available.  Availability typically consists of redundancy and fault tolerance as a means to eliminate any single point of failure.  A high-availability solution masks the effects of a hardware or software failure and maintains the availability of applications so that the perceived downtime for users is minimized. A good solution should be able to take appropriate action with little to no user involvement.  Availability is not data protection and recovery, nor is it disaster recovery.


    REDUNDANCY
    Redundancy is a key part of availability.  This is the use of multiple components, services, or systems to ensure that if one fails, another can carry the workload.  Examples of redundancy include the use of multiple servers in a load-balanced environment to improve farm performance or to scale out to accommodate additional users. Redundancy may also be the use of identical backup components, such as power supplies or networking equipment, to provide continued functionality in the event of the failure of the primary component.


    RECOVERABILITY
    Recoverability is recovering from an outage for an application, service, system.  This includes understanding the process to recover, the time needed to recover, how much data/productivity can be lost, etc.  Basically, this is disaster recovery


    SITE RESILIENCY
    Site Resiliency is when a physical location or datacenter has experienced an issue that may impact user productivity or data.  This might involve only one or a set of applications, systems, or services.  In either case, if the current datacenter is not capable of providing the necessary resources to bring the resource(s) online at 100%, then you might need to fail over to an alternate location.  Often failing over to an alternate site is a manual process.


    So when considering an IT solution, be aware of the differences in these terms and that each may require a different solution. 

    Exchange Server 2010: High Availability and Site Resilience
    http://technet.microsoft.com/en-us/library/dd638121.aspx

    Exchange Server 2010: Disaster Recovery
    http://technet.microsoft.com/en-us/library/dd876874.aspx

    Exchange Server 2007: High Availability
    http://technet.microsoft.com/en-us/library/bb124721(EXCHG.80).aspx

    Exchange Server 2007: Disaster Recovery
    http://technet.microsoft.com/en-us/library/aa998848(EXCHG.80).aspx

     

    Doug