Forefront 2010 Protection for SharePoint

Most people will be be familiar with Forefront Endpoint Protection (FEP) for Windows clients and servers, but with FPSP installed on your SharePoint servers you can benefit from the following features.

  • Stops malware more effectively through integration of multiple industry-leading scanning engines
  • Blocks dangerous attachments from being posted or downloaded with file filtering
  • Prevents the upload or download of out-of-policy content with keyword filtering

In essence FPSP sits in-between your SharePoint service and its content and can scan content on upload and download, and this can can have an impact on both server performance and content upload and download times, it does this by installing its own API (VSAPI) ISAPI filter into IIS.

Another thing to be aware of is that the service account used by FPSP has some specific permission needs

1) Member of local Admins on each SharePoint server

2) Member of Farm Administrators

3) Member of the SQL Sysadmin role on the database server.

Watch out for number 3 as your DBA’s might have something to say.

By default FPSP installs with 4 scanning processes (this can be changed).

image

The scanning process show up in Task manager as FSCRealtimeScanner.exe, and they can consume quite a lot of memory.

image

 

and by default SharePoint will create 10 AntiVirus threads (again this can be changed) for each w3wp process SharePoint creates.

image

So if SharePoint is using 3 W3wp processes there will by default  be 30 threads of execution served by 4 in memory processes, so you may need to play with these numbers to if you are seeing some performance issues.

 

Also don’t forget to add the appropriate folder exclusions in FEP for your SharePoint servers. If your using using SCCM to control FEP policies the following exclusions will be added automatically.

clip_image002

These are okay for a standard SharePoint 2007 or 2010 install, but if your install uses other locations don’t forget to add these.

A full list of location exclusions please see this article

http://ghamson.wordpress.com/2012/05/28/forefront-2010-protection-for-sharepoint/

Advertisements