Get answers to your questions about Forefront Protection 2010 for Exchange Server.

Q.  What is Forefront Protection 2010 for Exchange Server?

A.  Forefront Protection 2010 for Exchange Server provides fast and effective detection of viruses, worms, and spyware by integrating multiple scanning engines from industry-leading security partners in a single solution. Its comprehensive messaging protection also prevents spam and out-of-policy content from entering or leaving your network using integrated on-premise and hosted anti-spam technologies and content filtering. Through integration with Exchange Server, Forefront Protection 2010 for Exchange Server provides high-performance, easily customized antivirus and anti-spam technologies optimized for Exchange environments.



Q.  What is included in Forefront Protection 2010 for Exchange Server?

A.  Forefront Protection 2010 for Exchange Server includes:

• Multiple engine antivirus and antispyware protection.
• Multi-layer antispam protection.
• File and keyword filter to block out-of-policy content.
• Support for Exchange Server 2010 Edge, Hub, and Mailbox roles.

New features in Forefront Protection 2010 for Exchange Server include:

• Premium antispam protection, with 99% detection rate, less than 1 in 250,000 false positives, and backscatter filtering
• New user interface with dashboard view of detection statistics and health monitoring
• Antispyware scanning provided by the Microsoft Antimalware Engine
• Integrated provisioning and management of Forefront Online Protection for Exchange (FOPE) for hybrid, on-premise/hosted protection
• Support for Exchange 2010, Windows PowerShell, and Hyper-V
• Standardized installation using MSI installer

Q.  What languages are supported with Forefront Protection 2010 for Exchange Server?

A.  Forefront Protection 2010 for Exchange Server is localized into 11 languages; English, French, German, Italian, Japanese, Korean, Chinese (Simplified), Chinese (Traditional), Portuguese (Brazil), Spanish, and Russian.




Q.  Where can I find product documentation on Forefront Protection 2010 for Exchange Server?

A.  Documentation for Forefront Protection 2010 for Exchange Server can be found here.




Q.  Is Forefront Protection 2010 for Exchange Server part of the Exchange Server ECAL Suite?

A.  Yes. Forefront Protection 2010 for Exchange Server is included in the Exchange Server ECAL Suite.




Q.  Is Forefront Protection 2010 for Exchange Server part of the Forefront Protection Suite?

A.  Yes, Forefront Protection for Exchange Server is available as part of the Forefront Protection Suite or can be purchased on a stand-alone basis.




Q.  How is Forefront Protection 2010 for Exchange Server licensed?

A.  Forefront Protection 2010 for Exchange Server is licensed through the Microsoft Online Services program on a per-user subscription model. This license includes all antivirus and anti-spam engine updates, signatures, and product upgrades during the license period. Customers will be able to license Forefront Protection 2010 for Exchange Server through the following Microsoft volume licensing programs:

• Enterprise Agreement
• Enterprise Agreement Subscription
• Select
• Academic Select
• Government Select
• Open Value
• Open Value Subscription
• Server Provider License Agreement (SPLA)
• High Volume Services (HVS)
• Campus and School Agreements

Q.  How can I get pricing for Forefront Protection 2010 for Exchange Server?

A.  Forefront Protection 2010 for Exchange Server pricing is available through your Microsoft account representative or your authorized reseller.




Q.  What versions of Exchange Server does Forefront Protection 2010 for Exchange Server support?

A.  Forefront Protection 2010 for Exchange Server supports both Exchange Server 2010 and Exchange Server 2007. For customers with Exchange Server 2003 or Exchange 2000 Server with SP1, purchasing Forefront Protection 2010 for Exchange Server will provide downgrade rights to Antigen for Exchange, which supports these earlier versions of Exchange Server.




Q.  What is Forefront Online Protection for Exchange?

A.  Microsoft Forefront Online Protection for Exchange is a hosted service that consists of layered technologies to help protect businesses’ incoming and outgoing e-mail from spam, viruses, phishing scams, and e-mail policy violations.  Forefront Online Protection  for Exchange provides comprehensive protection, integration with Exchange Server 2010 and Forefront Protection 2010 for Exchange Server, and simple management, which results in peace of mind for businesses looking to secure their e-mail infrastructure.




Q.  How does Forefront Protection 2010 for Exchange Server help protect Exchange Server?

A.  Forefront Protection 2010 for Exchange Server provides server-level protection in real time by examining messages as they are in transport (at Edge and Hub servers) and in the store (in Mailbox and Public Folder servers), even when they come from mobile devices. By using multiple scan engines, the software helps ensure that mail continues to be scanned even if one engine fails or goes offline for updates.

Q.  Is it possible for Forefront Protection 2010 for Exchange Server end users to release their quarantined email through Outlook or a web UI by using their domain credentials? 

A.  No. End users cannot access quarantined mail. Forefront Protection for Exchange 2010 quarantines mail in a centralized location on the FPE server, and the Administrator must access the quarantine to release items. For more information on the FPE quarantine, see the TechNet topic Viewing and Managing Quarantine.

Q.  Can I create an exception in Forefront Protection 2010 for Exchange Server to allow some users to accept certain attachment types if I have created a policy to block the same attachment types for all recipients?

A.  You cannot create block list exceptions for recipients in Forefront Protection 2010 for Exchange Server.  You can specify certain senders to bypass filters but not recipients.

Q.  Do message tracking logs specify which policy Forefront Protection 2010 for Exchange Server applied to the email that was quarantined/rejected/deleted? For example: I have written a rule that will quarantine email if the message contains any objectionable words. If a message is quarantined, does the message tracking log show me the rule that caused the message to be quarantined?
 
A.  Any action taken by Forefront Protection 2010 for Exchange Server – including keyword filters – will be noted in the Incidents UI in the FPE console.  Enable FPE Content filter incident logging in Advanced options to display those incidents in the Incidents pane in the UI as it is not enabled by default. The only actions that could possibly be taken by FPE that would not be logged to the Incidents pane are DNSBL rejections.  You would need to review the FSEAgent log for those events. To find out more about the Incidents UI, see the Viewing Incidents topic.




Q.  Is it possible to schedule reports in Forefront Protection 2010 for Exchange Server? 

A.  No. You cannot schedule reports in Forefront Protection 2010 for Exchange Server.  However, if you use FPSMC (web based management console) to manage your FPE servers, you can schedule reports there.

Q. Exchange Server 2010's Edge Transport edge transport server role uses ADLDS to validate recipients. Does Forefront use the same functionality?
 
A. Forefront Protection 2010 for Exchange Server does not have its own feature regarding validating recipients. You can enable “Only accept messages to valid recipients from the GAL” in FPE under recipient filtering, and this results in enabling the Exchange recipient filtering feature. Forefront does not perform the validation itself.

Q.  If I add an IP address to the IP allow list for FPE 2010, does it not add it to the IP address allow list for the Edge Transport filter?
 
A.  If you add an IP address to the IP allow list in Forefront Protection 2010 for Exchange Server, you are actually adding it to the Exchange IP allow list, which is handled by the Exchange Connection Filtering Agent.  Essentially you are managing the entries with FPE, but they are still being performed by Exchange agents and not Forefront agents.  All entries present in the FPE UI for Block\Allow lists are also present in Exchange’s Block\Allow lists.

Q.  How do Edge Transport server role filters and Forefront Protection 2010 for Exchange Server work when installed on the same server?
 
A.  When Forefront Protection 2010 for Exchange Server is installed on an Edge Transport server, FPE antispam features are enabled by default.  This is not the case on Hub Transport servers, where you are asked to opt-in during the installation or enable FPE filtering later.  Once installed on an Edge Transport server, FPE installs antispam agents (that perform connection filtering, content filtering, and so on). The Exchange content filter is disabled when Forefront’s content filter is enabled as they cannot run in tandem.

Q.  If I have created both Forefront Protection 2010 for Exchange Server filter lists and Exchange Transport rules, which has priority? 

A.  If you create a filter list in Forefront Protection 2010 for Exchange Server and an Exchange transport rule that perform the same action, the FPE filter list has priority, because it fires before the transport rule. Transport rules fire on the “OnRoutedMessage” event, and the FPE filter lists, which are handled by the FSERoutingAgent, fire on the “OnSubmittedMessage” event, which is processed first.  Therefore, if you have an FPE file filter and a transport rule both configured to remove a specific attachment, FPE removes it.