Forefront Security for SharePoint SP1 Available Now
This is an announcement about the availability of SP1 (Service Pack 1) of Forefront Security for SharePoint, not to be confused with Windows SharePoint Services 3.0 SP1 or Office SharePoint Server 2007 SP1 which will be released at a later date.
Forefront Security for SharePoint Service Pack 1 shipped on July 31st and is available in 11 supported languages (English, French, German, Italian, Japanese, Korean, Chinese (Simplified), Chinese (Traditional), Brazilian Portuguese, Spanish, and Russian). Forefront Security for SharePoint integrates multiple scan engines from industry-leading vendors and content controls to help businesses protect their Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content. Through deep integration with MOSS 2007 and WSS 3.0, Forefront Security for SharePoint helps protect your collaboration environments while maintaining uptime and optimizing performance. Forefront Security for SharePoint also enables administrators to easily manage product configuration, operation, automated antivirus signature updates and reporting at the server and enterprise levels.
The new Forefront Security for SharePoint SP1 provides an improved user experience by addressing critical deployment blockers that customers are facing today with the RTM version of Forefront Security for SharePoint.
Service Pack 1 contains the following features/fixes:
1. Impersonation Fix
Forefront only gives certain groups permission to access the Forefront registry. The accounts used to run the SharePoint application pools are in one of these groups. There is a bug in SharePoint which sometimes results in the worker process impersonating SharePoint’s regular users, instead of the accounts from the application pools. The regular users do not have permission to access the Forefront registry and as a result, Forefront’s VSAPI hooking dll Initialize will fail. When this happens, all the files will be marked as infected with “” virus.
The fix included in this build will ensure that Forefront will impersonate the SharePoint application pool credentials to run the process, and then revert back to the original user credentials before returning the call. If the user has SharePoint’s fix for this problem, the Forefront patch will be redundant and not used.
2. File Size Fix
The maximum file size is supposed to be 2GB, but the RTM version released restricted the maximum size to 128Mb. The Service Pack has the fix to allow files up to 2GB.
3. Manual Scan Fix
Currently, Manual scan can no longer disable VSAPI scanning, thus triggering a Real-time scan instead. This causes a number of problems – the store cannot be cleaned effectively, content that is flagged as infected cannot be retrieved and cleaned, and content filtering cannot be applied. The fix will allow manual scan to disable VSAPI so that it is able to scan and clean content effectively.
4. Crash Fix
Changes to the SharePoint Central Administration’s AV settings sometimes causes SharePoint to crash, leaving the system in a bad state. The user will then have to manually recycle services to set the system right. This fix for this is included in this release.
5. Non-ASCII Keyword Filtering Fix
Non-ASCII keywords were not being detected in Office 2007 documents. The fix will ensure that non-ASCII keywords will be correctly detected in Office 2007 documents.
6. Added Soft Block for Installing FSSP on a Box that has Exchange
Forefront Security for SharePoint does not support having Exchange Server installed on the same server. The product will install, but not operate properly, thus creating a supportability issue. To address this, the user will be shown a message informing them that installing FSSP on a server containing Exchange is not a supported scenario as it could cause adverse side effects. At the same time, it will ask the user whether they wish to continue with the installation.
7. STSADM Fix
The STSAdm utility would hang on an Import or export because Forefront was not releasing threads in a manner which STSADM was able to handle properly. We have since fixed this to ensure that the threads are released in a proper manner. As part of this fix we changed the default behavior of our setup to create the LegacyScanAccount key. This key has to be created and set to allow the scanning processes to run as ‘System’, instead of “Network Service” . The issue is that, when our scanning processes run as “Network Service”, Forefront does not have the permissions to scan files presented by 3rd party applications, like STSADM. This results in “Access denied” errors being generated when the external application tries to communicate with Forefront. When the key is set, the scanning processes will run as “System”, thus providing Forefront with the privileges necessary to scan the files from 3rd party applications. The key, which has to be created under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Server Security\SharePoint, will be created during install so as to ensure that customers do not face any additional issues with the STSAdm utility.
8. Removed CA InoculateIT Engine due to CA Engine Consolidation
Computer Associates (CA) recently combined the CA InoculateIT and the CA Vet engines into one engine. As a result, CA will no longer offer support for the CA InoculateIT engine.
Download Forefront Security for SharePoint with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=E06453B8-B2DD-4177-969C-2F89AA841E11
Installation Instructions
1) Install the SharePoint hotfix package found in KB936867 or later as a pre-requisite to the Forefront Security for SharePoint with SP1 release.
2) Stop all, if any of the follow services are currently running on the server:
a. MOM
b. Perfmon
c. Eventvwr
d. SPTimer
This will help prevent a reboot at the end of the upgrade.
3) Run the Forefront Security for SharePoint Setup package.
4) At the end of setup process, restart any services that you have stopped in Step 2.
Additional Resources:
Forefront Security for SharePoint Website
http://www.microsoft.com/forefront/serversecurity/sharepoint/default.mspx
Forefront Server Security Blog
http://blogs.technet.com/FSS/
Forefront Server Security Forums
Please post any product questions on the Forefront Security Forum:
http://forums.microsoft.com/forefront/default.aspx?siteid=41
Contact the Microsoft Product Support Services for further assistance at
http://support.microsoft.com/oas/default.aspx?gprid=12303
