Forefront Server Security TechCenter >
Forefront Server Security Forums
>
Antigen
>
Antigen best practices
Antigen best practices
- Hello,
We use Antigen 9.1 1097 with the default installation. What are the Best Practices to tune Antigen (how many scanners, BIAS settings etc.) . We see for example 100% CPU on Antigen services and got "messages exceed internet timeout".
Thanks
Answers
- Hi IEF,
Our Best Practices Guide should give you some good pointers. In particular, look at the following settings:
o # engines enabled (per scanjob) - even reducing this to 3 or 4 gives you a high level of protection;
o Engine Bias - I would advise setting this to 'Max Certainty', 'Favor Certainty', or 'Neutral', in conjunction with 3 or 4 enabled engines. 'Neutral' will be the most efficient of the 3 settings;
o 'Realtime Process Count' and 'Internet Process Count' - these are found under SETTINGS>General Options and are set to 2 by default. If you have previously raised these any higher, I would consider moving them back to 2. This gives Antigen 2 channels to talk to Exchange with / to scan messages, per Storage Group and for the SMTP scanjob;
o If you are using RBL servers and can determine that lookups are taking a long time to come back to Antigen, consider disabling 1 or more of these;
o If 'Perform Reverse DNS Lookup' (under SETTINGS>General Options) is enabled at all, consider disabling it ('Disable All'), again if you can determine that lookups are taking a long time to come back to Antigen.
If you feel you have optimised your settings and are still receiving timeouts while scanning messages, I would advise you to open a Support Case with CSS (Customer Service and Support).
Kind Regards,
Andy Day
CSS Security, Sr. Support Engineer (Antigen/Forefront Server Security)- Marked As Answer byNick Gu - MSFTMSFT, ModeratorWednesday, June 10, 2009 9:39 AM
All Replies
- Hi IEF,
Our Best Practices Guide should give you some good pointers. In particular, look at the following settings:
o # engines enabled (per scanjob) - even reducing this to 3 or 4 gives you a high level of protection;
o Engine Bias - I would advise setting this to 'Max Certainty', 'Favor Certainty', or 'Neutral', in conjunction with 3 or 4 enabled engines. 'Neutral' will be the most efficient of the 3 settings;
o 'Realtime Process Count' and 'Internet Process Count' - these are found under SETTINGS>General Options and are set to 2 by default. If you have previously raised these any higher, I would consider moving them back to 2. This gives Antigen 2 channels to talk to Exchange with / to scan messages, per Storage Group and for the SMTP scanjob;
o If you are using RBL servers and can determine that lookups are taking a long time to come back to Antigen, consider disabling 1 or more of these;
o If 'Perform Reverse DNS Lookup' (under SETTINGS>General Options) is enabled at all, consider disabling it ('Disable All'), again if you can determine that lookups are taking a long time to come back to Antigen.
If you feel you have optimised your settings and are still receiving timeouts while scanning messages, I would advise you to open a Support Case with CSS (Customer Service and Support).
Kind Regards,
Andy Day
CSS Security, Sr. Support Engineer (Antigen/Forefront Server Security)- Marked As Answer byNick Gu - MSFTMSFT, ModeratorWednesday, June 10, 2009 9:39 AM
- Thanks for the information
