Introduction to Forefront Security For SharePoint

Why Implement ForeFront with your SharePoint environment?
Implementing ForeFront within your SharePoint environment has several purposes. Most evident, and apparent within initial deployment, is to harden your SharePoint environment since it will begin to accumulate several business process within an arbitrary organization. Since several processes will be automated or reinvented with the introduction of SharePoint into your corporate environment, so it is best to implement complimentary software that will help you mitigate these threats to reduce risks to your communications and collaboration platforms.
There are several portions that make up the FSSP framework:
  • Client
  • Service
  • Central Manager
  • Quarantine Manager
  • ForeFront Web Parts
What is the real purpose of ForeFront then?
Although there are several portions that create the ForeFront framework, the clearest purpose of ForeFront is to clean your content repositories or malicious content to prevent system downtime on your server or on your client machines tied into your SharePoint environment. It works similar to several AV engines, using proactive scanning mechanisms to ensure content filtering and document quarantine and progressive cleaning leveraging multiple engines. The most powerful, and useful, scanning features is managed scanning of your SharePoint document libraries, through both realtime protection, and on-demand routines. This scanning extends to sister server platforms, allowing ForeFront to work with your Microsoft exchange environment as well. The WebParts are somewhat negligible, allowing views into current cleaning metrics, but the real power of ForeFront is the management of documents infected with malware within your repositories.

Installing Antigen Into A SharePoint Environment

As SharePoint becomes an industry standard for collaboration and communications platforms, playing roles for project management and business critical application hosting, securing the platform becomes increasingly important across the enterprise.

Through the remainder of this guide, I will be showing you to deploy Antigen in a siloed single server SharePoint environment providing an extra layer of hardening into the overall architecture.

Grapping the Antigen installation package is usually a downloadable process, you can get an evaluation if you would like to first test it out.

The minimum requirements to run Antigen are:

  • Windows 2003 Server or Windows 2003 for Small Business Servers
  • MS Windows SharePoint Services 2003 or SharePoint Portal Server 2003
  • 64 MB of Available Memory
  • 100 MB of Available Disk Space
  • Intel Processor

Once you have the installation package, you have to unzip the files, I unzipped my package to:


Once finished, you should have a total of 361 files that are unzipped, we have to navigate to the drive to start the installation.

Once you have unzipped the package, you will get the following folder structure below. Select the setup.exe to begin the installation.

Once you launch the setup file, you will be brought to a splash screen while the installation process loads and unpackages the required files.

Once unpackaged, you will be brought to the first setup page. Since we are installing on a server, there shouldn’t be any unneccesary process running, if so shut them down so we don’t interfere with the engine installation.

The next page is a standard Microsoft license, so just click through.

Following, put your Microsoft EA or user information that you used when installing SharePoint.

You can install Antigen remotely, or you can install it on the box you are running the setup on. I am installing it on my SharePoint development machine, so I am going to select local installation. If you choose remote installation, you will have to fill in the required information for connectivity to the remote machine.

Antigen includes several Windows applications, which can be used to manage the Antigen environment. I am installing on a server, so I want the tools as well as the server package, so I will select “Server – Admin console and scanner componets.” At a later date it makes sense to install the client on a machine that you would typically admin SharePoint from.
Preventing malware is all about staying updated, so on the next screen you can set the install to query Sybari’s servers for the latest updated information (highly recommended).

The next screen will just allow you to define the location of where you want the package to go.

The next screen will walk you through the standard shortcuts available.
Similiar to the setup of SharePoint, you will have to define a domain account. It is typical to have a SharePoint service account already setup for remote database access, so it is recommended in this portion to use that account. I am just going to use the administrator account since my server is siloed from everything else in my environment.

Next, your installation will begin!

Now that you have it installed, you can start configuring it.